We recently setup a new compose-x86-01 instance and retired the old compose-x86-02 one. However, I failed to update the iptables rules on the koji builders allowing them to talk to compose-x86-01.
This breaks composes of cloud images at least and likely other things related to the release.
+1s to apply and run buildvm:buildhw playbooks?
kevin -- diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index ab4a6ec..ef2f967 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -31,9 +31,9 @@ -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 443 -j ACCEPT
-# compose-x86-02.fp.o --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 80 -j ACCEPT --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 443 -j ACCEPT +# compose-x86-01.fp.o +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 80 -j ACCEPT +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 443 -j ACCEPT
# DNS -A OUTPUT -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
+1
On Sat, 4 Apr 2015 at 09:37 Kevin Fenzi kevin@scrye.com wrote:
We recently setup a new compose-x86-01 instance and retired the old compose-x86-02 one. However, I failed to update the iptables rules on the koji builders allowing them to talk to compose-x86-01.
This breaks composes of cloud images at least and likely other things related to the release.
+1s to apply and run buildvm:buildhw playbooks?
kevin
diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index ab4a6ec..ef2f967 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -31,9 +31,9 @@ -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 443 -j ACCEPT
-# compose-x86-02.fp.o --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 80 -j ACCEPT --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 443 -j ACCEPT +# compose-x86-01.fp.o +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 80 -j ACCEPT +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 443 -j ACCEPT
# DNS -A OUTPUT -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Sat, Apr 04, 2015 at 07:37:38AM -0600, Kevin Fenzi wrote:
We recently setup a new compose-x86-01 instance and retired the old compose-x86-02 one. However, I failed to update the iptables rules on the koji builders allowing them to talk to compose-x86-01.
This breaks composes of cloud images at least and likely other things related to the release.
+1s to apply and run buildvm:buildhw playbooks?
kevin
diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index ab4a6ec..ef2f967 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -31,9 +31,9 @@ -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 443 -j ACCEPT
-# compose-x86-02.fp.o --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 80 -j ACCEPT --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 443 -j ACCEPT +# compose-x86-01.fp.o +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 80 -j ACCEPT +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 443 -j ACCEPT
+1 for me
Pierre
+1, lgtm.
-Ricky
On 04/04/2015 12:25 PM, Pierre-Yves Chibon wrote:
On Sat, Apr 04, 2015 at 07:37:38AM -0600, Kevin Fenzi wrote:
We recently setup a new compose-x86-01 instance and retired the old compose-x86-02 one. However, I failed to update the iptables rules on the koji builders allowing them to talk to compose-x86-01.
This breaks composes of cloud images at least and likely other things related to the release.
+1s to apply and run buildvm:buildhw playbooks?
kevin
diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index ab4a6ec..ef2f967 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -31,9 +31,9 @@ -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 443 -j ACCEPT
-# compose-x86-02.fp.o --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 80 -j ACCEPT --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 443 -j ACCEPT +# compose-x86-01.fp.o +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 80 -j ACCEPT +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 443 -j ACCEPT
+1 for me
Pierre
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Saturday, April 04, 2015 05:32:42 PM Ricky Elrod wrote:
+1, lgtm.
-Ricky
On 04/04/2015 12:25 PM, Pierre-Yves Chibon wrote:
On Sat, Apr 04, 2015 at 07:37:38AM -0600, Kevin Fenzi wrote:
We recently setup a new compose-x86-01 instance and retired the old compose-x86-02 one. However, I failed to update the iptables rules on the koji builders allowing them to talk to compose-x86-01.
This breaks composes of cloud images at least and likely other things related to the release.
+1s to apply and run buildvm:buildhw playbooks?
kevin
diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index ab4a6ec..ef2f967 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -31,9 +31,9 @@
-A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 443 -j ACCEPT
-# compose-x86-02.fp.o --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 80 -j ACCEPT --A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 443 -j ACCEPT +# compose-x86-01.fp.o +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 80 -j ACCEPT +-A OUTPUT -p tcp -m tcp -d 10.5.125.41 --dport 443 -j ACCEPT
+1 for me
Pierre
I applied a slightly different version of the patch. I added compose-x86-01 while still allowing compose-x86-02 as I am planning to bring up a rawhide host at compose-x86-02 to enable testing of the new pungi
Dennis
infrastructure@lists.fedoraproject.org