[0;32minfo: Retrieving plugin[0m
[0;32minfo: Loading facts in location[0m
[0;32minfo: Loading facts in datacenter[0m
[0;32minfo: Loading facts in distrorelease[0m
[0;32minfo: Loading facts in libdir[0m
[0;32minfo: Loading facts in pythonsitelib[0m
[0;32minfo: Loading facts in location[0m
[0;32minfo: Loading facts in datacenter[0m
[0;32minfo: Loading facts in distrorelease[0m
[0;32minfo: Loading facts in libdir[0m
[0;32minfo: Loading facts in pythonsitelib[0m
[0;32minfo: Caching catalog for proxy01.stg.phx2.fedoraproject.org[0m
[0;32minfo: Applying configuration version '1328047414'[0m
[0;36mnotice: /Stage[main]/Audit::Auditd/Service[auditd]/ensure: current_value running, should be stopped (noop)[0m
--- /etc/httpd/conf.d/admin.fedoraproject.org.conf 2012-01-27 21:08:39.346061491 +0000
+++ /tmp/puppet-file20120131-4087-1vg286n-0 2012-01-31 22:12:34.373749659 +0000
@@ -4,8 +4,7 @@
ServerAdmin webmaster@fedoraproject.org
TraceEnable Off
- RewriteEngine On
- RewriteRule .* https://%{SERVER_NAME}/ [R=301,L]
+ Redirect 301 / https://admin.fedoraproject.org/
[0;36mnotice: /File[/etc/httpd/conf.d/admin.fedoraproject.org.conf]/content: current_value {md5}24c44383f730e7b9161490d28c2790c8, should be {md5}de2c8f167d08776f6343e4b6a82b490d (noop)[0m
[0;32minfo: /File[/etc/httpd/conf.d/admin.fedoraproject.org.conf]: Scheduling refresh of Service[httpd][0m
--- /etc/httpd/conf.d/community.dev.fedoraproject.org.conf 2012-01-27 21:40:18.213973894 +0000
+++ /tmp/puppet-file20120131-4087-1bi3shp-0 2012-01-31 22:12:34.674001377 +0000
@@ -3,8 +3,7 @@
ServerAdmin webmaster@fedoraproject.org
TraceEnable Off
- RewriteEngine On
- RewriteRule .* https://%{SERVER_NAME}/ [R=301,L]
+ Redirect 301 / https://community.dev.fedoraproject.org/
[0;36mnotice: /File[/etc/httpd/conf.d/community.dev.fedoraproject.org.conf]/content: current_value {md5}f3a612a9ed8f19ec02c171a065585554, should be {md5}aca77ba97e42cdcb7ac91b9ce914e32d (noop)[0m
[0;32minfo: /File[/etc/httpd/conf.d/community.dev.fedoraproject.org.conf]: Scheduling refresh of Service[httpd][0m
--- /etc/httpd/conf.d/admin.fedoraproject.org/zarafa.conf 2012-01-27 21:08:40.682313261 +0000
+++ /tmp/puppet-file20120131-4087-xn9izr-0 2012-01-31 22:12:35.743000874 +0000
@@ -9,3 +9,4 @@
ProxyPass /caldav http://localhost:6081/caldav
ProxyPassReverse /caldav http://localhost:6081/caldav
+
[0;36mnotice: /File[/etc/httpd/conf.d/admin.fedoraproject.org/zarafa.conf]/content: current_value {md5}707f5b69806a94d40aa8a7603cdef896, should be {md5}c0502c3b6e24be6db6898c609868a4cf (noop)[0m
[0;32minfo: /File[/etc/httpd/conf.d/admin.fedoraproject.org/zarafa.conf]: Scheduling refresh of Service[httpd][0m
--- /etc/httpd/conf.d/translate.fedoraproject.org.conf 2012-01-27 21:08:39.823310778 +0000
+++ /tmp/puppet-file20120131-4087-1t9ka6c-0 2012-01-31 22:12:36.161751331 +0000
@@ -4,8 +4,7 @@
ServerAdmin webmaster@fedoraproject.org
TraceEnable Off
- RewriteEngine On
- RewriteRule .* https://%{SERVER_NAME}/ [R=301,L]
+ Redirect 301 / https://translate.fedoraproject.org/
[0;36mnotice: /File[/etc/httpd/conf.d/translate.fedoraproject.org.conf]/content: current_value {md5}6c000cbf4e7030071c6c3e866b4e43ee, should be {md5}e7024f53e474c85f9ee2afd188e5df1c (noop)[0m
[0;32minfo: /File[/etc/httpd/conf.d/translate.fedoraproject.org.conf]: Scheduling refresh of Service[httpd][0m
[0;36mnotice: /Stage[main]/Phx/Host[admin.fedoraproject.org]/ip: current_value 10.5.126.89, should be 10.5.126.52 (noop)[0m
--- /etc/varnish/default.vcl 2012-01-27 21:42:25.429916406 +0000
+++ /tmp/puppet-file20120131-4087-xit9kx-0 2012-01-31 22:12:41.710040011 +0000
@@ -21,46 +21,9 @@
.first_byte_timeout = 90s;
}
-backend fas01 {
- .host = "fas01";
- .port = "http";
- .probe = {
- .url = "/accounts/";
- .interval = 5s;
- .timeout = 5s;
- .window = 5;
- .threshold = 5;
- }
-}
-
-backend fas02 {
- .host = "fas02";
- .port = "http";
- .probe = {
- .url = "/accounts/";
- .interval = 5s;
- .timeout = 5s;
- .window = 5;
- .threshold = 5;
- }
-}
-
-backend fas03 {
- .host = "fas03";
- .port = "http";
- .probe = {
- .url = "/accounts/";
- .interval = 5s;
- .timeout = 5s;
- .window = 5;
- .threshold = 5;
- }
-}
-
-director fas round-robin {
- { .backend = fas01; }
- { .backend = fas02; }
- { .backend = fas03; }
+backend fas {
+ .host = "localhost";
+ .port = "10004";
}
backend raffle {
[0;36mnotice: /File[/etc/varnish/default.vcl]/content: current_value {md5}f54d849b0b374efebb54e5f82301df20, should be {md5}0dc634623cd9eb9f55ae5d177487afbd (noop)[0m
[0;32minfo: /File[/etc/varnish/default.vcl]: Scheduling refresh of Service[varnish][0m
[0;36mnotice: /Stage[main]/Proxy/Varnish::Varnish[proxy-el6.vcl]/Service[varnish]: Would have triggered 'refresh' from 1 events[0m
[0;36mnotice: /Stage[main]/Global/Exec[/usr/local/bin/make-motd.sh]/returns: current_value notrun, should be 0 (noop)[0m
[0;36mnotice: /Stage[main]/Phx/Host[pkgs.fedoraproject.org]/ip: current_value 10.5.126.83, should be 10.5.125.44 (noop)[0m
[0;36mnotice: /Stage[main]/Phx/Host[pkgs.fedoraproject.org]/host_aliases: current_value pkgs pkgs01, should be pkgs (noop)[0m
--- /etc/haproxy/haproxy.cfg 2012-01-27 21:08:25.378056059 +0000
+++ /tmp/puppet-file20120131-4087-1kjdgbz-0 2012-01-31 22:12:53.846771182 +0000
@@ -33,12 +33,12 @@
listen fp-wiki 0.0.0.0:10001
balance hdr(appserver)
- #server app1 app1:80 check inter 15s rise 2 fall 5
+ server app1 app1:80 check inter 15s rise 2 fall 5
server app2 app2:80 check inter 15s rise 2 fall 5
- #server app3 app3:80 check inter 15s rise 2 fall 5
- #server app4 app4:80 check inter 15s rise 2 fall 5
- #server app7 app7:80 check inter 15s rise 2 fall 5
- #server bapp1 bapp1:80 backup check inter 15s rise 2 fall 5
+ server app3 app3:80 check inter 15s rise 2 fall 5
+ server app4 app4:80 check inter 15s rise 2 fall 5
+ server app7 app7:80 check inter 15s rise 2 fall 5
+ server bapp1 bapp1:80 backup check inter 15s rise 2 fall 5
option httpchk GET /wiki/Main_Page
listen mirror-lists 0.0.0.0:10002
@@ -147,6 +147,9 @@
server app7 app7:80 check inter 60s rise 2 fall 3
server bapp1 bapp1:80 backup check inter 60s rise 2 fall 3
option httpchk GET /freemedia/FreeMedia-form.html
+#
+# community needs rhel5 app servers currently.
+#
listen community 0.0.0.0:10012
balance hdr(appserver)
@@ -158,7 +161,7 @@
server app6 app6:80 backup check inter 15s rise 2 fall 3
server app7 app7:80 check inter 10s rise 2 fall 3
server bapp1 bapp1:80 backup check inter 5s rise 2 fall 3
- option httpchk GET /community/s
+ option httpchk GET /community/search
listen smolt-wiki 0.0.0.0:10014
balance hdr(appserver)
[0;36mnotice: /File[/etc/haproxy/haproxy.cfg]/content: current_value {md5}fe81b8c8c75d3dfabed62b0018facaad, should be {md5}33c2bc0debf2f61e5a36f2c4435fbca3 (noop)[0m
[0;32minfo: /File[/etc/haproxy/haproxy.cfg]: Scheduling refresh of Service[haproxy][0m
[0;36mnotice: /Stage[main]/Haproxy::Server/Service[haproxy]: Would have triggered 'refresh' from 1 events[0m
[0;36mnotice: /Stage[main]/Phx/Host[koji.fedoraproject.org]/ip: current_value 10.5.126.87, should be 10.5.125.63 (noop)[0m
--- /etc/httpd/conf.d/admin.fedoraproject.org/fedoracommunity.conf 2012-01-27 21:09:48.680308710 +0000
+++ /tmp/puppet-file20120131-4087-1qylx59-0 2012-01-31 22:12:59.940751282 +0000
@@ -1,2 +1,2 @@
-ProxyPass /community http://localhost:10012/packages
-ProxyPassReverse /community http://localhost:10012/packages
+ProxyPass /community http://localhost:10012/community
+ProxyPassReverse /community http://localhost:10012/community
[0;36mnotice: /File[/etc/httpd/conf.d/admin.fedoraproject.org/fedoracommunity.conf]/content: current_value {md5}a27859418341a262585b9749d4bed34e, should be {md5}123165165e242432bfba18829df58415 (noop)[0m
[0;32minfo: /File[/etc/httpd/conf.d/admin.fedoraproject.org/fedoracommunity.conf]: Scheduling refresh of Service[httpd][0m
[0;36mnotice: /Stage[main]/Httpd::Base/Service[httpd]: Would have triggered 'refresh' from 5 events[0m
--- /etc/sysconfig/iptables 2012-01-27 21:40:37.590723016 +0000
+++ /tmp/puppet-file20120131-4087-wtuse8-0 2012-01-31 22:13:03.098998394 +0000
@@ -11,7 +11,6 @@
:PREROUTING ACCEPT []
:OUTPUT ACCEPT []
COMMIT
-#staging iptables
*filter
:INPUT DROP []
:FORWARD ACCEPT []
@@ -37,9 +36,93 @@
# exceptions being for infrastructure.fp.o (for packages) and admin.fp.o
# for accounts
-# allow staging to connect to bastion via smtp
+
+# Temporary measure for ro access to nfs1
+# source app1.stg
+-A INPUT -p tcp -m tcp -s 10.5.126.81 --dport 48621:48624 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.81 --dport 48621:48624 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.81 --dport 2049 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.81 --dport 2049 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.81 --dport 111 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.81 --dport 111 -j ACCEPT
+
+# source app2.stg
+-A INPUT -p tcp -m tcp -s 10.5.126.82 --dport 48621:48624 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.82 --dport 48621:48624 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.82 --dport 2049 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.82 --dport 2049 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.82 --dport 111 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.82 --dport 111 -j ACCEPT
+
+# source koji1.stg
+-A INPUT -p tcp -m tcp -s 10.5.126.87 --dport 48621:48624 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.87 --dport 48621:48624 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.87 --dport 2049 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.87 --dport 2049 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.87 --dport 111 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.87 --dport 111 -j ACCEPT
+
+# source releng1.stg
+-A INPUT -p tcp -m tcp -s 10.5.126.90 --dport 48621:48624 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.90 --dport 48621:48624 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.90 --dport 2049 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.90 --dport 2049 -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.5.126.90 --dport 111 -j ACCEPT
+-A INPUT -p udp -m udp -s 10.5.126.90 --dport 111 -j ACCEPT
+
+# infrastucture.fp.o
+# proxy1
+-A INPUT -p tcp -m tcp -d 10.5.126.52 --dport 80 -j ACCEPT
+# proxy2.stg
+-A INPUT -p tcp -m tcp -d 10.5.126.89 --dport 80 -j ACCEPT
+
+# kojipkgs
+-A INPUT -p tcp -m tcp -d 10.5.125.36 --dport 80 -j ACCEPT
+
+# admin.fp.o
+# puppet1
+-A INPUT -p tcp -m tcp -d 10.5.126.23 --dport 8140 -j ACCEPT
+-A INPUT -p tcp -m tcp -d 10.5.126.23 --dport 873 -j ACCEPT
+-A INPUT -p tcp -m tcp -d 10.5.126.23 --dport 80 -j ACCEPT
+#-A INPUT -p tcp -m tcp -d 10.5.126.23 --dport 51234:51235 -j ACCEPT
+
+# DNS
+-A INPUT -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
+-A INPUT -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
+
+# bastion
-A INPUT -p tcp -m tcp -d 10.5.126.12 --dport 25 -j ACCEPT
+# Func and staging bits
+-A INPUT -s 10.5.126.81 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+-A INPUT -s 10.5.126.82 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+# proxy1.stg
+-A INPUT -s 10.5.126.88 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+# db1.stg
+-A INPUT -s 10.5.126.84 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+-A INPUT -s 10.5.126.87 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+-A INPUT -s 10.5.126.90 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+-A INPUT -s 10.5.126.91 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+-A INPUT -s 10.5.126.92 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+# cvs.stg
+-A INPUT -s 10.5.126.83 -p tcp -m tcp --dport 51234:51235 -j ACCEPT
+
+# Allow staging to talk to log02.
+-A INPUT -p tcp -m tcp -d 10.5.126.29 --dport 514 -j ACCEPT
+
+# Ban staging on non-staging hosts only.
+
+# Ban staging with fire.
+#-A INPUT -s 10.5.126.81 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.82 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.88 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.84 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.87 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.90 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.91 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.92 -j REJECT --reject-with icmp-host-prohibited
+#-A INPUT -s 10.5.126.83 -j REJECT --reject-with icmp-host-prohibited
+
# SSH
[0;36mnotice: /File[/etc/sysconfig/iptables]/content: current_value {md5}54e9a05eb1e0b270ff728a02febb5ae3, should be {md5}eb89d374d1d5e3c5712c8bc4c93d13f3 (noop)[0m
[0;32minfo: /File[/etc/sysconfig/iptables]: Scheduling refresh of Service[iptables][0m
[0;36mnotice: /Stage[main]/Proxy/Iptables::Firewall[ipv4]/Service[iptables]: Would have triggered 'refresh' from 1 events[0m
[0;36mnotice: Finished catalog run in 33.95 seconds[0m