Re: Freeze break request: add rsync for httpd logs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Reviewed. +1.


On 14 May 2013 10:45, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
So, first freeze break request. ;)

I added a number of applications to have log02 pull httpd logs from,
but some of them do not have rsync installed, so pulling logs from them
is failing. I'd like to have them include rsync::server (which by
default only exposes logs to log02 for rsync) and allow that in
firewalls.

It's not urgent, but it would be nice to start collecting these sooner
rather than later.

kevin
--
diff --git a/manifests/nodes/ask01.phx2.fedoraproject.org.pp b/manifests/nodes/ask01.phx2.fedoraproject.org.pp
index 8a24a68..b85905c 100644
--- a/manifests/nodes/ask01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/ask01.phx2.fedoraproject.org.pp
@@ -17,7 +17,9 @@ node "ask01.phx2.fedoraproject.org" {
   }

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80 ]
+    tcpPorts => [ 80 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }

   collectd::collectd { 'log02': }
diff --git a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
index e1abad9..661f5ac 100644
--- a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
@@ -16,7 +16,9 @@ node "ask01.stg.phx2.fedoraproject.org" {
   }

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80, 443, 8888 ]
+    tcpPorts => [ 80, 443, 8888 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }
 }

diff --git a/manifests/nodes/ask02.phx2.fedoraproject.org.pp b/manifests/nodes/ask02.phx2.fedoraproject.org.pp
index bf7b259..6df2054 100644
--- a/manifests/nodes/ask02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/ask02.phx2.fedoraproject.org.pp
@@ -17,7 +17,9 @@ node "ask02.phx2.fedoraproject.org" {
   }

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80 ]
+    tcpPorts => [ 80 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }

   collectd::collectd { 'log02': }
diff --git a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
index 6647b05..61cf44e 100644
--- a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
@@ -12,7 +12,9 @@ node "blockerbugs01.phx2.fedoraproject.org" {
   include blockerbugs::nobalance

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80, 443, 8888 ]
+    tcpPorts => [ 80, 443, 8888 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }
   # This points to db01
   host { 'db-blockerbugs':
diff --git a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
index a034e3d..aa7eb45 100644
--- a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
@@ -9,6 +9,8 @@ node "blockerbugs01.stg.phx2.fedoraproject.org" {
   include blockerbugs::nobalance

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80, 443, 8888 ]
+    tcpPorts => [ 80, 443, 8888 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }
 }
diff --git a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
index 61267e7..e558851 100644
--- a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
@@ -12,7 +12,9 @@ node "blockerbugs02.phx2.fedoraproject.org" {
 #  include blockerbugs::nobalance

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80, 443, 8888 ]
+    tcpPorts => [ 80, 443, 8888 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }
   # This points to db01
   host { 'db-blockerbugs':
diff --git a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
index 8198138..a2616d0 100644
--- a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
@@ -11,7 +11,9 @@ node "datagrepper01.phx2.fedoraproject.org" {
     include openvpn::client

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+    tcpPorts => [ 80, 443 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     host { 'db-for-datagrepper':
diff --git a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
index c81a938..78e8f8d 100644
--- a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
@@ -12,7 +12,9 @@ node "datagrepper01.stg.phx2.fedoraproject.org" {
     include datagrepper::app

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     host { 'db-for-datagrepper':
diff --git a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
index 4a7c423..84b45ec 100644
--- a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
@@ -11,7 +11,9 @@ node "datagrepper02.phx2.fedoraproject.org" {
     include openvpn::client

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     host { 'db-for-datagrepper':
diff --git a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
index 14168c2..9567cec 100644
--- a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "fedocal01.phx2.fedoraproject.org" {
     include fedocal::nobalance

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     # This points to db01
diff --git a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
index fd13777..3c6adf8 100644
--- a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
@@ -10,7 +10,9 @@ node "fedocal01.stg.phx2.fedoraproject.org" {
     include fedocal::nobalance

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     # This points to db02.stg
diff --git a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
index 090207c..d224fd1 100644
--- a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
@@ -10,7 +10,9 @@ node "fedocal02.phx2.fedoraproject.org" {
     #include fedocal::nobalance

