How to open port?
Kevin Fenzi
kevin at scrye.com
Mon Feb 2 15:10:24 UTC 2015
On Mon, 02 Feb 2015 15:59:15 +0100
Miroslav Suchý <msuchy at redhat.com> wrote:
> How do we open ports in ansible today?
>
> I want to open port 5672 for 172.24.0.10/24. Currently it is open
> only to:
>
> [root at fed-cloud09 ~]# iptables-save |grep 5672
> -A INPUT -s 209.132.184.9/32 -p tcp -m multiport --dports 5671,5672
> -m comment --comment "001 amqp incoming amqp_209.132.184.9" -j ACCEPT
>
> So I done this change:
>
> diff --git a/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> index 2559de1..4a96e81 100644
> --- a/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> +++ b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org
> @@ -1,2 +1,3 @@
> ---
> root_auth_users: msuchy
> +tcp_ports: [ 80, 443, 5672 ]
>
> But it have no effect (yes, I run the playbook again).
> What is our best practice now and where I made mistake?
The issue is that that is set in the 'base' role, but we didn't add
that to the fed-cloud09 box.
I didn't add it because there's a few things that wouldn't work there.
For example, rsyslog logging to our central logging host (it works for
our other machines because they are in phx2 or on our vpn, but we don't
want the cloud machines on the vpn).
So, the two options are:
we could add the base role and tweak it to not do things on cloud that
won't work there.
Or
Just copy paste the iptables section from base role and adjust the path
to the iptables templates
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20150202/99f6e868/attachment.sig>
More information about the infrastructure
mailing list