diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-12 16:35:34 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-12 21:05:14 +0100 |
commit | cedd6a3e354d8dd032568bb42e0ad0973608afee (patch) | |
tree | cb74d024288d46bcf6807fa2fe81cfbfc24a1c10 /firewall.yaml | |
parent | d24309fcd82d5abe399ef1cb6b46e6e1802206b8 (diff) | |
download | infrastructure-cedd6a3e354d8dd032568bb42e0ad0973608afee.tar.gz |
README.mdwn: Remove Masons
These are obsolete, see:
https://listmaster.pepperfish.net/pipermail/baserock-dev-baserock.org/2017-January/013765.html
Diffstat (limited to 'firewall.yaml')
-rw-r--r-- | firewall.yaml | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/firewall.yaml b/firewall.yaml index 64c9200c..6556a986 100644 --- a/firewall.yaml +++ b/firewall.yaml @@ -268,60 +268,6 @@ protocol: tcp remote_ip_prefix: 192.168.222.0/24 - - name: Mason x86 security group - neutron_sec_group: - name: mason-x86 - description: Allow inbound HTTP and HTTPS, and cache server fetches from port 8080. - state: present - - auth_url: "{{ ansible_env.OS_AUTH_URL }}" - login_username: "{{ ansible_env.OS_USERNAME }}" - login_password: "{{ ansible_env.OS_PASSWORD }}" - login_tenant_name: "{{ ansible_env.OS_TENANT_NAME }}" - - rules: - # 80: HTTP - - direction: ingress - port_range_min: 80 - port_range_max: 80 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - # 443: HTTPS - - direction: ingress - port_range_min: 443 - port_range_max: 443 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - # 7878: morph distbuild controller port. This rule allows a devel - # system inside the Baserock cloud to use the Mason instances for - # distbuilding, which is useful when building a Baserock release - # among other things. - - direction: ingress - port_range_min: 7878 - port_range_max: 7878 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 192.168.222.0/24 - - # 8080: morph-cache-server server port. The x86 Masons use - # cache.baserock.org as the cache server for their distbuild - # networks. So cache.baserock.org needs to be able to connect to - # them on this port to fetch artifacts. - - direction: ingress - port_range_min: 8080 - port_range_max: 8080 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 185.43.218.0/0 - # It'd be nice to limit access by security group, but it doesn't - # seem to actually work. Perhaps because we use external IP to - # access instead of internal IP. - #remote_group_id: "{{ default_group.sec_group.id }}" - - name: shared-artifact-cache security group neutron_sec_group: name: shared-artifact-cache |