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     # This points to db01
diff --git a/manifests/nodes/openid01.phx2.fedoraproject.org.pp b/manifests/nodes/openid01.phx2.fedoraproject.org.pp
index 8db2feb..94daf55 100644
--- a/manifests/nodes/openid01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/openid01.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "openid01.phx2.fedoraproject.org" {
     include openvpn::client

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     # This points to db-fas01
diff --git a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
index e3527ce..40386d5 100644
--- a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "openid01.stg.phx2.fedoraproject.org" {
     include fas-openid

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     # This points to db-fas01.stg
diff --git a/manifests/nodes/openid02.phx2.fedoraproject.org.pp b/manifests/nodes/openid02.phx2.fedoraproject.org.pp
index 3e95783..81142df 100644
--- a/manifests/nodes/openid02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/openid02.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "openid02.phx2.fedoraproject.org" {
     include openvpn::client

     iptables::firewall { 'ipv4':
-        tcpPorts => [ 80, 443 ]
+        tcpPorts => [ 80, 443 ],
+        custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
     }

     # This points to db-fas01
diff --git a/manifests/nodes/packages01.dev.fedoraproject.org.pp b/manifests/nodes/packages01.dev.fedoraproject.org.pp
index af87535..bb14b41 100644
--- a/manifests/nodes/packages01.dev.fedoraproject.org.pp
+++ b/manifests/nodes/packages01.dev.fedoraproject.org.pp
@@ -6,6 +6,8 @@ node "packages01.dev" {
   include httpd::mod_wsgi

   iptables::firewall { 'ipv4':
-      tcpPorts => [ 80, 443, 6996 ]
+      tcpPorts => [ 80, 443, 6996 ],
+      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }
 }
diff --git a/manifests/nodes/packages01.phx2.fedoraproject.org.pp b/manifests/nodes/packages01.phx2.fedoraproject.org.pp
index 39d9036..691c5ed 100644
--- a/manifests/nodes/packages01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/packages01.phx2.fedoraproject.org.pp
@@ -26,7 +26,9 @@ node "packages01" {
   }

   iptables::firewall { 'ipv4':
-      tcpPorts => [ 80, 443, 6996 ]
+      tcpPorts => [ 80, 443, 6996 ],
+      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }

   glusterfs::server::config { packages:
diff --git a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
index b0c2b9d..f96a4bd 100644
--- a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
@@ -25,6 +25,8 @@ node "packages01.stg" {
     netmask => '255.255.255.0',
   }
   iptables::firewall { 'ipv4':
-      tcpPorts => [ 80, 443, 6996 ]
+      tcpPorts => [ 80, 443, 6996 ],
+      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }
 }
diff --git a/manifests/nodes/packages02.phx2.fedoraproject.org.pp b/manifests/nodes/packages02.phx2.fedoraproject.org.pp
index f6a5441..a66358b 100644
--- a/manifests/nodes/packages02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/packages02.phx2.fedoraproject.org.pp
@@ -24,7 +24,9 @@ node "packages02" {
   }

   iptables::firewall { 'ipv4':
-      tcpPorts => [ 80, 443, 6996 ]
+      tcpPorts => [ 80, 443, 6996 ],
+      custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }

   glusterfs::server::config { packages:
diff --git a/manifests/nodes/paste01.phx2.fedoraproject.org.pp b/manifests/nodes/paste01.phx2.fedoraproject.org.pp
index 7708415..30d83e6 100644
--- a/manifests/nodes/paste01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/paste01.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "paste01.phx2.fedoraproject.org" {
   collectd::collectd { 'log02': }

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80, 443, 8888 ]
+    tcpPorts => [ 80, 443, 8888 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }

   selboolean { [
diff --git a/manifests/nodes/paste01.stg.fedoraproject.org.pp b/manifests/nodes/paste01.stg.fedoraproject.org.pp
index fa05ef1..ad861b5 100644
--- a/manifests/nodes/paste01.stg.fedoraproject.org.pp
+++ b/manifests/nodes/paste01.stg.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "paste01.stg.phx2.fedoraproject.org" {
   include sticky-notes

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80, 443, 8888 ]
+    tcpPorts => [ 80, 443, 8888 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }

   selboolean { [
diff --git a/manifests/nodes/paste02.phx2.fedoraproject.org.pp b/manifests/nodes/paste02.phx2.fedoraproject.org.pp
index 091e894..14d694c 100644
--- a/manifests/nodes/paste02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/paste02.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "paste02.phx2.fedoraproject.org" {
   collectd::collectd { 'log02': }

   iptables::firewall { 'ipv4':
-    tcpPorts => [ 80, 443, 8888 ]
+    tcpPorts => [ 80, 443, 8888 ],
+    custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+    ]
   }

   selboolean { [
diff --git a/modules/askbot/manifests/init.pp b/modules/askbot/manifests/init.pp
index 50bb7d2..98afdb0 100644
--- a/modules/askbot/manifests/init.pp
+++ b/modules/askbot/manifests/init.pp
@@ -1,5 +1,6 @@
 class askbot {
     include httpd::mod_wsgi
+    include rsync::server

     package { "askbot":
         ensure => installed,
diff --git a/modules/blockerbugs/manifests/init.pp b/modules/blockerbugs/manifests/init.pp
index c841ab4..2636819 100644
--- a/modules/blockerbugs/manifests/init.pp
+++ b/modules/blockerbugs/manifests/init.pp
@@ -19,6 +19,7 @@ class blockerbugs::app {

   include httpd::mod_wsgi
   include mod_ssl
+  include rsync::server

   selboolean { [
       "httpd_can_network_connect_db",
diff --git a/modules/datagrepper/manifests/init.pp b/modules/datagrepper/manifests/init.pp
index afc9b78..bbd10bc 100644
--- a/modules/datagrepper/manifests/init.pp
+++ b/modules/datagrepper/manifests/init.pp
@@ -19,6 +19,7 @@ class datagrepper::app {
     include httpd::mod_wsgi
     include httpd::mod_ssl
     include fedmsg::config
+    include rsync::server

     package { "datagrepper":
         ensure => present,
diff --git a/modules/fas-openid/manifests/init.pp b/modules/fas-openid/manifests/init.pp
index 7c48d0d..3409781 100644
--- a/modules/fas-openid/manifests/init.pp
+++ b/modules/fas-openid/manifests/init.pp
@@ -3,6 +3,7 @@ class fas-openid {
     include httpd::mod_ssl
     include httpd::mod_wsgi
     include hotfix::python-openid
+    include rsync::server

     selboolean { [
         "httpd_can_network_connect_db",
diff --git a/modules/fedocal/manifests/init.pp b/modules/fedocal/manifests/init.pp
index 6854c24..31809e5 100644
--- a/modules/fedocal/manifests/init.pp
+++ b/modules/fedocal/manifests/init.pp
@@ -2,6 +2,7 @@ class fedocal {
     include selinux-enforcing
     include httpd::mod_ssl
     include httpd::mod_wsgi
+    include rsync::server

     selboolean { [
         "httpd_can_network_connect_db",
diff --git a/modules/packages/manifests/init.pp b/modules/packages/manifests/init.pp
index ede4331..7b211a7 100644
--- a/modules/packages/manifests/init.pp
+++ b/modules/packages/manifests/init.pp
@@ -35,6 +35,7 @@ class fedoracommunity::tagger {
     include httpd::mod_wsgi
     include httpd::mod_ssl
     include fedmsg::config
+    include rsync::server
     fedmsg::certificate { "fedoratagger":
         service => "fedoratagger",
         group => "fedoratagger",
diff --git a/modules/sticky-notes/manifests/init.pp b/modules/sticky-notes/manifests/init.pp
index ed78bf2..6fd8f71 100644
--- a/modules/sticky-notes/manifests/init.pp
+++ b/modules/sticky-notes/manifests/init.pp
@@ -1,6 +1,7 @@
 class sticky-notes {
   include httpd::base
   include httpd::php
+  include rsync::server

   package { "sticky-notes":
        ensure => installed,

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure



--
Stephen J Smoogen.

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux