Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Restrict 5050 to noc01 and noc02.

Browse source
This commit is contained in:
Ralph Bean 2015-11-22 02:30:55 +00:00
parent d977e90e6c
commit fe9d322805
2 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
inventory/group_vars/value
View file

@ -7,13 +7,19 @@ num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 80, 443, 5050,
tcp_ports: [ 80, 443,
# These 16 ports are used by fedmsg. One for each wsgi thread.
3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
# Needed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
custom_rules: [
# Needed for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here
'-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
]
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-mote

12
inventory/group_vars/value-stg
View file

@ -7,13 +7,19 @@ num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 80, 443, 5050,
tcp_ports: [ 80, 443,
# These 16 ports are used by fedmsg. One for each wsgi thread.
3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
custom_rules: [
# Neeed for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here
'-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
]
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-mote