From 7837103e4c75fae2e500ae6bc0bb8966a82ed0eb Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Feb 22 2020 11:47:12 +0000
Subject: copr-keygen-aws: better protect against typos


---

diff --git a/inventory/group_vars/copr_keygen_aws b/inventory/group_vars/copr_keygen_aws
index 8772665..bdd3a01 100644
--- a/inventory/group_vars/copr_keygen_aws
+++ b/inventory/group_vars/copr_keygen_aws
@@ -1,11 +1,13 @@
 ---
+copr_hostbase: copr-keygen
+
 tcp_ports: [22]
 
 # http + signd dest ports
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 34.227.76.72 --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 34.227.76.72 --dport 5167 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.166 --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.166 --dport 5167 -j ACCEPT']
+custom_rules: [ '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport 5167 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport 5167 -j ACCEPT']
 
 datacenter: aws
 
diff --git a/inventory/group_vars/copr_keygen_dev_aws b/inventory/group_vars/copr_keygen_dev_aws
index b432db5..e93da32 100644
--- a/inventory/group_vars/copr_keygen_dev_aws
+++ b/inventory/group_vars/copr_keygen_dev_aws
@@ -1,12 +1,13 @@
 ---
 copr_hostbase: copr-keygen-dev
-tcp_ports: []
+
+tcp_ports: [22]
 
 # http + signd dest ports
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 54.174.143.212  --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 54.174.143.212  --dport 5167 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.128    --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.128    --dport 5167 -j ACCEPT']
+custom_rules: [ '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport 5167 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport 5167 -j ACCEPT']
 
 datacenter: aws
 
diff --git a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org b/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org
index 69dc481..e9b60d4 100644
--- a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org
+++ b/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org
@@ -17,9 +17,6 @@ root_auth_users: msuchy frostyx dturecek praiskup schlupov thrnciar
 #volumes: [ {volume_id: '9e2b4c55-9ec3-4508-af46-a40f3a5bd982', device: '/dev/vdc'} ]
 description: copr key gen and sign host - dev instance
 
-# Copr vars
-copr_hostbase: copr-keygen-dev
-
 nagios_Check_Services:
   mail: false
   nrpe: false
diff --git a/inventory/host_vars/copr-keygen.aws.fedoraproject.org b/inventory/host_vars/copr-keygen.aws.fedoraproject.org
index 845aca8..756caeb 100644
--- a/inventory/host_vars/copr-keygen.aws.fedoraproject.org
+++ b/inventory/host_vars/copr-keygen.aws.fedoraproject.org
@@ -16,9 +16,6 @@ public_ip: 52.202.64.55
 root_auth_users: msuchy frostyx dturecek praiskup schlupov thrnciar
 description: copr key gen and sign host - prod instance
 
-# Copr vars
-copr_hostbase: copr-keygen
-
 nagios_Check_Services:
   mail: false
   nrpe: false