WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-28 04:22:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

builders: add rdu3 groups and modify rdu3 builder nftables to allow rdu3 things

Browse Source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
2025-06-20 17:44:17 -07:00
parent 7a6fbb9489
commit 7842e1d593
2 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
inventory/builders
View File

@@ -448,6 +448,35 @@ buildvm-x86-riscv02.iad2.fedoraproject.org
[buildvm_x86_riscv_rdu3]
[builders_iad2:children]
buildvm_iad2
buildvm_aarch64_iad2
buildhw_iad2
buildvm_ppc64le_iad2
buildvm_x86_riscv_iad2
[builders_iad2_stg:children]
buildvm_stg_iad2
buildvm_aarch64_stg_iad2
buildvm_ppc64le_stg_iad2
[builders_rdu3:children]
buildvm_rdu3
buildvm_aarch64_rdu3
buildhw_rdu3
buildvm_ppc64le_rdu3
buildvm_x86_riscv_rdu3
[builders_iad2_stg:children]
buildvm_stg_iad2
buildvm_aarch64_stg_iad2
buildvm_ppc64le_stg_iad2
[builders_rdu3_stg:children]
buildvm_stg_rdu3
buildvm_aarch64_stg_rdu3
buildvm_ppc64le_stg_rdu3
[builders:children]
buildhw
buildvm

27
roles/base/templates/nftables/nftables.kojibuilder
View File

@@ -55,6 +55,7 @@ add rule ip filter OUTPUT ip daddr 10.3.169.106 tcp dport 80 counter accept
add rule ip filter OUTPUT ip daddr 10.3.169.107 tcp dport 80 counter accept
{% endif %}
{% if host in groups['builders_iad2'] %}
# tang for buildhw
add rule ip filter OUTPUT ip daddr 10.3.163.37 tcp dport 80 counter accept
add rule ip filter OUTPUT ip daddr 10.3.163.38 tcp dport 80 counter accept
@@ -78,6 +79,32 @@ add rule ip filter OUTPUT ip daddr 10.3.163.39 tcp dport 514 counter accept
# SSH
add rule ip filter INPUT ip saddr 10.3.160.0/19 tcp dport 22 counter accept
add rule ip filter OUTPUT ip daddr 10.3.160.0/19 tcp sport 22 counter accept
{% endif %}
{% if host in groups['builders_rdu3'] %}
# tang for buildhw
add rule ip filter OUTPUT ip daddr 10.16.163.37 tcp dport 80 counter accept
add rule ip filter OUTPUT ip daddr 10.16.163.38 tcp dport 80 counter accept
# DNS
add rule ip filter OUTPUT ip daddr 10.16.163.33 udp dport 53 counter accept
add rule ip filter OUTPUT ip daddr 10.16.163.33 tcp dport 53 counter accept
add rule ip filter OUTPUT ip daddr 10.16.163.34 udp dport 53 counter accept
add rule ip filter OUTPUT ip daddr 10.16.163.34 tcp dport 53 counter accept
# bastion smtp
add rule ip filter OUTPUT ip daddr 10.16.163.31 tcp dport 25 counter accept
# infra.fp.o
add rule ip filter OUTPUT ip daddr 10.16.163.35 tcp dport 80 counter accept
add rule ip filter OUTPUT ip daddr 10.16.163.35 tcp dport 443 counter accept
# rsyslog out to log01
add rule ip filter OUTPUT ip daddr 10.16.163.39 tcp dport 514 counter accept
# SSH
add rule ip filter INPUT ip saddr 10.16.160.0/19 tcp dport 22 counter accept
add rule ip filter OUTPUT ip daddr 10.16.160.0/19 tcp sport 22 counter accept
{% endif %}
{% if inventory_hostname.startswith (('buildvm-s390x-11', 'buildvm-s390x-12', 'buildvm-s390x-13')) %}
# Allow SSHFS binding to koji01