allow fedmgs relay on copr-be-dev

This commit is contained in:
Miroslav Suchý
2017-03-21 12:58:52 +01:00
parent 835e110691
commit 3ca4cf38cb
2 changed files with 26 additions and 2 deletions

View File

@@ -2,13 +2,13 @@
instance_type: m1.xlarge
image: "{{ fedora25_x86_64 }}"
keypair: fedora-admin-20130801
security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent
security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent,fedmsg-relay-persistent
zone: nova
hostbase: copr-be-dev-
public_ip: 209.132.184.53
root_auth_users: msuchy pingou frostyx asamalik clime
description: copr dispatcher and repo server - dev instance
tcp_ports: ['22', '80', '443']
tcp_ports: ['22', '80', '443', '2003', '4001']
# volumes: copr-be-dev-data
volumes: [ {volume_id: '98372b76-b82c-4a03-9708-17af7d01e1e2', device: '/dev/vdc'} ]

View File

@@ -1228,6 +1228,30 @@
remote_ip_prefix: "0.0.0.0/0"
with_items: "{{all_tenants}}"
- name: "Create 'fedmsg-relay-persistent' security group"
neutron_sec_group:
login_username: "admin"
login_password: "{{ ADMIN_PASS }}"
login_tenant_name: "admin"
auth_url: "https://{{controller_publicname}}:35357/v2.0"
state: "present"
name: 'fedmsg-relay-persistent'
description: "allow incoming 2003 and 4001 from internal network"
tenant_name: "{{item}}"
rules:
- direction: "ingress"
port_range_min: "2003"
port_range_max: "2003"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.25.80.1/16"
- direction: "ingress"
port_range_min: "4001"
port_range_max: "4001"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.25.80.1/16"
with_items: "{{all_tenants}}"
# Update quota for Copr
# SEE: