Re: Freeze break request: add rsync for httpd logs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 14 May 2013 10:45:18 -0600
Kevin Fenzi <kevin@xxxxxxxxx> wrote:

> So, first freeze break request. ;) 
> 
> I added a number of applications to have log02 pull httpd logs from,
> but some of them do not have rsync installed, so pulling logs from
> them is failing. I'd like to have them include rsync::server (which by
> default only exposes logs to log02 for rsync) and allow that in
> firewalls.
> 
> It's not urgent, but it would be nice to start collecting these sooner
> rather than later. 
> 
> kevin
> --
> diff --git a/manifests/nodes/ask01.phx2.fedoraproject.org.pp
> b/manifests/nodes/ask01.phx2.fedoraproject.org.pp index
> 8a24a68..b85905c 100644 ---
> a/manifests/nodes/ask01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/ask01.phx2.fedoraproject.org.pp @@ -17,7 +17,9 @@
> node "ask01.phx2.fedoraproject.org" { }
>  
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80 ]
> +    tcpPorts => [ 80 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  
>    collectd::collectd { 'log02': }
> diff --git a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp index
> e1abad9..661f5ac 100644 ---
> a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp @@ -16,7 +16,9
> @@ node "ask01.stg.phx2.fedoraproject.org" { }
>    
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80, 443, 8888 ]
> +    tcpPorts => [ 80, 443, 8888 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT", 
> +    ]
>    }
>  }
>              
> diff --git a/manifests/nodes/ask02.phx2.fedoraproject.org.pp
> b/manifests/nodes/ask02.phx2.fedoraproject.org.pp index
> bf7b259..6df2054 100644 ---
> a/manifests/nodes/ask02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/ask02.phx2.fedoraproject.org.pp @@ -17,7 +17,9 @@
> node "ask02.phx2.fedoraproject.org" { }
>  
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80 ]
> +    tcpPorts => [ 80 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT", 
> +    ]
>    }
>  
>    collectd::collectd { 'log02': }
> diff --git a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
> b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp index
> 6647b05..61cf44e 100644 ---
> a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp @@ -12,7
> +12,9 @@ node "blockerbugs01.phx2.fedoraproject.org" { include
> blockerbugs::nobalance 
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80, 443, 8888 ]
> +    tcpPorts => [ 80, 443, 8888 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT", 
> +    ]
>    }
>    # This points to db01
>    host { 'db-blockerbugs':
> diff --git
> a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp index
> a034e3d..aa7eb45 100644 ---
> a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp @@ -9,6
> +9,8 @@ node "blockerbugs01.stg.phx2.fedoraproject.org" { include
> blockerbugs::nobalance iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80, 443, 8888 ]
> +    tcpPorts => [ 80, 443, 8888 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT", 
> +    ]
>    }
>  }
> diff --git a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
> b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp index
> 61267e7..e558851 100644 ---
> a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp @@ -12,7
> +12,9 @@ node "blockerbugs02.phx2.fedoraproject.org" { #  include
> blockerbugs::nobalance 
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80, 443, 8888 ]
> +    tcpPorts => [ 80, 443, 8888 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT", 
> +    ]
>    }
>    # This points to db01
>    host { 'db-blockerbugs':
> diff --git a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
> b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp index
> 8198138..a2616d0 100644 ---
> a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp @@ -11,7
> +11,9 @@ node "datagrepper01.phx2.fedoraproject.org" { include
> openvpn::client 
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +    tcpPorts => [ 80, 443 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT", 
> +    ]
>      }
>  
>      host { 'db-for-datagrepper':
> diff --git
> a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp index
> c81a938..78e8f8d 100644 ---
> a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp @@
> -12,7 +12,9 @@ node
> "datagrepper01.stg.phx2.fedoraproject.org" { include datagrepper::app
> iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT", 
> +    ]
>      }
>  
>      host { 'db-for-datagrepper':
> diff --git a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
> b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp index
> 4a7c423..84b45ec 100644 ---
> a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp @@ -11,7
> +11,9 @@ node "datagrepper02.phx2.fedoraproject.org" { include
> openvpn::client 
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT", 
> +    ]
>      }
>  
>      host { 'db-for-datagrepper':
> diff --git a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
> b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp index
> 14168c2..9567cec 100644 ---
> a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "fedocal01.phx2.fedoraproject.org" { include fedocal::nobalance
>  
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> +    ]
>      }
>  
>      # This points to db01
> diff --git a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp index
> fd13777..3c6adf8 100644 ---
> a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp @@ -10,7
> +10,9 @@ node "fedocal01.stg.phx2.fedoraproject.org" { include
> fedocal::nobalance 
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> +    ]
>      }
>  
>      # This points to db02.stg
> diff --git a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
> b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp index
> 090207c..d224fd1 100644 ---
> a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp @@ -10,7 +10,9
> @@ node "fedocal02.phx2.fedoraproject.org" { #include
> fedocal::nobalance 
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> +    ]
>      }
>  
>      # This points to db01
> diff --git a/manifests/nodes/openid01.phx2.fedoraproject.org.pp
> b/manifests/nodes/openid01.phx2.fedoraproject.org.pp index
> 8db2feb..94daf55 100644 ---
> a/manifests/nodes/openid01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/openid01.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "openid01.phx2.fedoraproject.org" { include openvpn::client
>  
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT", 
> +    ]
>      }
>  
>      # This points to db-fas01
> diff --git a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp index
> e3527ce..40386d5 100644 ---
> a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp @@ -9,7 +9,9
> @@ node "openid01.stg.phx2.fedoraproject.org" { include fas-openid
>  
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> +    ]
>      }
>  
>      # This points to db-fas01.stg
> diff --git a/manifests/nodes/openid02.phx2.fedoraproject.org.pp
> b/manifests/nodes/openid02.phx2.fedoraproject.org.pp index
> 3e95783..81142df 100644 ---
> a/manifests/nodes/openid02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/openid02.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "openid02.phx2.fedoraproject.org" { include openvpn::client
>  
>      iptables::firewall { 'ipv4':
> -        tcpPorts => [ 80, 443 ]
> +        tcpPorts => [ 80, 443 ],
> +        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> +    ]
>      }
>  
>      # This points to db-fas01
> diff --git a/manifests/nodes/packages01.dev.fedoraproject.org.pp
> b/manifests/nodes/packages01.dev.fedoraproject.org.pp index
> af87535..bb14b41 100644 ---
> a/manifests/nodes/packages01.dev.fedoraproject.org.pp +++
> b/manifests/nodes/packages01.dev.fedoraproject.org.pp @@ -6,6 +6,8 @@
> node "packages01.dev" { include httpd::mod_wsgi
>  
>    iptables::firewall { 'ipv4':
> -      tcpPorts => [ 80, 443, 6996 ]
> +      tcpPorts => [ 80, 443, 6996 ],
> +      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  }
> diff --git a/manifests/nodes/packages01.phx2.fedoraproject.org.pp
> b/manifests/nodes/packages01.phx2.fedoraproject.org.pp index
> 39d9036..691c5ed 100644 ---
> a/manifests/nodes/packages01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/packages01.phx2.fedoraproject.org.pp @@ -26,7 +26,9
> @@ node "packages01" { }
>  
>    iptables::firewall { 'ipv4':
> -      tcpPorts => [ 80, 443, 6996 ]
> +      tcpPorts => [ 80, 443, 6996 ],
> +      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  
>    glusterfs::server::config { packages:
> diff --git a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp index
> b0c2b9d..f96a4bd 100644 ---
> a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp @@ -25,6
> +25,8 @@ node "packages01.stg" { netmask => '255.255.255.0',
>    }
>    iptables::firewall { 'ipv4':
> -      tcpPorts => [ 80, 443, 6996 ]
> +      tcpPorts => [ 80, 443, 6996 ],
> +      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  }
> diff --git a/manifests/nodes/packages02.phx2.fedoraproject.org.pp
> b/manifests/nodes/packages02.phx2.fedoraproject.org.pp index
> f6a5441..a66358b 100644 ---
> a/manifests/nodes/packages02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/packages02.phx2.fedoraproject.org.pp @@ -24,7 +24,9
> @@ node "packages02" { }
>  
>    iptables::firewall { 'ipv4':
> -      tcpPorts => [ 80, 443, 6996 ]
> +      tcpPorts => [ 80, 443, 6996 ],
> +      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  
>    glusterfs::server::config { packages:
> diff --git a/manifests/nodes/paste01.phx2.fedoraproject.org.pp
> b/manifests/nodes/paste01.phx2.fedoraproject.org.pp index
> 7708415..30d83e6 100644 ---
> a/manifests/nodes/paste01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/paste01.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "paste01.phx2.fedoraproject.org" { collectd::collectd
> { 'log02': } 
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80, 443, 8888 ]
> +    tcpPorts => [ 80, 443, 8888 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  
>    selboolean { [
> diff --git a/manifests/nodes/paste01.stg.fedoraproject.org.pp
> b/manifests/nodes/paste01.stg.fedoraproject.org.pp index
> fa05ef1..ad861b5 100644 ---
> a/manifests/nodes/paste01.stg.fedoraproject.org.pp +++
> b/manifests/nodes/paste01.stg.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "paste01.stg.phx2.fedoraproject.org" { include sticky-notes
>  
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80, 443, 8888 ]
> +    tcpPorts => [ 80, 443, 8888 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  
>    selboolean { [
> diff --git a/manifests/nodes/paste02.phx2.fedoraproject.org.pp
> b/manifests/nodes/paste02.phx2.fedoraproject.org.pp index
> 091e894..14d694c 100644 ---
> a/manifests/nodes/paste02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/paste02.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "paste02.phx2.fedoraproject.org" { collectd::collectd
> { 'log02': } 
>    iptables::firewall { 'ipv4':
> -    tcpPorts => [ 80, 443, 8888 ]
> +    tcpPorts => [ 80, 443, 8888 ],
> +    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> +    ]
>    }
>  
>    selboolean { [
> diff --git a/modules/askbot/manifests/init.pp
> b/modules/askbot/manifests/init.pp index 50bb7d2..98afdb0 100644
> --- a/modules/askbot/manifests/init.pp
> +++ b/modules/askbot/manifests/init.pp
> @@ -1,5 +1,6 @@
>  class askbot {
>      include httpd::mod_wsgi
> +    include rsync::server
>  
>      package { "askbot":
>          ensure => installed,
> diff --git a/modules/blockerbugs/manifests/init.pp
> b/modules/blockerbugs/manifests/init.pp index c841ab4..2636819 100644
> --- a/modules/blockerbugs/manifests/init.pp
> +++ b/modules/blockerbugs/manifests/init.pp
> @@ -19,6 +19,7 @@ class blockerbugs::app {
>  
>    include httpd::mod_wsgi
>    include mod_ssl
> +  include rsync::server
>  
>    selboolean { [
>        "httpd_can_network_connect_db",
> diff --git a/modules/datagrepper/manifests/init.pp
> b/modules/datagrepper/manifests/init.pp index afc9b78..bbd10bc 100644
> --- a/modules/datagrepper/manifests/init.pp
> +++ b/modules/datagrepper/manifests/init.pp
> @@ -19,6 +19,7 @@ class datagrepper::app {
>      include httpd::mod_wsgi
>      include httpd::mod_ssl
>      include fedmsg::config
> +    include rsync::server
>  
>      package { "datagrepper":
>          ensure => present,
> diff --git a/modules/fas-openid/manifests/init.pp
> b/modules/fas-openid/manifests/init.pp index 7c48d0d..3409781 100644
> --- a/modules/fas-openid/manifests/init.pp
> +++ b/modules/fas-openid/manifests/init.pp
> @@ -3,6 +3,7 @@ class fas-openid {
>      include httpd::mod_ssl
>      include httpd::mod_wsgi
>      include hotfix::python-openid
> +    include rsync::server
>  
>      selboolean { [
>          "httpd_can_network_connect_db",
> diff --git a/modules/fedocal/manifests/init.pp
> b/modules/fedocal/manifests/init.pp index 6854c24..31809e5 100644
> --- a/modules/fedocal/manifests/init.pp
> +++ b/modules/fedocal/manifests/init.pp
> @@ -2,6 +2,7 @@ class fedocal {
>      include selinux-enforcing
>      include httpd::mod_ssl
>      include httpd::mod_wsgi
> +    include rsync::server
>  
>      selboolean { [
>          "httpd_can_network_connect_db",
> diff --git a/modules/packages/manifests/init.pp
> b/modules/packages/manifests/init.pp index ede4331..7b211a7 100644
> --- a/modules/packages/manifests/init.pp
> +++ b/modules/packages/manifests/init.pp
> @@ -35,6 +35,7 @@ class fedoracommunity::tagger {
>      include httpd::mod_wsgi
>      include httpd::mod_ssl
>      include fedmsg::config
> +    include rsync::server
>      fedmsg::certificate { "fedoratagger":
>          service => "fedoratagger",
>          group => "fedoratagger",
> diff --git a/modules/sticky-notes/manifests/init.pp
> b/modules/sticky-notes/manifests/init.pp index ed78bf2..6fd8f71 100644
> --- a/modules/sticky-notes/manifests/init.pp
> +++ b/modules/sticky-notes/manifests/init.pp
> @@ -1,6 +1,7 @@
>  class sticky-notes {
>    include httpd::base
>    include httpd::php
> +  include rsync::server
>  
>    package { "sticky-notes":
>         ensure => installed,


+1

-sv

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux