Greetings.
We have added a number of stg machines, which means that there are pending changes to all our phx2 prod machines (because they take that as a list to block). This means the daily check/diff report is at about 100kb or so and it's hard to see any changes that might be important.
I'd like to run:
ansible-playbook master.yml -t iptables
and sync things up. This should update those hosts with the new staging instances and restart iptables. I don't really expect any problem with it as we have done this a number of times in the past with no issue.
The changes for a phx2 host would typically be something like the below check/diff.
+1s?
kevin -- --- before: /etc/sysconfig/iptables +++ after: dynamically generated @@ -1,11 +1,11 @@ -# Ansible managed: /srv/web/infra/ansible/roles/base/templates/iptables/iptables modified on 2016-01-08 16:33:00 by root on batcave01.phx2.fedoraproject.org +# Ansible managed: /srv/web/infra/ansible/roles/base/templates/iptables/iptables modified on 2016-03-10 20:24:35 by root on batcave01.phx2.fedoraproject.org *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
# allow ping and traceroute -A INPUT -p icmp -j ACCEPT
# localhost is fine -A INPUT -i lo -j ACCEPT @@ -40,20 +40,22 @@ # autocloud-backend02.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.126 -j REJECT --reject-with icmp-host-prohibited # autocloud-web01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.3 -j REJECT --reject-with icmp-host-prohibited # autocloud-web02.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.89 -j REJECT --reject-with icmp-host-prohibited # badges-backend01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.68 -j REJECT --reject-with icmp-host-prohibited # badges-web01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.69 -j REJECT --reject-with icmp-host-prohibited +# basset01.stg.phx2.fedoraproject.org +-A INPUT -s 10.5.126.138 -j REJECT --reject-with icmp-host-prohibited # beaker-stg01.qa.fedoraproject.org -A INPUT -s 10.5.124.141 -j REJECT --reject-with icmp-host-prohibited # blockerbugs01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.65 -j REJECT --reject-with icmp-host-prohibited # bodhi-backend01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.90 -j REJECT --reject-with icmp-host-prohibited # bodhi02.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.169 -j REJECT --reject-with icmp-host-prohibited # bugyou01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.130 -j REJECT --reject-with icmp-host-prohibited @@ -72,20 +74,22 @@ # darkserver-web02.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.120 -j REJECT --reject-with icmp-host-prohibited # datagrepper01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.67 -j REJECT --reject-with icmp-host-prohibited # db-fas01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.78 -j REJECT --reject-with icmp-host-prohibited # db01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.204 -j REJECT --reject-with icmp-host-prohibited # db03.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.113 -j REJECT --reject-with icmp-host-prohibited +# docker-registry01.stg.phx2.fedoraproject.org +-A INPUT -s 10.5.126.217 -j REJECT --reject-with icmp-host-prohibited # elections01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.105 -j REJECT --reject-with icmp-host-prohibited # fas01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.86 -j REJECT --reject-with icmp-host-prohibited # fedimg01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.9 -j REJECT --reject-with icmp-host-prohibited # fedocal01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.66 -j REJECT --reject-with icmp-host-prohibited # gallery01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.70 -j REJECT --reject-with icmp-host-prohibited @@ -120,20 +124,22 @@ # notifs-backend01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.75 -j REJECT --reject-with icmp-host-prohibited # notifs-web01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.48 -j REJECT --reject-with icmp-host-prohibited # notifs-web02.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.109 -j REJECT --reject-with icmp-host-prohibited # nuancier01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.202 -j REJECT --reject-with icmp-host-prohibited # nuancier02.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.203 -j REJECT --reject-with icmp-host-prohibited +# osbs-master01.stg.phx2.fedoraproject.org +-A INPUT -s 10.5.126.216 -j REJECT --reject-with icmp-host-prohibited # packages03.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.42 -j REJECT --reject-with icmp-host-prohibited # paste01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.61 -j REJECT --reject-with icmp-host-prohibited # pdc-backend01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.135 -j REJECT --reject-with icmp-host-prohibited # pdc-web01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.133 -j REJECT --reject-with icmp-host-prohibited # pkgdb01.stg.phx2.fedoraproject.org -A INPUT -s 10.5.126.20 -j REJECT --reject-with icmp-host-prohibited
Greetings.
We have added a number of stg machines, which means that there are pending changes to all our phx2 prod machines (because they take that as a list to block). This means the daily check/diff report is at about 100kb or so and it's hard to see any changes that might be important.
I'd like to run:
ansible-playbook master.yml -t iptables
and sync things up. This should update those hosts with the new staging instances and restart iptables. I don't really expect any problem with it as we have done this a number of times in the past with no issue.
The changes for a phx2 host would typically be something like the below check/diff.
+1s?
+1.
+! also
On 18 March 2016 at 08:26, Patrick Uiterwijk puiterwijk@redhat.com wrote:
Greetings.
We have added a number of stg machines, which means that there are pending changes to all our phx2 prod machines (because they take that as a list to block). This means the daily check/diff report is at about 100kb or so and it's hard to see any changes that might be important.
I'd like to run:
ansible-playbook master.yml -t iptables
and sync things up. This should update those hosts with the new staging instances and restart iptables. I don't really expect any problem with it as we have done this a number of times in the past with no issue.
The changes for a phx2 host would typically be something like the below check/diff.
+1s?
+1. _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/infrastructure@lists.fedoraprojec...
infrastructure@lists.fedoraproject.org