From 463439136b1cc48b1b41e55f4191166bc3bad689 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Jun 08 2022 17:34:01 +0000 Subject: inventory /group_vars: clean up a bunch of old phx2 networks for iad2 Signed-off-by: Kevin Fenzi --- diff --git a/inventory/group_vars/badges_web_stg b/inventory/group_vars/badges_web_stg index 06e1d4d..f851fda 100644 --- a/inventory/group_vars/badges_web_stg +++ b/inventory/group_vars/badges_web_stg @@ -24,7 +24,7 @@ csi_relationship: | # For the MOTD csi_security_category: Low # Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] +custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - can_send: diff --git a/inventory/group_vars/basset b/inventory/group_vars/basset deleted file mode 100644 index 57f70a4..0000000 --- a/inventory/group_vars/basset +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Define resources for this group of hosts here. -custom_rules: [ - # fas01, fas02 - '-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 80 -j ACCEPT', - # wiki01, wiki02 - '-A INPUT -p tcp -m tcp -s 10.5.126.63 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.73 --dport 80 -j ACCEPT', - # os-node* - '-A INPUT -p tcp -m tcp -s 10.5.126.248 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.164 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.165 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.166 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.167 --dport 80 -j ACCEPT'] -lvm_size: 30000 -mem_size: 4096 -num_cpus: 2 -primary_auth_source: ipa diff --git a/inventory/group_vars/basset_stg b/inventory/group_vars/basset_stg deleted file mode 100644 index c1c139e..0000000 --- a/inventory/group_vars/basset_stg +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Define resources for this group of hosts here. -custom_rules: [ - # fas01.stg - '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 80 -j ACCEPT', - # wiki01.stg - '-A INPUT -p tcp -m tcp -s 10.5.128.188 --dport 80 -j ACCEPT', - # os-node*.stg - '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 80 -j ACCEPT'] -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 diff --git a/inventory/group_vars/bodhi_backend b/inventory/group_vars/bodhi_backend index d97a523..53b774f 100644 --- a/inventory/group_vars/bodhi_backend +++ b/inventory/group_vars/bodhi_backend @@ -16,8 +16,6 @@ ipa_client_sudo_groups: - sysadmin-releng ipa_host_group: bodhi ipa_host_group_desc: Bodhi update service -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 lvm_size: 100000 mem_size: 16384 ## XXX -- note that the fedmsg_certs declaration does not happen here, but diff --git a/inventory/group_vars/github2fedmsg_stg b/inventory/group_vars/github2fedmsg_stg index 641f8d3..d11c564 100644 --- a/inventory/group_vars/github2fedmsg_stg +++ b/inventory/group_vars/github2fedmsg_stg @@ -1,7 +1,7 @@ --- # Define resources for this group of hosts here. # Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] +custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] deployment_type: stg # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: diff --git a/inventory/group_vars/mbs_frontend_stg b/inventory/group_vars/mbs_frontend_stg index 53a377c..1e1c649 100644 --- a/inventory/group_vars/mbs_frontend_stg +++ b/inventory/group_vars/mbs_frontend_stg @@ -13,7 +13,7 @@ csi_relationship: | # For the MOTD csi_security_category: Moderate # Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] +custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - can_send: diff --git a/inventory/group_vars/odcs_backend_stg b/inventory/group_vars/odcs_backend_stg index 2b9c079..1de5bea 100644 --- a/inventory/group_vars/odcs_backend_stg +++ b/inventory/group_vars/odcs_backend_stg @@ -15,7 +15,7 @@ csi_relationship: | # For the MOTD csi_security_category: Low # Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] +custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] datacenter: iad2 # These people get told when something goes wrong. fedmsg_error_recipients: diff --git a/inventory/group_vars/odcs_frontend_stg b/inventory/group_vars/odcs_frontend_stg index 7cccfc1..8572830 100644 --- a/inventory/group_vars/odcs_frontend_stg +++ b/inventory/group_vars/odcs_frontend_stg @@ -13,7 +13,7 @@ csi_relationship: | # For the MOTD csi_security_category: Low # Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] +custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] # Set this to True for the F28 release and onwards. freezes: false lvm_size: 20000 diff --git a/inventory/group_vars/packages_stg b/inventory/group_vars/packages_stg index a36ae9a..73cd8e0 100644 --- a/inventory/group_vars/packages_stg +++ b/inventory/group_vars/packages_stg @@ -1,7 +1,7 @@ --- # Define resources for this group of hosts here. # Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] +custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - can_send: diff --git a/inventory/group_vars/proxies_stg b/inventory/group_vars/proxies_stg index fac50e9..0056a3d 100644 --- a/inventory/group_vars/proxies_stg +++ b/inventory/group_vars/proxies_stg @@ -12,21 +12,15 @@ csi_relationship: | csi_security_category: Moderate custom_rules: [ # Need for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', # allow varnish from localhost '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT', # also allow varnish from internal for purge requests - '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 6081 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT', # Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg # Contact cydrobolt about the status of this. It hasn't hit prod status # yet as of 2015-04-27 (threebean). '-A INPUT -p tcp -m tcp --dport 9941 -s 104.207.133.220 -j ACCEPT', - # Allow resultsdb talk to the inbound fedmsg relay. - '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.147 -j ACCEPT', - # Allow openqa to talk to the inbound fedmsg relay. - '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.72 -j ACCEPT', - # Allow happinesspackets-stg.fedorainfracloud.org to talk to the inbound fedmsg relay - '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.123 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.115 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.116 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.117 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.118 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.119 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.123 -j ACCEPT'] ipa_client_shell_groups: - fi-apprentice diff --git a/inventory/group_vars/value_stg b/inventory/group_vars/value_stg index a7b1ec4..337f9ca 100644 --- a/inventory/group_vars/value_stg +++ b/inventory/group_vars/value_stg @@ -12,11 +12,11 @@ csi_relationship: | csi_security_category: Moderate custom_rules: [ # Neeed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here - '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.38 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. - '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT'] + '-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT'] deployment_type: stg # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: