Reviewed. +1.
On 14 May 2013 10:45, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
So, first freeze break request. ;)
I added a number of applications to have log02 pull httpd logs from,
but some of them do not have rsync installed, so pulling logs from them
is failing. I'd like to have them include rsync::server (which by
default only exposes logs to log02 for rsync) and allow that in
firewalls.
It's not urgent, but it would be nice to start collecting these sooner
rather than later.
kevin
--
diff --git a/manifests/nodes/ask01.phx2.fedoraproject.org.pp b/manifests/nodes/ask01.phx2.fedoraproject.org.pp
index 8a24a68..b85905c 100644
--- a/manifests/nodes/ask01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/ask01.phx2.fedoraproject.org.pp
@@ -17,7 +17,9 @@ node "ask01.phx2.fedoraproject.org" {
}
iptables::firewall { 'ipv4':
- tcpPorts => [ 80 ]
+ tcpPorts => [ 80 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
collectd::collectd { 'log02': }
diff --git a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
index e1abad9..661f5ac 100644
--- a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
@@ -16,7 +16,9 @@ node "ask01.stg.phx2.fedoraproject.org" {
}
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 8888 ]
+ tcpPorts => [ 80, 443, 8888 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
}
diff --git a/manifests/nodes/ask02.phx2.fedoraproject.org.pp b/manifests/nodes/ask02.phx2.fedoraproject.org.pp
index bf7b259..6df2054 100644
--- a/manifests/nodes/ask02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/ask02.phx2.fedoraproject.org.pp
@@ -17,7 +17,9 @@ node "ask02.phx2.fedoraproject.org" {
}
iptables::firewall { 'ipv4':
- tcpPorts => [ 80 ]
+ tcpPorts => [ 80 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
collectd::collectd { 'log02': }
diff --git a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
index 6647b05..61cf44e 100644
--- a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
@@ -12,7 +12,9 @@ node "blockerbugs01.phx2.fedoraproject.org" {
include blockerbugs::nobalance
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 8888 ]
+ tcpPorts => [ 80, 443, 8888 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db01
host { 'db-blockerbugs':
diff --git a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
index a034e3d..aa7eb45 100644
--- a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
@@ -9,6 +9,8 @@ node "blockerbugs01.stg.phx2.fedoraproject.org" {
include blockerbugs::nobalance
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 8888 ]
+ tcpPorts => [ 80, 443, 8888 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
}
diff --git a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
index 61267e7..e558851 100644
--- a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
@@ -12,7 +12,9 @@ node "blockerbugs02.phx2.fedoraproject.org" {
# include blockerbugs::nobalance
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 8888 ]
+ tcpPorts => [ 80, 443, 8888 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db01
host { 'db-blockerbugs':
diff --git a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
index 8198138..a2616d0 100644
--- a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
@@ -11,7 +11,9 @@ node "datagrepper01.phx2.fedoraproject.org" {
include openvpn::client
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
host { 'db-for-datagrepper':
diff --git a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
index c81a938..78e8f8d 100644
--- a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
@@ -12,7 +12,9 @@ node "datagrepper01.stg.phx2.fedoraproject.org" {
include datagrepper::app
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
host { 'db-for-datagrepper':
diff --git a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
index 4a7c423..84b45ec 100644
--- a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
@@ -11,7 +11,9 @@ node "datagrepper02.phx2.fedoraproject.org" {
include openvpn::client
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
host { 'db-for-datagrepper':
diff --git a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
index 14168c2..9567cec 100644
--- a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "fedocal01.phx2.fedoraproject.org" {
include fedocal::nobalance
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db01
diff --git a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
index fd13777..3c6adf8 100644
--- a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
@@ -10,7 +10,9 @@ node "fedocal01.stg.phx2.fedoraproject.org" {
include fedocal::nobalance
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db02.stg
diff --git a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
index 090207c..d224fd1 100644
--- a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
@@ -10,7 +10,9 @@ node "fedocal02.phx2.fedoraproject.org" {
#include fedocal::nobalance
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db01
diff --git a/manifests/nodes/openid01.phx2.fedoraproject.org.pp b/manifests/nodes/openid01.phx2.fedoraproject.org.pp
index 8db2feb..94daf55 100644
--- a/manifests/nodes/openid01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/openid01.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "openid01.phx2.fedoraproject.org" {
include openvpn::client
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db-fas01
diff --git a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
index e3527ce..40386d5 100644
--- a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "openid01.stg.phx2.fedoraproject.org" {
include fas-openid
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db-fas01.stg
diff --git a/manifests/nodes/openid02.phx2.fedoraproject.org.pp b/manifests/nodes/openid02.phx2.fedoraproject.org.pp
index 3e95783..81142df 100644
--- a/manifests/nodes/openid02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/openid02.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "openid02.phx2.fedoraproject.org" {
include openvpn::client
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443 ]
+ tcpPorts => [ 80, 443 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
# This points to db-fas01
diff --git a/manifests/nodes/packages01.dev.fedoraproject.org.pp b/manifests/nodes/packages01.dev.fedoraproject.org.pp
index af87535..bb14b41 100644
--- a/manifests/nodes/packages01.dev.fedoraproject.org.pp
+++ b/manifests/nodes/packages01.dev.fedoraproject.org.pp
@@ -6,6 +6,8 @@ node "packages01.dev" {
include httpd::mod_wsgi
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 6996 ]
+ tcpPorts => [ 80, 443, 6996 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
}
diff --git a/manifests/nodes/packages01.phx2.fedoraproject.org.pp b/manifests/nodes/packages01.phx2.fedoraproject.org.pp
index 39d9036..691c5ed 100644
--- a/manifests/nodes/packages01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/packages01.phx2.fedoraproject.org.pp
@@ -26,7 +26,9 @@ node "packages01" {
}
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 6996 ]
+ tcpPorts => [ 80, 443, 6996 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
glusterfs::server::config { packages:
diff --git a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
index b0c2b9d..f96a4bd 100644
--- a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
@@ -25,6 +25,8 @@ node "packages01.stg" {
netmask => '255.255.255.0',
}
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 6996 ]
+ tcpPorts => [ 80, 443, 6996 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
}
diff --git a/manifests/nodes/packages02.phx2.fedoraproject.org.pp b/manifests/nodes/packages02.phx2.fedoraproject.org.pp
index f6a5441..a66358b 100644
--- a/manifests/nodes/packages02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/packages02.phx2.fedoraproject.org.pp
@@ -24,7 +24,9 @@ node "packages02" {
}
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 6996 ]
+ tcpPorts => [ 80, 443, 6996 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
glusterfs::server::config { packages:
diff --git a/manifests/nodes/paste01.phx2.fedoraproject.org.pp b/manifests/nodes/paste01.phx2.fedoraproject.org.pp
index 7708415..30d83e6 100644
--- a/manifests/nodes/paste01.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/paste01.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "paste01.phx2.fedoraproject.org" {
collectd::collectd { 'log02': }
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 8888 ]
+ tcpPorts => [ 80, 443, 8888 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
selboolean { [
diff --git a/manifests/nodes/paste01.stg.fedoraproject.org.pp b/manifests/nodes/paste01.stg.fedoraproject.org.pp
index fa05ef1..ad861b5 100644
--- a/manifests/nodes/paste01.stg.fedoraproject.org.pp
+++ b/manifests/nodes/paste01.stg.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "paste01.stg.phx2.fedoraproject.org" {
include sticky-notes
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 8888 ]
+ tcpPorts => [ 80, 443, 8888 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
selboolean { [
diff --git a/manifests/nodes/paste02.phx2.fedoraproject.org.pp b/manifests/nodes/paste02.phx2.fedoraproject.org.pp
index 091e894..14d694c 100644
--- a/manifests/nodes/paste02.phx2.fedoraproject.org.pp
+++ b/manifests/nodes/paste02.phx2.fedoraproject.org.pp
@@ -9,7 +9,9 @@ node "paste02.phx2.fedoraproject.org" {
collectd::collectd { 'log02': }
iptables::firewall { 'ipv4':
- tcpPorts => [ 80, 443, 8888 ]
+ tcpPorts => [ 80, 443, 8888 ],
+ custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT",
+ ]
}
selboolean { [
diff --git a/modules/askbot/manifests/init.pp b/modules/askbot/manifests/init.pp
index 50bb7d2..98afdb0 100644
--- a/modules/askbot/manifests/init.pp
+++ b/modules/askbot/manifests/init.pp
@@ -1,5 +1,6 @@
class askbot {
include httpd::mod_wsgi
+ include rsync::server
package { "askbot":
ensure => installed,
diff --git a/modules/blockerbugs/manifests/init.pp b/modules/blockerbugs/manifests/init.pp
index c841ab4..2636819 100644
--- a/modules/blockerbugs/manifests/init.pp
+++ b/modules/blockerbugs/manifests/init.pp
@@ -19,6 +19,7 @@ class blockerbugs::app {
include httpd::mod_wsgi
include mod_ssl
+ include rsync::server
selboolean { [
"httpd_can_network_connect_db",
diff --git a/modules/datagrepper/manifests/init.pp b/modules/datagrepper/manifests/init.pp
index afc9b78..bbd10bc 100644
--- a/modules/datagrepper/manifests/init.pp
+++ b/modules/datagrepper/manifests/init.pp
@@ -19,6 +19,7 @@ class datagrepper::app {
include httpd::mod_wsgi
include httpd::mod_ssl
include fedmsg::config
+ include rsync::server
package { "datagrepper":
ensure => present,
diff --git a/modules/fas-openid/manifests/init.pp b/modules/fas-openid/manifests/init.pp
index 7c48d0d..3409781 100644
--- a/modules/fas-openid/manifests/init.pp
+++ b/modules/fas-openid/manifests/init.pp
@@ -3,6 +3,7 @@ class fas-openid {
include httpd::mod_ssl
include httpd::mod_wsgi
include hotfix::python-openid
+ include rsync::server
selboolean { [
"httpd_can_network_connect_db",
diff --git a/modules/fedocal/manifests/init.pp b/modules/fedocal/manifests/init.pp
index 6854c24..31809e5 100644
--- a/modules/fedocal/manifests/init.pp
+++ b/modules/fedocal/manifests/init.pp
@@ -2,6 +2,7 @@ class fedocal {
include selinux-enforcing
include httpd::mod_ssl
include httpd::mod_wsgi
+ include rsync::server
selboolean { [
"httpd_can_network_connect_db",
diff --git a/modules/packages/manifests/init.pp b/modules/packages/manifests/init.pp
index ede4331..7b211a7 100644
--- a/modules/packages/manifests/init.pp
+++ b/modules/packages/manifests/init.pp
@@ -35,6 +35,7 @@ class fedoracommunity::tagger {
include httpd::mod_wsgi
include httpd::mod_ssl
include fedmsg::config
+ include rsync::server
fedmsg::certificate { "fedoratagger":
service => "fedoratagger",
group => "fedoratagger",
diff --git a/modules/sticky-notes/manifests/init.pp b/modules/sticky-notes/manifests/init.pp
index ed78bf2..6fd8f71 100644
--- a/modules/sticky-notes/manifests/init.pp
+++ b/modules/sticky-notes/manifests/init.pp
@@ -1,6 +1,7 @@
class sticky-notes {
include httpd::base
include httpd::php
+ include rsync::server
package { "sticky-notes":
ensure => installed,
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Stephen J Smoogen.
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure