Re: How to open port?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 02 Feb 2015 15:59:15 +0100
Miroslav Suchý <msuchy@xxxxxxxxxx> wrote:

> How do we open ports in ansible today?
> 
> I want to open port 5672 for 172.24.0.10/24. Currently it is open
> only to:
> 
> [root@fed-cloud09 ~]# iptables-save |grep 5672
> -A INPUT -s 209.132.184.9/32 -p tcp -m multiport --dports 5671,5672
> -m comment --comment "001 amqp incoming amqp_209.132.184.9" -j ACCEPT
> 
> So I done this change:
> 
> diff --git a/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> index 2559de1..4a96e81 100644
> --- a/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> +++ b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> @@ -1,2 +1,3 @@
>  ---
>  root_auth_users:  msuchy
> +tcp_ports: [ 80, 443, 5672 ]
> 
> But it have no effect (yes, I run the playbook again).
> What is our best practice now and where I made mistake?

The issue is that that is set in the 'base' role, but we didn't add
that to the fed-cloud09 box. 

I didn't add it because there's a few things that wouldn't work there.
For example, rsyslog logging to our central logging host (it works for
our other machines because they are in phx2 or on our vpn, but we don't
want the cloud machines on the vpn). 

So, the two options are: 

we could add the base role and tweak it to not do things on cloud that
won't work there. 

Or

Just copy paste the iptables section from base role and adjust the path
to the iptables templates

kevin

Attachment: pgpgsInIT8KiX.pgp
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux