Freeze break: iptables syncup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings. 

We have added a number of stg machines, which means that there are
pending changes to all our phx2 prod machines (because they take that
as a list to block). This means the daily check/diff report is at about
100kb or so and it's hard to see any changes that might be important. 

I'd like to run: 

ansible-playbook master.yml -t iptables

and sync things up. This should update those hosts with the new staging
instances and restart iptables. I don't really expect any problem with
it as we have done this a number of times in the past with no issue. 

The changes for a phx2 host would typically be something like the below 
check/diff. 

+1s?

kevin
--
--- before: /etc/sysconfig/iptables
+++ after: dynamically generated
@@ -1,11 +1,11 @@
-# Ansible
managed: /srv/web/infra/ansible/roles/base/templates/iptables/iptables
modified on 2016-01-08 16:33:00 by root on
batcave01.phx2.fedoraproject.org +# Ansible
managed: /srv/web/infra/ansible/roles/base/templates/iptables/iptables
modified on 2016-03-10 20:24:35 by root on
batcave01.phx2.fedoraproject.org *filter :INPUT ACCEPT [0:0] :FORWARD
ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
 
 # allow ping and traceroute
 -A INPUT -p icmp -j ACCEPT
 
 # localhost is fine
 -A INPUT -i lo -j ACCEPT
@@ -40,20 +40,22 @@
 # autocloud-backend02.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.126 -j REJECT --reject-with icmp-host-prohibited
 # autocloud-web01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.3 -j REJECT --reject-with icmp-host-prohibited
 # autocloud-web02.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.89 -j REJECT --reject-with icmp-host-prohibited
 # badges-backend01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.68 -j REJECT --reject-with icmp-host-prohibited
 # badges-web01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.69 -j REJECT --reject-with icmp-host-prohibited
+# basset01.stg.phx2.fedoraproject.org
+-A INPUT -s 10.5.126.138 -j REJECT --reject-with icmp-host-prohibited
 # beaker-stg01.qa.fedoraproject.org
 -A INPUT -s 10.5.124.141 -j REJECT --reject-with icmp-host-prohibited
 # blockerbugs01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.65 -j REJECT --reject-with icmp-host-prohibited
 # bodhi-backend01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.90 -j REJECT --reject-with icmp-host-prohibited
 # bodhi02.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.169 -j REJECT --reject-with icmp-host-prohibited
 # bugyou01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.130 -j REJECT --reject-with icmp-host-prohibited
@@ -72,20 +74,22 @@
 # darkserver-web02.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.120 -j REJECT --reject-with icmp-host-prohibited
 # datagrepper01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.67 -j REJECT --reject-with icmp-host-prohibited
 # db-fas01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.78 -j REJECT --reject-with icmp-host-prohibited
 # db01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.204 -j REJECT --reject-with icmp-host-prohibited
 # db03.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.113 -j REJECT --reject-with icmp-host-prohibited
+# docker-registry01.stg.phx2.fedoraproject.org
+-A INPUT -s 10.5.126.217 -j REJECT --reject-with icmp-host-prohibited
 # elections01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.105 -j REJECT --reject-with icmp-host-prohibited
 # fas01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.86 -j REJECT --reject-with icmp-host-prohibited
 # fedimg01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.9 -j REJECT --reject-with icmp-host-prohibited
 # fedocal01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.66 -j REJECT --reject-with icmp-host-prohibited
 # gallery01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.70 -j REJECT --reject-with icmp-host-prohibited
@@ -120,20 +124,22 @@
 # notifs-backend01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.75 -j REJECT --reject-with icmp-host-prohibited
 # notifs-web01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.48 -j REJECT --reject-with icmp-host-prohibited
 # notifs-web02.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.109 -j REJECT --reject-with icmp-host-prohibited
 # nuancier01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.202 -j REJECT --reject-with icmp-host-prohibited
 # nuancier02.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.203 -j REJECT --reject-with icmp-host-prohibited
+# osbs-master01.stg.phx2.fedoraproject.org
+-A INPUT -s 10.5.126.216 -j REJECT --reject-with icmp-host-prohibited
 # packages03.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.42 -j REJECT --reject-with icmp-host-prohibited
 # paste01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.61 -j REJECT --reject-with icmp-host-prohibited
 # pdc-backend01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.135 -j REJECT --reject-with icmp-host-prohibited
 # pdc-web01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.133 -j REJECT --reject-with icmp-host-prohibited
 # pkgdb01.stg.phx2.fedoraproject.org
 -A INPUT -s 10.5.126.20 -j REJECT --reject-with icmp-host-prohibited

Attachment: pgptWWQsjRdWZ.pgp
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux