From 3ca4cf38cbd1e3ffbe6161359f102121deba5b02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Tue, 21 Mar 2017 12:58:52 +0100 Subject: [PATCH] allow fedmgs relay on copr-be-dev --- .../copr-be-dev.cloud.fedoraproject.org | 4 ++-- .../fed-cloud09.cloud.fedoraproject.org.yml | 24 +++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org index 26100d5436..0e3bdca8d8 100644 --- a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org @@ -2,13 +2,13 @@ instance_type: m1.xlarge image: "{{ fedora25_x86_64 }}" keypair: fedora-admin-20130801 -security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent +security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent,fedmsg-relay-persistent zone: nova hostbase: copr-be-dev- public_ip: 209.132.184.53 root_auth_users: msuchy pingou frostyx asamalik clime description: copr dispatcher and repo server - dev instance -tcp_ports: ['22', '80', '443'] +tcp_ports: ['22', '80', '443', '2003', '4001'] # volumes: copr-be-dev-data volumes: [ {volume_id: '98372b76-b82c-4a03-9708-17af7d01e1e2', device: '/dev/vdc'} ] diff --git a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml index 9a4893233a..32624e673a 100644 --- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml @@ -1228,6 +1228,30 @@ remote_ip_prefix: "0.0.0.0/0" with_items: "{{all_tenants}}" + - name: "Create 'fedmsg-relay-persistent' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'fedmsg-relay-persistent' + description: "allow incoming 2003 and 4001 from internal network" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "2003" + port_range_max: "2003" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "172.25.80.1/16" + - direction: "ingress" + port_range_min: "4001" + port_range_max: "4001" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "172.25.80.1/16" + with_items: "{{all_tenants}}" # Update quota for Copr # SEE: