On Wed, Aug 05, 2015 at 10:44:06AM -0600, Kevin Fenzi wrote:
> So, I applied that, but we need some additional changes. ;(
>
> First, the secondary01 host uses the external ip to talk to the s390
> hub, so we need to allow that. Secondly, the ansible_fqdn for the s390
> hub isn't the internal name...
>
> More +1s?
>
> diff --git a/inventory/host_vars/s390-koji01.qa.fedoraproject.org b/inventory/host_vars/s390-koji01.qa.fedorapr
> index 0543250..358d51b 100644
> --- a/inventory/host_vars/s390-koji01.qa.fedoraproject.org
> +++ b/inventory/host_vars/s390-koji01.qa.fedoraproject.org
> @@ -15,6 +15,11 @@ fas_client_groups: sysadmin-noc,sysadmin-secondary
>
> fedmsg_fqdn: s390-koji01.qa.fedoraproject.org
>
> +custom_rules: [
> + # Need for rsync from secondary01 for content.
> + '-A INPUT -p tcp -m tcp -s 209.132.181.8 --dport 873 -j ACCEPT',
> +]
> +
> sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
>
> #
> diff --git a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org b/roles/rsyncd/files/rsyncd.conf.s390.k
> index ff7bf1f..e2abd5d 100644
> --- a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org
> +++ b/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org
> @@ -21,4 +21,4 @@ path = /mnt/koji/tree/
> uid = root
> gid = root
> read only = yes
> -hosts allow = 10.5.126.27
> +hosts allow = 209.132.181.8
+1 as well
Pierre
Attachment:
pgpQnLcy8hucK.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
