Freeze break request: add rsync for httpd logs
seth vidal
skvidal at fedoraproject.org
Tue May 14 16:51:20 UTC 2013
On Tue, 14 May 2013 10:45:18 -0600
Kevin Fenzi <kevin at scrye.com> wrote:
> So, first freeze break request. ;)
>
> I added a number of applications to have log02 pull httpd logs from,
> but some of them do not have rsync installed, so pulling logs from
> them is failing. I'd like to have them include rsync::server (which by
> default only exposes logs to log02 for rsync) and allow that in
> firewalls.
>
> It's not urgent, but it would be nice to start collecting these sooner
> rather than later.
>
> kevin
> --
> diff --git a/manifests/nodes/ask01.phx2.fedoraproject.org.pp
> b/manifests/nodes/ask01.phx2.fedoraproject.org.pp index
> 8a24a68..b85905c 100644 ---
> a/manifests/nodes/ask01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/ask01.phx2.fedoraproject.org.pp @@ -17,7 +17,9 @@
> node "ask01.phx2.fedoraproject.org" { }
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80 ]
> + tcpPorts => [ 80 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> collectd::collectd { 'log02': }
> diff --git a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp index
> e1abad9..661f5ac 100644 ---
> a/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/ask01.stg.phx2.fedoraproject.org.pp @@ -16,7 +16,9
> @@ node "ask01.stg.phx2.fedoraproject.org" { }
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 8888 ]
> + tcpPorts => [ 80, 443, 8888 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
> }
>
> diff --git a/manifests/nodes/ask02.phx2.fedoraproject.org.pp
> b/manifests/nodes/ask02.phx2.fedoraproject.org.pp index
> bf7b259..6df2054 100644 ---
> a/manifests/nodes/ask02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/ask02.phx2.fedoraproject.org.pp @@ -17,7 +17,9 @@
> node "ask02.phx2.fedoraproject.org" { }
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80 ]
> + tcpPorts => [ 80 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> collectd::collectd { 'log02': }
> diff --git a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp
> b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp index
> 6647b05..61cf44e 100644 ---
> a/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/blockerbugs01.phx2.fedoraproject.org.pp @@ -12,7
> +12,9 @@ node "blockerbugs01.phx2.fedoraproject.org" { include
> blockerbugs::nobalance
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 8888 ]
> + tcpPorts => [ 80, 443, 8888 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
> # This points to db01
> host { 'db-blockerbugs':
> diff --git
> a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp index
> a034e3d..aa7eb45 100644 ---
> a/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/blockerbugs01.stg.phx2.fedoraproject.org.pp @@ -9,6
> +9,8 @@ node "blockerbugs01.stg.phx2.fedoraproject.org" { include
> blockerbugs::nobalance iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 8888 ]
> + tcpPorts => [ 80, 443, 8888 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
> }
> diff --git a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp
> b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp index
> 61267e7..e558851 100644 ---
> a/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/blockerbugs02.phx2.fedoraproject.org.pp @@ -12,7
> +12,9 @@ node "blockerbugs02.phx2.fedoraproject.org" { # include
> blockerbugs::nobalance
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 8888 ]
> + tcpPorts => [ 80, 443, 8888 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
> # This points to db01
> host { 'db-blockerbugs':
> diff --git a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp
> b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp index
> 8198138..a2616d0 100644 ---
> a/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/datagrepper01.phx2.fedoraproject.org.pp @@ -11,7
> +11,9 @@ node "datagrepper01.phx2.fedoraproject.org" { include
> openvpn::client
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> host { 'db-for-datagrepper':
> diff --git
> a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp index
> c81a938..78e8f8d 100644 ---
> a/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/datagrepper01.stg.phx2.fedoraproject.org.pp @@
> -12,7 +12,9 @@ node
> "datagrepper01.stg.phx2.fedoraproject.org" { include datagrepper::app
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> host { 'db-for-datagrepper':
> diff --git a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp
> b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp index
> 4a7c423..84b45ec 100644 ---
> a/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/datagrepper02.phx2.fedoraproject.org.pp @@ -11,7
> +11,9 @@ node "datagrepper02.phx2.fedoraproject.org" { include
> openvpn::client
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> host { 'db-for-datagrepper':
> diff --git a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp
> b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp index
> 14168c2..9567cec 100644 ---
> a/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/fedocal01.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "fedocal01.phx2.fedoraproject.org" { include fedocal::nobalance
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> # This points to db01
> diff --git a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp index
> fd13777..3c6adf8 100644 ---
> a/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/fedocal01.stg.phx2.fedoraproject.org.pp @@ -10,7
> +10,9 @@ node "fedocal01.stg.phx2.fedoraproject.org" { include
> fedocal::nobalance
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> # This points to db02.stg
> diff --git a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp
> b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp index
> 090207c..d224fd1 100644 ---
> a/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/fedocal02.phx2.fedoraproject.org.pp @@ -10,7 +10,9
> @@ node "fedocal02.phx2.fedoraproject.org" { #include
> fedocal::nobalance
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> # This points to db01
> diff --git a/manifests/nodes/openid01.phx2.fedoraproject.org.pp
> b/manifests/nodes/openid01.phx2.fedoraproject.org.pp index
> 8db2feb..94daf55 100644 ---
> a/manifests/nodes/openid01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/openid01.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "openid01.phx2.fedoraproject.org" { include openvpn::client
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> # This points to db-fas01
> diff --git a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp index
> e3527ce..40386d5 100644 ---
> a/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/openid01.stg.phx2.fedoraproject.org.pp @@ -9,7 +9,9
> @@ node "openid01.stg.phx2.fedoraproject.org" { include fas-openid
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> # This points to db-fas01.stg
> diff --git a/manifests/nodes/openid02.phx2.fedoraproject.org.pp
> b/manifests/nodes/openid02.phx2.fedoraproject.org.pp index
> 3e95783..81142df 100644 ---
> a/manifests/nodes/openid02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/openid02.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "openid02.phx2.fedoraproject.org" { include openvpn::client
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443 ]
> + tcpPorts => [ 80, 443 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport
> 873 -j ACCEPT",
> + ]
> }
>
> # This points to db-fas01
> diff --git a/manifests/nodes/packages01.dev.fedoraproject.org.pp
> b/manifests/nodes/packages01.dev.fedoraproject.org.pp index
> af87535..bb14b41 100644 ---
> a/manifests/nodes/packages01.dev.fedoraproject.org.pp +++
> b/manifests/nodes/packages01.dev.fedoraproject.org.pp @@ -6,6 +6,8 @@
> node "packages01.dev" { include httpd::mod_wsgi
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 6996 ]
> + tcpPorts => [ 80, 443, 6996 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
> }
> diff --git a/manifests/nodes/packages01.phx2.fedoraproject.org.pp
> b/manifests/nodes/packages01.phx2.fedoraproject.org.pp index
> 39d9036..691c5ed 100644 ---
> a/manifests/nodes/packages01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/packages01.phx2.fedoraproject.org.pp @@ -26,7 +26,9
> @@ node "packages01" { }
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 6996 ]
> + tcpPorts => [ 80, 443, 6996 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> glusterfs::server::config { packages:
> diff --git a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp
> b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp index
> b0c2b9d..f96a4bd 100644 ---
> a/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/packages01.stg.phx2.fedoraproject.org.pp @@ -25,6
> +25,8 @@ node "packages01.stg" { netmask => '255.255.255.0',
> }
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 6996 ]
> + tcpPorts => [ 80, 443, 6996 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
> }
> diff --git a/manifests/nodes/packages02.phx2.fedoraproject.org.pp
> b/manifests/nodes/packages02.phx2.fedoraproject.org.pp index
> f6a5441..a66358b 100644 ---
> a/manifests/nodes/packages02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/packages02.phx2.fedoraproject.org.pp @@ -24,7 +24,9
> @@ node "packages02" { }
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 6996 ]
> + tcpPorts => [ 80, 443, 6996 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> glusterfs::server::config { packages:
> diff --git a/manifests/nodes/paste01.phx2.fedoraproject.org.pp
> b/manifests/nodes/paste01.phx2.fedoraproject.org.pp index
> 7708415..30d83e6 100644 ---
> a/manifests/nodes/paste01.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/paste01.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "paste01.phx2.fedoraproject.org" { collectd::collectd
> { 'log02': }
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 8888 ]
> + tcpPorts => [ 80, 443, 8888 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> selboolean { [
> diff --git a/manifests/nodes/paste01.stg.fedoraproject.org.pp
> b/manifests/nodes/paste01.stg.fedoraproject.org.pp index
> fa05ef1..ad861b5 100644 ---
> a/manifests/nodes/paste01.stg.fedoraproject.org.pp +++
> b/manifests/nodes/paste01.stg.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "paste01.stg.phx2.fedoraproject.org" { include sticky-notes
>
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 8888 ]
> + tcpPorts => [ 80, 443, 8888 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> selboolean { [
> diff --git a/manifests/nodes/paste02.phx2.fedoraproject.org.pp
> b/manifests/nodes/paste02.phx2.fedoraproject.org.pp index
> 091e894..14d694c 100644 ---
> a/manifests/nodes/paste02.phx2.fedoraproject.org.pp +++
> b/manifests/nodes/paste02.phx2.fedoraproject.org.pp @@ -9,7 +9,9 @@
> node "paste02.phx2.fedoraproject.org" { collectd::collectd
> { 'log02': }
> iptables::firewall { 'ipv4':
> - tcpPorts => [ 80, 443, 8888 ]
> + tcpPorts => [ 80, 443, 8888 ],
> + custom => [ "-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873
> -j ACCEPT",
> + ]
> }
>
> selboolean { [
> diff --git a/modules/askbot/manifests/init.pp
> b/modules/askbot/manifests/init.pp index 50bb7d2..98afdb0 100644
> --- a/modules/askbot/manifests/init.pp
> +++ b/modules/askbot/manifests/init.pp
> @@ -1,5 +1,6 @@
> class askbot {
> include httpd::mod_wsgi
> + include rsync::server
>
> package { "askbot":
> ensure => installed,
> diff --git a/modules/blockerbugs/manifests/init.pp
> b/modules/blockerbugs/manifests/init.pp index c841ab4..2636819 100644
> --- a/modules/blockerbugs/manifests/init.pp
> +++ b/modules/blockerbugs/manifests/init.pp
> @@ -19,6 +19,7 @@ class blockerbugs::app {
>
> include httpd::mod_wsgi
> include mod_ssl
> + include rsync::server
>
> selboolean { [
> "httpd_can_network_connect_db",
> diff --git a/modules/datagrepper/manifests/init.pp
> b/modules/datagrepper/manifests/init.pp index afc9b78..bbd10bc 100644
> --- a/modules/datagrepper/manifests/init.pp
> +++ b/modules/datagrepper/manifests/init.pp
> @@ -19,6 +19,7 @@ class datagrepper::app {
> include httpd::mod_wsgi
> include httpd::mod_ssl
> include fedmsg::config
> + include rsync::server
>
> package { "datagrepper":
> ensure => present,
> diff --git a/modules/fas-openid/manifests/init.pp
> b/modules/fas-openid/manifests/init.pp index 7c48d0d..3409781 100644
> --- a/modules/fas-openid/manifests/init.pp
> +++ b/modules/fas-openid/manifests/init.pp
> @@ -3,6 +3,7 @@ class fas-openid {
> include httpd::mod_ssl
> include httpd::mod_wsgi
> include hotfix::python-openid
> + include rsync::server
>
> selboolean { [
> "httpd_can_network_connect_db",
> diff --git a/modules/fedocal/manifests/init.pp
> b/modules/fedocal/manifests/init.pp index 6854c24..31809e5 100644
> --- a/modules/fedocal/manifests/init.pp
> +++ b/modules/fedocal/manifests/init.pp
> @@ -2,6 +2,7 @@ class fedocal {
> include selinux-enforcing
> include httpd::mod_ssl
> include httpd::mod_wsgi
> + include rsync::server
>
> selboolean { [
> "httpd_can_network_connect_db",
> diff --git a/modules/packages/manifests/init.pp
> b/modules/packages/manifests/init.pp index ede4331..7b211a7 100644
> --- a/modules/packages/manifests/init.pp
> +++ b/modules/packages/manifests/init.pp
> @@ -35,6 +35,7 @@ class fedoracommunity::tagger {
> include httpd::mod_wsgi
> include httpd::mod_ssl
> include fedmsg::config
> + include rsync::server
> fedmsg::certificate { "fedoratagger":
> service => "fedoratagger",
> group => "fedoratagger",
> diff --git a/modules/sticky-notes/manifests/init.pp
> b/modules/sticky-notes/manifests/init.pp index ed78bf2..6fd8f71 100644
> --- a/modules/sticky-notes/manifests/init.pp
> +++ b/modules/sticky-notes/manifests/init.pp
> @@ -1,6 +1,7 @@
> class sticky-notes {
> include httpd::base
> include httpd::php
> + include rsync::server
>
> package { "sticky-notes":
> ensure => installed,
+1
-sv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130514/4ad1cd94/attachment-0001.sig>
More information about the infrastructure
mailing list