Re: Freeze break: add rsyncd to s390 hub

So, I applied that, but we need some additional changes. ;( First, the secondary01 host uses the external ip to talk to the s390 hub, so we need to allow that. Secondly, the ansible_fqdn for the s390 hub isn't the internal name... More +1s? diff --git a/inventory/host_vars/s390-koji01.qa.fedoraproject.org b/inventory/host_vars/s390-koji01.qa.fedorapr index 0543250..358d51b 100644 --- a/inventory/host_vars/s390-koji01.qa.fedoraproject.org +++ b/inventory/host_vars/s390-koji01.qa.fedoraproject.org @@ -15,6 +15,11 @@ fas_client_groups: sysadmin-noc,sysadmin-secondary fedmsg_fqdn: s390-koji01.qa.fedoraproject.org +custom_rules: [ + # Need for rsync from secondary01 for content. + '-A INPUT -p tcp -m tcp -s 209.132.181.8 --dport 873 -j ACCEPT', +] + sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" # diff --git a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org b/roles/rsyncd/files/rsyncd.conf.s390.k index ff7bf1f..e2abd5d 100644 --- a/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org +++ b/roles/rsyncd/files/rsyncd.conf.s390.koji.fedoraproject.org @@ -21,4 +21,4 @@ path = /mnt/koji/tree/ uid = root gid = root read only = yes -hosts allow = 10.5.126.27 +hosts allow = 209.132.181.8