Freeze Break Request: Let openqa01.qa publish to the fedmsg bus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We want openqa01 to publish to the fedmsg bus (adamw's project) for some
integrations that releng/qa are working on for the release.

The patch below does two things:

- It whitelists the ip for openqa01 on the inbound fedmsg relay.  We need this
  since openqa01 is in the qa net, so it has to jump through hoops to
  get to our bus.
- It adds conditionals to the fedmsg/base role so that the
  ansible configuration we lay out on disk has all the right bits for
  an external host like openqa01.

Can I get two +1s for this?

diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
index 53a291b..3122f29 100644
--- a/inventory/group_vars/proxies
+++ b/inventory/group_vars/proxies
@@ -63,6 +63,8 @@ custom_rules: [
 
     # Allow resultsdb talk to the inbound fedmsg relay.
     '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT',
+    # Allow openqa01 to talk to the inbound fedmsg relay.
+    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.71 -j ACCEPT',
  ]
 
 fas_client_groups: sysadmin-noc,fi-apprentice
diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml
index c4bbe63..16d751d 100644
--- a/roles/fedmsg/base/tasks/main.yml
+++ b/roles/fedmsg/base/tasks/main.yml
@@ -119,7 +119,7 @@
   - relay.py
   - logging.py
   - base.py
-  when: "'persistent-cloud' not in group_names"
+  when: "'persistent-cloud' not in group_names and 'qa-isolated' not in group_names"
   tags:
   - config
   - fedmsgdconfig
@@ -152,7 +152,7 @@
   - restart fedmsg-irc
   - restart fedmsg-relay
 
-- name: setup basic /etc/fedmsg.d/ contents for cloud hosts
+- name: setup basic /etc/fedmsg.d/ contents for firewalled/external hosts
   template: >
     src="{{ item }}.j2"
     dest="/etc/fedmsg.d/{{ item }}"
@@ -165,7 +165,7 @@
   - relay.py
   - logging.py
   - base.py
-  when: "'persistent-cloud' in group_names"
+  when: "'persistent-cloud' in group_names or 'qa-isolated' in group_names"
   tags:
   - config
   - fedmsgdconfig
diff --git a/roles/fedmsg/base/templates/relay.py.j2 b/roles/fedmsg/base/templates/relay.py.j2
index 7973329..82cd0f9 100644
--- a/roles/fedmsg/base/templates/relay.py.j2
+++ b/roles/fedmsg/base/templates/relay.py.j2
@@ -24,7 +24,7 @@ config = dict(
     # It is also used by the mediawiki php plugin which, due to the oddities of
     # php, can't maintain a single passive-bind endpoint of it's own.
     relay_inbound=[
-        {% if 'persistent-cloud' in group_names or 'jenkins-master' in group_names %}
+        {% if 'persistent-cloud' in group_names or 'jenkins-master' in group_names  or 'qa-isolated' in group_names %}
 
         # Stuff from the cloud has to go through our external proxy first..
         #"tcp://hub.fedoraproject.org:9941",

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux