On Thu, Mar 10, 2016 at 04:56:15PM -0500, Ralph Bean wrote:
> We want openqa01 to publish to the fedmsg bus (adamw's project) for some
> integrations that releng/qa are working on for the release.
>
> The patch below does two things:
>
> - It whitelists the ip for openqa01 on the inbound fedmsg relay. We need this
> since openqa01 is in the qa net, so it has to jump through hoops to
> get to our bus.
> - It adds conditionals to the fedmsg/base role so that the
> ansible configuration we lay out on disk has all the right bits for
> an external host like openqa01.
>
> Can I get two +1s for this?
>
> diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
> index 53a291b..3122f29 100644
> --- a/inventory/group_vars/proxies
> +++ b/inventory/group_vars/proxies
> @@ -63,6 +63,8 @@ custom_rules: [
>
> # Allow resultsdb talk to the inbound fedmsg relay.
> '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT',
> + # Allow openqa01 to talk to the inbound fedmsg relay.
> + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.71 -j ACCEPT',
> ]
>
> fas_client_groups: sysadmin-noc,fi-apprentice
> diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml
> index c4bbe63..16d751d 100644
> --- a/roles/fedmsg/base/tasks/main.yml
> +++ b/roles/fedmsg/base/tasks/main.yml
> @@ -119,7 +119,7 @@
> - relay.py
> - logging.py
> - base.py
> - when: "'persistent-cloud' not in group_names"
> + when: "'persistent-cloud' not in group_names and 'qa-isolated' not in group_names"
> tags:
> - config
> - fedmsgdconfig
> @@ -152,7 +152,7 @@
> - restart fedmsg-irc
> - restart fedmsg-relay
>
> -- name: setup basic /etc/fedmsg.d/ contents for cloud hosts
> +- name: setup basic /etc/fedmsg.d/ contents for firewalled/external hosts
> template: >
> src="{{ item }}.j2"
> dest="/etc/fedmsg.d/{{ item }}"
> @@ -165,7 +165,7 @@
> - relay.py
> - logging.py
> - base.py
> - when: "'persistent-cloud' in group_names"
> + when: "'persistent-cloud' in group_names or 'qa-isolated' in group_names"
> tags:
> - config
> - fedmsgdconfig
> diff --git a/roles/fedmsg/base/templates/relay.py.j2 b/roles/fedmsg/base/templates/relay.py.j2
> index 7973329..82cd0f9 100644
> --- a/roles/fedmsg/base/templates/relay.py.j2
> +++ b/roles/fedmsg/base/templates/relay.py.j2
> @@ -24,7 +24,7 @@ config = dict(
> # It is also used by the mediawiki php plugin which, due to the oddities of
> # php, can't maintain a single passive-bind endpoint of it's own.
> relay_inbound=[
> - {% if 'persistent-cloud' in group_names or 'jenkins-master' in group_names %}
> + {% if 'persistent-cloud' in group_names or 'jenkins-master' in group_names or 'qa-isolated' in group_names %}
>
> # Stuff from the cloud has to go through our external proxy first..
> #"tcp://hub.fedoraproject.org:9941",
Looks fine to me, +1
Pierre
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
