summaryrefslogtreecommitdiff
path: root/firewall.yaml
Commit message (Collapse)AuthorAgeFilesLines
* Remove obsolete filesPedro Alvarez2021-09-201-250/+0
|
* Create sercurity group for Gitlab IRC botPedro Alvarez2017-11-061-0/+16
|
* firewall: Add rules for haste serverPedro Alvarez2017-10-241-0/+16
|
* firewall: Allow morph-cache-server traffic on port 8080sam/git.baserock.org-port-8080Sam Thursfield2017-10-241-0/+10
| | | | This is still really useful to speed up YBD builds.
* firewall: Remove obsolete security groupsSam Thursfield2017-10-231-99/+1
|
* firewall.yml: Open morph-cache-server port on git-server security groupSam Thursfield2017-07-131-1/+11
| | | | | | This is used by YBD for resolving remote Git commit SHA1s to tree SHA1s. Previously the port was opened by the shared-artifact-cache security group, but it no longer is.
* Add ostree.baserock.org systemSam Thursfield2017-07-131-28/+7
| | | | | | | | | | | | | This is a new instance that can be used as an artifact cache by the BuildStream build tool. Anyone can download artifacts over HTTPS. Those given SSH access to the machine can write to the artifact cache (this will likely be limited to automated build machines). DNS is now set to point cache.baserock.org and ostree.baserock.org to the HAProxy frontend. The SSL certificate for the frontend-haproxy system has been regenerated to include the cache.baserock.org and ostree.baserock.org domains.
* firewall.yml: Update to use OpenStack modules from Ansible 2.0Sam Thursfield2017-07-131-346/+260
| | | | Previously we depended on 3rd party openstack-ansible-modules.
* Add 'internal-only' security groupSam Thursfield2015-05-121-0/+50
| | | | | | | | | | | | This can be used instead of 'default' where you want to prevent a system from connecting to the outside world. I have switched mason-x86-32.baserock.org and mason-x86-64.baserock.org to use this security group instead of 'default', so that they will fail to build anything that tries to fetch source code from places other than git.baserock.org. Change-Id: I63cb398bff63ff1e381d4903311a9eb63678ffd8
* firewall: Allow internal machines to use the Masons as distbuild controllersSam Thursfield2015-05-081-0/+11
| | | | Change-Id: I84ddf212a615d26aa94fbfd85437be308eed4a84
* Add simple mail relay instanceSam Thursfield2015-03-261-0/+20
| | | | | | This is a Fedora Cloud 21 instance running exim4, for the moment. Change-Id: I6298a134bb474c65dd57a1bda87469dc3cd88441
* firewall: Add a security group for x86 MasonsSam Thursfield2015-03-111-13/+43
| | | | | We need to open port 8080 for cache.baserock.org, so it can fetch artifacts from them. This was causing the Masons to fail to build.
* firewall: Allow outgoing ICMPSam Thursfield2015-03-101-0/+7
| | | | Now instances can use 'ping'!
* firewall: Fix rule for Gerrit SSH portSam Thursfield2015-03-091-2/+2
|
* Add initial firewall rulesSam Thursfield2015-03-091-0/+285
In the form of ... an Ansible playbook! Requires https://github.com/openstack-ansible/openstack-ansible-modules
View Lorry Controller Status