Reviewed. +1.
On 14 May 2013 10:45, Kevin Fenzi <[email protected]> wrote: > So, first freeze break request. ;) > > I added a number of applications to have log02 pull httpd logs from, > but some of them do not have rsync installed, so pulling logs from them > is failing. I'd like to have them include rsync::server (which by > default only exposes logs to log02 for rsync) and allow that in > firewalls. > > It's not urgent, but it would be nice to start collecting these sooner > rather than later. > > kevin > -- > diff --git a/manifests/nodes/ask01.phx2.fedoraproject.org.pp > b/manifests/nodes/ask01.phx2.fedoraproject.org.pp > index 8a24a68..b85905c 100644 > --- a/manifests/nodes/ask01.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/ask01.phx2.fedoraproject.org.pp > @@ -17,7 +17,9 @@ node "ask01.phx2.fedoraproject.org" { > } > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80 ] > + tcpPorts => [ 80 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > collectd::collectd { 'log02': } > diff --git a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp > b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp > index e1abad9..661f5ac 100644 > --- a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp > @@ -16,7 +16,9 @@ node "ask01.stg.phx2.fedoraproject.org" { > } > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 8888 ] > + tcpPorts => [ 80, 443, 8888 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > } > > diff --git a/manifests/nodes/ask02.phx2.fedoraproject.org.pp > b/manifests/nodes/ask02.phx2.fedoraproject.org.pp > index bf7b259..6df2054 100644 > --- a/manifests/nodes/ask02.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/ask02.phx2.fedoraproject.org.pp > @@ -17,7 +17,9 @@ node "ask02.phx2.fedoraproject.org" { > } > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80 ] > + tcpPorts => [ 80 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > collectd::collectd { 'log02': } > diff --git a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp > b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp > index 6647b05..61cf44e 100644 > --- a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp > @@ -12,7 +12,9 @@ node "blockerbugs01.phx2.fedoraproject.org" { > include blockerbugs::nobalance > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 8888 ] > + tcpPorts => [ 80, 443, 8888 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > # This points to db01 > host { 'db-blockerbugs': > diff --git a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp > b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp > index a034e3d..aa7eb45 100644 > --- a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp > @@ -9,6 +9,8 @@ node "blockerbugs01.stg.phx2.fedoraproject.org" { > include blockerbugs::nobalance > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 8888 ] > + tcpPorts => [ 80, 443, 8888 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > } > diff --git a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp > b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp > index 61267e7..e558851 100644 > --- a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp > @@ -12,7 +12,9 @@ node "blockerbugs02.phx2.fedoraproject.org" { > # include blockerbugs::nobalance > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 8888 ] > + tcpPorts => [ 80, 443, 8888 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > # This points to db01 > host { 'db-blockerbugs': > diff --git a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp > b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp > index 8198138..a2616d0 100644 > --- a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp > @@ -11,7 +11,9 @@ node "datagrepper01.phx2.fedoraproject.org" { > include openvpn::client > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > host { 'db-for-datagrepper': > diff --git a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp > b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp > index c81a938..78e8f8d 100644 > --- a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp > @@ -12,7 +12,9 @@ node "datagrepper01.stg.phx2.fedoraproject.org" { > include datagrepper::app > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > host { 'db-for-datagrepper': > diff --git a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp > b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp > index 4a7c423..84b45ec 100644 > --- a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp > @@ -11,7 +11,9 @@ node "datagrepper02.phx2.fedoraproject.org" { > include openvpn::client > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > host { 'db-for-datagrepper': > diff --git a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp > b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp > index 14168c2..9567cec 100644 > --- a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp > @@ -9,7 +9,9 @@ node "fedocal01.phx2.fedoraproject.org" { > include fedocal::nobalance > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > # This points to db01 > diff --git a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp > b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp > index fd13777..3c6adf8 100644 > --- a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp > @@ -10,7 +10,9 @@ node "fedocal01.stg.phx2.fedoraproject.org" { > include fedocal::nobalance > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > # This points to db02.stg > diff --git a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp > b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp > index 090207c..d224fd1 100644 > --- a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp > @@ -10,7 +10,9 @@ node "fedocal02.phx2.fedoraproject.org" { > #include fedocal::nobalance > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > # This points to db01 > diff --git a/manifests/nodes/openid01.phx2.fedoraproject.org.pp > b/manifests/nodes/openid01.phx2.fedoraproject.org.pp > index 8db2feb..94daf55 100644 > --- a/manifests/nodes/openid01.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/openid01.phx2.fedoraproject.org.pp > @@ -9,7 +9,9 @@ node "openid01.phx2.fedoraproject.org" { > include openvpn::client > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > # This points to db-fas01 > diff --git a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp > b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp > index e3527ce..40386d5 100644 > --- a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp > @@ -9,7 +9,9 @@ node "openid01.stg.phx2.fedoraproject.org" { > include fas-openid > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > # This points to db-fas01.stg > diff --git a/manifests/nodes/openid02.phx2.fedoraproject.org.pp > b/manifests/nodes/openid02.phx2.fedoraproject.org.pp > index 3e95783..81142df 100644 > --- a/manifests/nodes/openid02.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/openid02.phx2.fedoraproject.org.pp > @@ -9,7 +9,9 @@ node "openid02.phx2.fedoraproject.org" { > include openvpn::client > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443 ] > + tcpPorts => [ 80, 443 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > # This points to db-fas01 > diff --git a/manifests/nodes/packages01.dev.fedoraproject.org.pp > b/manifests/nodes/packages01.dev.fedoraproject.org.pp > index af87535..bb14b41 100644 > --- a/manifests/nodes/packages01.dev.fedoraproject.org.pp > +++ b/manifests/nodes/packages01.dev.fedoraproject.org.pp > @@ -6,6 +6,8 @@ node "packages01.dev" { > include httpd::mod_wsgi > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 6996 ] > + tcpPorts => [ 80, 443, 6996 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > } > diff --git a/manifests/nodes/packages01.phx2.fedoraproject.org.pp > b/manifests/nodes/packages01.phx2.fedoraproject.org.pp > index 39d9036..691c5ed 100644 > --- a/manifests/nodes/packages01.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/packages01.phx2.fedoraproject.org.pp > @@ -26,7 +26,9 @@ node "packages01" { > } > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 6996 ] > + tcpPorts => [ 80, 443, 6996 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > glusterfs::server::config { packages: > diff --git a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp > b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp > index b0c2b9d..f96a4bd 100644 > --- a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp > @@ -25,6 +25,8 @@ node "packages01.stg" { > netmask => '255.255.255.0', > } > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 6996 ] > + tcpPorts => [ 80, 443, 6996 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > } > diff --git a/manifests/nodes/packages02.phx2.fedoraproject.org.pp > b/manifests/nodes/packages02.phx2.fedoraproject.org.pp > index f6a5441..a66358b 100644 > --- a/manifests/nodes/packages02.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/packages02.phx2.fedoraproject.org.pp > @@ -24,7 +24,9 @@ node "packages02" { > } > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 6996 ] > + tcpPorts => [ 80, 443, 6996 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > glusterfs::server::config { packages: > diff --git a/manifests/nodes/paste01.phx2.fedoraproject.org.pp > b/manifests/nodes/paste01.phx2.fedoraproject.org.pp > index 7708415..30d83e6 100644 > --- a/manifests/nodes/paste01.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/paste01.phx2.fedoraproject.org.pp > @@ -9,7 +9,9 @@ node "paste01.phx2.fedoraproject.org" { > collectd::collectd { 'log02': } > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 8888 ] > + tcpPorts => [ 80, 443, 8888 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > selboolean { [ > diff --git a/manifests/nodes/paste01.stg.fedoraproject.org.pp > b/manifests/nodes/paste01.stg.fedoraproject.org.pp > index fa05ef1..ad861b5 100644 > --- a/manifests/nodes/paste01.stg.fedoraproject.org.pp > +++ b/manifests/nodes/paste01.stg.fedoraproject.org.pp > @@ -9,7 +9,9 @@ node "paste01.stg.phx2.fedoraproject.org" { > include sticky-notes > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 8888 ] > + tcpPorts => [ 80, 443, 8888 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > selboolean { [ > diff --git a/manifests/nodes/paste02.phx2.fedoraproject.org.pp > b/manifests/nodes/paste02.phx2.fedoraproject.org.pp > index 091e894..14d694c 100644 > --- a/manifests/nodes/paste02.phx2.fedoraproject.org.pp > +++ b/manifests/nodes/paste02.phx2.fedoraproject.org.pp > @@ -9,7 +9,9 @@ node "paste02.phx2.fedoraproject.org" { > collectd::collectd { 'log02': } > > iptables::firewall { 'ipv4': > - tcpPorts => [ 80, 443, 8888 ] > + tcpPorts => [ 80, 443, 8888 ], > + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j > ACCEPT", > + ] > } > > selboolean { [ > diff --git a/modules/askbot/manifests/init.pp > b/modules/askbot/manifests/init.pp > index 50bb7d2..98afdb0 100644 > --- a/modules/askbot/manifests/init.pp > +++ b/modules/askbot/manifests/init.pp > @@ -1,5 +1,6 @@ > class askbot { > include httpd::mod_wsgi > + include rsync::server > > package { "askbot": > ensure => installed, > diff --git a/modules/blockerbugs/manifests/init.pp > b/modules/blockerbugs/manifests/init.pp > index c841ab4..2636819 100644 > --- a/modules/blockerbugs/manifests/init.pp > +++ b/modules/blockerbugs/manifests/init.pp > @@ -19,6 +19,7 @@ class blockerbugs::app { > > include httpd::mod_wsgi > include mod_ssl > + include rsync::server > > selboolean { [ > "httpd_can_network_connect_db", > diff --git a/modules/datagrepper/manifests/init.pp > b/modules/datagrepper/manifests/init.pp > index afc9b78..bbd10bc 100644 > --- a/modules/datagrepper/manifests/init.pp > +++ b/modules/datagrepper/manifests/init.pp > @@ -19,6 +19,7 @@ class datagrepper::app { > include httpd::mod_wsgi > include httpd::mod_ssl > include fedmsg::config > + include rsync::server > > package { "datagrepper": > ensure => present, > diff --git a/modules/fas-openid/manifests/init.pp > b/modules/fas-openid/manifests/init.pp > index 7c48d0d..3409781 100644 > --- a/modules/fas-openid/manifests/init.pp > +++ b/modules/fas-openid/manifests/init.pp > @@ -3,6 +3,7 @@ class fas-openid { > include httpd::mod_ssl > include httpd::mod_wsgi > include hotfix::python-openid > + include rsync::server > > selboolean { [ > "httpd_can_network_connect_db", > diff --git a/modules/fedocal/manifests/init.pp > b/modules/fedocal/manifests/init.pp > index 6854c24..31809e5 100644 > --- a/modules/fedocal/manifests/init.pp > +++ b/modules/fedocal/manifests/init.pp > @@ -2,6 +2,7 @@ class fedocal { > include selinux-enforcing > include httpd::mod_ssl > include httpd::mod_wsgi > + include rsync::server > > selboolean { [ > "httpd_can_network_connect_db", > diff --git a/modules/packages/manifests/init.pp > b/modules/packages/manifests/init.pp > index ede4331..7b211a7 100644 > --- a/modules/packages/manifests/init.pp > +++ b/modules/packages/manifests/init.pp > @@ -35,6 +35,7 @@ class fedoracommunity::tagger { > include httpd::mod_wsgi > include httpd::mod_ssl > include fedmsg::config > + include rsync::server > fedmsg::certificate { "fedoratagger": > service => "fedoratagger", > group => "fedoratagger", > diff --git a/modules/sticky-notes/manifests/init.pp > b/modules/sticky-notes/manifests/init.pp > index ed78bf2..6fd8f71 100644 > --- a/modules/sticky-notes/manifests/init.pp > +++ b/modules/sticky-notes/manifests/init.pp > @@ -1,6 +1,7 @@ > class sticky-notes { > include httpd::base > include httpd::php > + include rsync::server > > package { "sticky-notes": > ensure => installed, > > _______________________________________________ > infrastructure mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/infrastructure > -- Stephen J Smoogen.
_______________________________________________ infrastructure mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/infrastructure
