So, I applied that, but we need some additional changes. ;(
First, the secondary01 host uses the external ip to talk to the s390
hub, so we need to allow that. Secondly, the ansible_fqdn for the s390
hub isn't the internal name...
More +1s?
diff --git a/inventory/host_vars/s390-koji01.qa.fedoraproject.org b/inventory/host_vars/s390-koji01.qa.fedorapr
index 0543250..358d51b 100644
--- a/inventory/host_vars/s390-koji01.qa.fedoraproject.org
+++ b/inventory/host_vars/s390-koji01.qa.fedoraproject.org
@@ -15,6 +15,11 @@ fas_client_groups: sysadmin-noc,sysadmin-secondary
fedmsg_fqdn: s390-koji01.qa.fedoraproject.org
+custom_rules: [
+ # Need for rsync from secondary01 for content.
+ '-A INPUT -p tcp -m tcp -s 209.132.181.8 --dport 873 -j ACCEPT',
+]
+
sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
#
diff --git a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org b/roles/rsyncd/files/rsyncd.conf.s390.k
index ff7bf1f..e2abd5d 100644
--- a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org
+++ b/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org
@@ -21,4 +21,4 @@ path = /mnt/koji/tree/
uid = root
gid = root
read only = yes
-hosts allow = 10.5.126.27
+hosts allow = 209.132.181.8
Attachment:
pgpzQe9qAUuYE.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
