iptables: clean up osbuild and add a external block set scaffolding

Setup osbuild so it only needs to exist on the specific builders in the osbuild channel, not all builders. Also, setup things so we can add a blocklist that will block external subnets/ip's if we need to do so. Currently it should just be an empty set, but we can implement it as needed/desired starting with the ips we already were blocking on just some hosts. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-06-26 12:38:37 -07:00 · 2023-06-26 12:38:37 -07:00 · 679f7f6f16
commit 679f7f6f16
parent 7c6fe8c5b8
13 changed files with 81 additions and 7 deletions
--- a/inventory/host_vars/ns01.iad2.fedoraproject.org
+++ b/inventory/host_vars/ns01.iad2.fedoraproject.org
@ -2,6 +2,10 @@
 datacenter: iad2
 eth0_ipv4_gw: 10.3.163.254
 eth0_ipv4_ip: 10.3.163.33
+#
+# This host is externally reachable
+#
+external: true
 ks_repo: http://38.145.60.16/repo/rhel/RHEL9-x86_64/
 ks_url: http://38.145.60.16/repo/rhel/ks/kvm-rhel
 vmhost: vmhost-x86-01.iad2.fedoraproject.org
--- a/inventory/host_vars/ns02.iad2.fedoraproject.org
+++ b/inventory/host_vars/ns02.iad2.fedoraproject.org
@ -2,6 +2,10 @@
 datacenter: iad2
 eth0_ipv4_gw: 10.3.163.254
 eth0_ipv4_ip: 10.3.163.34
+#
+# This host is externally reachable
+#
+external: true
 ks_repo: http://38.145.60.16/repo/rhel/RHEL9-x86_64/
 ks_url: http://38.145.60.16/repo/rhel/ks/kvm-rhel
 vmhost: vmhost-x86-02.iad2.fedoraproject.org
--- a/inventory/host_vars/proxy01.iad2.fedoraproject.org
+++ b/inventory/host_vars/proxy01.iad2.fedoraproject.org
@ -7,6 +7,10 @@ dns_search2: "vpn.fedoraproject.org"
 dns_search3: "fedoraproject.org"
 eth0_ipv4: 10.3.163.74
 eth0_ipv4_gw: 10.3.163.254
+#
+# This host is externally reachable
+#
+external: true
 freezes: true
 has_ipv4: yes
 ks_repo: http://10.3.163.35/pub/fedora/linux/releases/38/Server/x86_64/os/
--- a/inventory/host_vars/proxy10.iad2.fedoraproject.org
+++ b/inventory/host_vars/proxy10.iad2.fedoraproject.org
@ -7,6 +7,10 @@ dns_search2: "vpn.fedoraproject.org"
 dns_search3: "fedoraproject.org"
 eth0_ipv4: 10.3.163.75
 eth0_ipv4_gw: 10.3.163.254
+#
+# This host is externally reachable
+#
+external: true
 freezes: true
 has_ipv4: yes
 ks_repo: http://10.3.163.35/pub/fedora/linux/releases/38/Server/x86_64/os/
--- a/inventory/host_vars/secondary01.iad2.fedoraproject.org
+++ b/inventory/host_vars/secondary01.iad2.fedoraproject.org
@ -2,6 +2,10 @@
 datacenter: iad2
 eth0_ipv4_gw: 10.3.163.254
 eth0_ipv4_ip: 10.3.163.86
+#
+# This host is externally reachable
+#
+external: true
 ks_repo: http://10.3.163.35/repo/rhel/RHEL8-x86_64/
 ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-8-iad2
 lvm_size: 40000