Open firewall ports in RDU3 for RDU3 hosts

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

inventory/group_vars/rabbitmq_stg

@@ -3,7 +3,10 @@ custom_rules: [
   # Neeed for rsync from log01 for logs.
   '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
   # Inter-node traffic
-  '-A INPUT -p tcp -m tcp -s 10.3.166.78 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.79 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.80 --dport 25672 -j ACCEPT']
+  '-A INPUT -p tcp -m tcp -s 10.3.166.78 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.79 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.80 --dport 25672 -j ACCEPT',
+  # Same but in RDU3
+  '-A INPUT -p tcp -m tcp -s 10.16.166.78 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.16.166.79 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.16.166.80 --dport 25672 -j ACCEPT',
+]
 nft_custom_rules:
   # Neeed for rsync from log01 for logs.
   - 'add rule ip filter INPUT ip saddr 10.3.163.39  tcp dport 873 counter accept'
@@ -12,15 +15,16 @@ nft_custom_rules:
   - 'add rule ip filter INPUT ip saddr 10.3.166.78 tcp dport 25672 counter accept'
   - 'add rule ip filter INPUT ip saddr 10.3.166.79 tcp dport 25672 counter accept'
   - 'add rule ip filter INPUT ip saddr 10.3.166.80 tcp dport 25672 counter accept'
-datacenter: iad2
+  # In RDU3
+  - 'add rule ip filter INPUT ip saddr 10.16.166.78 tcp dport 25672 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.166.79 tcp dport 25672 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.166.80 tcp dport 25672 counter accept'
 ipa_host_group: rabbitmq
 ipa_host_group_desc: RabbitMQ service
 ipa_shell_groups:
   - sysadmin-messaging
 ipa_client_sudo_groups:
   - sysadmin-messaging
-ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/
-ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2
 # Define resources for this group of hosts here.
 lvm_size: 20000
 mem_size: 8192

inventory/host_vars/db-fas01.rdu3.fedoraproject.org

@@ -4,16 +4,16 @@
 #
 nft_custom_rules:
   # Openshift nodes (egress policy will block connection from non-authorized projects)
-  - 'add rule ip filter INPUT ip saddr 10.3.163.69 tcp dport 5432 counter accept'
-  - 'add rule ip filter INPUT ip saddr 10.3.163.70 tcp dport 5432 counter accept'
-  - 'add rule ip filter INPUT ip saddr 10.3.163.71 tcp dport 5432 counter accept'
-  - 'add rule ip filter INPUT ip saddr 10.3.163.72 tcp dport 5432 counter accept'
-  - 'add rule ip filter INPUT ip saddr 10.3.163.73 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.69 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.70 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.71 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.72 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.73 tcp dport 5432 counter accept'
   # noc01 needs to connect to check the db
-  - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.10 tcp dport 5432 counter accept'
   # Ipsilon VMs
-  - 'add rule ip filter INPUT ip saddr 10.3.163.105 tcp dport 5432 counter accept'
-  - 'add rule ip filter INPUT ip saddr 10.3.163.106 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.105 tcp dport 5432 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.106 tcp dport 5432 counter accept'
 # This is a generic list, monitored by collectd
 databases:
   - fas2

inventory/host_vars/noc01.rdu3.fedoraproject.org

@@ -2,13 +2,13 @@
 custom_rules: [
   '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
   # needed to allow rsync from log01
-  '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT',
+  '-A INPUT -p tcp -m tcp -s 10.16.163.39 --dport 873 -j ACCEPT',
   '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'
   ]
 nft_custom_rules:
   - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5666 counter accept'
   # needed to allow rsync from log01
-  - 'add rule ip filter INPUT ip saddr 10.3.163.39  tcp dport 873 counter accept'
+  - 'add rule ip filter INPUT ip saddr 10.16.163.39  tcp dport 873 counter accept'
   - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'
 datacenter: rdu3
 eth0_ipv4_gw: 10.16.163.254