So, I applied that, but we need some additional changes. ;(
First, the secondary01 host uses the external ip to talk to the s390
hub, so we need to allow that. Secondly, the ansible_fqdn for the s390
hub isn't the internal name...
More +1s?
diff --git
a/inventory/host_vars/s390-koji01.qa.fedoraproject.org
b/inventory/host_vars/s390-koji01.qa.fedorapr
index 0543250..358d51b 100644
---
a/inventory/host_vars/s390-koji01.qa.fedoraproject.org
+++
b/inventory/host_vars/s390-koji01.qa.fedoraproject.org
@@ -15,6 +15,11 @@ fas_client_groups: sysadmin-noc,sysadmin-secondary
fedmsg_fqdn:
s390-koji01.qa.fedoraproject.org
+custom_rules: [
+ # Need for rsync from secondary01 for content.
+ '-A INPUT -p tcp -m tcp -s 209.132.181.8 --dport 873 -j ACCEPT',
+]
+
sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
#
diff --git
a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org
b/roles/rsyncd/files/rsyncd.conf.s390.k
index ff7bf1f..e2abd5d 100644
---
a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org
+++
b/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org
@@ -21,4 +21,4 @@ path = /mnt/koji/tree/
uid = root
gid = root
read only = yes
-hosts allow = 10.5.126.27
+hosts allow = 209.132.181.8