We want openqa01 to publish to the fedmsg bus (adamw's project) for some
integrations that releng/qa are working on for the release.
The patch below does two things:
- It whitelists the ip for openqa01 on the inbound fedmsg relay. We need this
since openqa01 is in the qa net, so it has to jump through hoops to
get to our bus.
- It adds conditionals to the fedmsg/base role so that the
ansible configuration we lay out on disk has all the right bits for
an external host like openqa01.
Can I get two +1s for this?
diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
index 53a291b..3122f29 100644
--- a/inventory/group_vars/proxies
+++ b/inventory/group_vars/proxies
@@ -63,6 +63,8 @@ custom_rules: [
# Allow resultsdb talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT',
+ # Allow openqa01 to talk to the inbound fedmsg relay.
+ '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.71 -j ACCEPT',
]
fas_client_groups: sysadmin-noc,fi-apprentice
diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml
index c4bbe63..16d751d 100644
--- a/roles/fedmsg/base/tasks/main.yml
+++ b/roles/fedmsg/base/tasks/main.yml
@@ -119,7 +119,7 @@
- relay.py
- logging.py
- base.py
- when: "'persistent-cloud' not in group_names"
+ when: "'persistent-cloud' not in group_names and 'qa-isolated' not in group_names"
tags:
- config
- fedmsgdconfig
@@ -152,7 +152,7 @@
- restart fedmsg-irc
- restart fedmsg-relay
-- name: setup basic /etc/fedmsg.d/ contents for cloud hosts
+- name: setup basic /etc/fedmsg.d/ contents for firewalled/external hosts
template: >
src="{{ item }}.j2"
dest="/etc/fedmsg.d/{{ item }}"
@@ -165,7 +165,7 @@
- relay.py
- logging.py
- base.py
- when: "'persistent-cloud' in group_names"
+ when: "'persistent-cloud' in group_names or 'qa-isolated' in group_names"
tags:
- config
- fedmsgdconfig
diff --git a/roles/fedmsg/base/templates/relay.py.j2 b/roles/fedmsg/base/templates/relay.py.j2
index 7973329..82cd0f9 100644
--- a/roles/fedmsg/base/templates/relay.py.j2
+++ b/roles/fedmsg/base/templates/relay.py.j2
@@ -24,7 +24,7 @@ config = dict(
# It is also used by the mediawiki php plugin which, due to the oddities of
# php, can't maintain a single passive-bind endpoint of it's own.
relay_inbound=[
- {% if 'persistent-cloud' in group_names or 'jenkins-master' in group_names %}
+ {% if 'persistent-cloud' in group_names or 'jenkins-master' in group_names or 'qa-isolated' in group_names %}
# Stuff from the cloud has to go through our external proxy first..
#"tcp://hub.fedoraproject.org:9941",