+1
On Nov 8, 2013 4:31 PM, "Ralph Bean" <[email protected]> wrote:
> We're looking to publish fedmsg messages from the copr backend. The
> node that lives on is in the cloud and so will need to follow the same
> route as the secondary arch compose nodes. We have an inbound fedmsg
> relay running on busgateway01, port 9941, and haproxy proxies
> connections to it from hub.fedoraproject.org, port 9941.
>
> We have that external port firewalled to only allow connections from
> the secondary arch compose nodes, and the copr backend!
>
> I only discovered today, as we went to test this for the first time,
> that the IP listed in manifests/services/proxy.pp is incorrect.
>
> I'd like to make this change to set it straight:
>
> diff --git a/manifests/services/proxy.pp b/manifests/services/proxy.pp
> index 01b39d3..529b242 100644
> --- a/manifests/services/proxy.pp
> +++ b/manifests/services/proxy.pp
> @@ -1012,7 +1012,7 @@ if $puppetEnvironment == 'staging'{
> tcpPorts => [ 80, 443, 873, 8080, 6081, 9939, 9940],
> custom => [
> # Allow copr-be.cloud to talk to the inbound relay.
> - '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.142 -j
> ACCEPT',
> + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.131 -j
> ACCEPT',
> # Also, ppc-composer.qa.fedoraproject.org (secondary arch)
> '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.33 -j
> ACCEPT',
> # Also, s390-hub01.qa.fedoraproject.org (secondary arch)
>
>
> This is potentially high impact in that it will be distributed to all of
> our proxies (which everything depends on). On the other hand, it is a
> really simple change that only modifies the last chunk of that ip address.
>
> Can I get two +1's?
>
> -Ralph
>
> _______________________________________________
> infrastructure mailing list
> [email protected]
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
_______________________________________________
infrastructure mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
