Greetings.
We have added a number of stg machines, which means that there are
pending changes to all our phx2 prod machines (because they take that
as a list to block). This means the daily check/diff report is at about
100kb or so and it's hard to see any changes that might be important.
I'd like to run:
ansible-playbook master.yml -t iptables
and sync things up. This should update those hosts with the new staging
instances and restart iptables. I don't really expect any problem with
it as we have done this a number of times in the past with no issue.
The changes for a phx2 host would typically be something like the below
check/diff.
+1s?
kevin
--
--- before: /etc/sysconfig/iptables
+++ after: dynamically generated
@@ -1,11 +1,11 @@
-# Ansible
managed: /srv/web/infra/ansible/roles/base/templates/iptables/iptables
modified on 2016-01-08 16:33:00 by root on
batcave01.phx2.fedoraproject.org +# Ansible
managed: /srv/web/infra/ansible/roles/base/templates/iptables/iptables
modified on 2016-03-10 20:24:35 by root on
batcave01.phx2.fedoraproject.org *filter :INPUT ACCEPT [0:0] :FORWARD
ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
# allow ping and traceroute
-A INPUT -p icmp -j ACCEPT
# localhost is fine
-A INPUT -i lo -j ACCEPT
@@ -40,20 +40,22 @@
#
autocloud-backend02.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.126 -j REJECT --reject-with icmp-host-prohibited
#
autocloud-web01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.3 -j REJECT --reject-with icmp-host-prohibited
#
autocloud-web02.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.89 -j REJECT --reject-with icmp-host-prohibited
#
badges-backend01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.68 -j REJECT --reject-with icmp-host-prohibited
#
badges-web01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.69 -j REJECT --reject-with icmp-host-prohibited
+#
basset01.stg.phx2.fedoraproject.org
+-A INPUT -s 10.5.126.138 -j REJECT --reject-with icmp-host-prohibited
#
beaker-stg01.qa.fedoraproject.org
-A INPUT -s 10.5.124.141 -j REJECT --reject-with icmp-host-prohibited
#
blockerbugs01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.65 -j REJECT --reject-with icmp-host-prohibited
#
bodhi-backend01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.90 -j REJECT --reject-with icmp-host-prohibited
#
bodhi02.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.169 -j REJECT --reject-with icmp-host-prohibited
#
bugyou01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.130 -j REJECT --reject-with icmp-host-prohibited
@@ -72,20 +74,22 @@
#
darkserver-web02.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.120 -j REJECT --reject-with icmp-host-prohibited
#
datagrepper01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.67 -j REJECT --reject-with icmp-host-prohibited
#
db-fas01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.78 -j REJECT --reject-with icmp-host-prohibited
#
db01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.204 -j REJECT --reject-with icmp-host-prohibited
#
db03.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.113 -j REJECT --reject-with icmp-host-prohibited
+#
docker-registry01.stg.phx2.fedoraproject.org
+-A INPUT -s 10.5.126.217 -j REJECT --reject-with icmp-host-prohibited
#
elections01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.105 -j REJECT --reject-with icmp-host-prohibited
#
fas01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.86 -j REJECT --reject-with icmp-host-prohibited
#
fedimg01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.9 -j REJECT --reject-with icmp-host-prohibited
#
fedocal01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.66 -j REJECT --reject-with icmp-host-prohibited
#
gallery01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.70 -j REJECT --reject-with icmp-host-prohibited
@@ -120,20 +124,22 @@
#
notifs-backend01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.75 -j REJECT --reject-with icmp-host-prohibited
#
notifs-web01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.48 -j REJECT --reject-with icmp-host-prohibited
#
notifs-web02.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.109 -j REJECT --reject-with icmp-host-prohibited
#
nuancier01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.202 -j REJECT --reject-with icmp-host-prohibited
#
nuancier02.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.203 -j REJECT --reject-with icmp-host-prohibited
+#
osbs-master01.stg.phx2.fedoraproject.org
+-A INPUT -s 10.5.126.216 -j REJECT --reject-with icmp-host-prohibited
#
packages03.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.42 -j REJECT --reject-with icmp-host-prohibited
#
paste01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.61 -j REJECT --reject-with icmp-host-prohibited
#
pdc-backend01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.135 -j REJECT --reject-with icmp-host-prohibited
#
pdc-web01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.133 -j REJECT --reject-with icmp-host-prohibited
#
pkgdb01.stg.phx2.fedoraproject.org
-A INPUT -s 10.5.126.20 -j REJECT --reject-with icmp-host-prohibited