From 8d76a7cd99af416c69b2031d94ef6c2786e02b46 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 11 Aug 2021 07:27:55 -0700 Subject: [PATCH] Test port 9001 on eavesdrop We merged change I9459e47ecfd19b27b7adcaee9ce91f80d51c124d which should have opened this port but did not. Add testing for it. Remove eavesdrop from webservers group This was overridding the custom iptables ports that were being set in the eavesdrop group vars file. There appears to be no other use for the webservers group. Change-Id: I7109f1472176ff39482f9bdfc8462e5f525f791c --- inventory/service/group_vars/eavesdrop.yaml | 1 + inventory/service/groups.yaml | 2 +- testinfra/test_eavesdrop.py | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/inventory/service/group_vars/eavesdrop.yaml b/inventory/service/group_vars/eavesdrop.yaml index 91a2d1047b..c3b558a47c 100644 --- a/inventory/service/group_vars/eavesdrop.yaml +++ b/inventory/service/group_vars/eavesdrop.yaml @@ -1,5 +1,6 @@ iptables_extra_public_tcp_ports: - 80 + - 443 - 9001 # When changing this number, also update the default in playbooks/roles/matrix-gerritbot/defaults/main.yaml zuul_user_authorized_key: | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcXd/QJDEprSLh6N6bULnhchf9M+uzYBEJ2b51Au67FON+5M6VEj5Ut+DlkEPhabOP+tSv9Cn1HpmpBjdEOXdmBj6JS7G/gBb4w28oZDyNjrPT2ebpRw/XnVEkGfikR2J+j3o7CV+ybhLDalXm2TUDReVXnONUq3YzZbjRzoYs0xxrxyss47vZP0xFpsAt9jCMAJW2k6H589VUY38k9LFyhZUZ72FB6eJ68B9GN0TimBYm2DqvupBGQrRhkP8OZ0WoBV8PulKXaHVFdmfBNHB7E7FLlZKuiM6nkV4bOWMGOB/TF++wXBK86t9po3pWCM7+kr72xGRTE+6LuZ2z1K+h zuul-system-config-20180924 diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index 088b367e37..2afc3087d1 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -192,7 +192,7 @@ groups: webservers: - cacti[0-9]*.open*.org - codesearch[0-9]*.opendev.org - - eavesdrop[0-9]*.open*.org + # eavesdrop has its own group with custom ports - ethercalc[0-9]*.open*.org - etherpad[0-9]*.open*.org - grafana[0-9]*.opendev.org diff --git a/testinfra/test_eavesdrop.py b/testinfra/test_eavesdrop.py index f6f691e1a2..a1ce9ebdae 100644 --- a/testinfra/test_eavesdrop.py +++ b/testinfra/test_eavesdrop.py @@ -23,6 +23,9 @@ def test_eavesdrop(host): web = ('-A openstack-INPUT -p tcp -m state --state NEW' ' -m tcp --dport 80 -j ACCEPT') assert web in rules + gerritbot_matrix_prom = ('-A openstack-INPUT -p tcp -m state --state NEW' + ' -m tcp --dport 9001 -j ACCEPT') + assert gerritbot_matrix_prom in rules def test_gerritbot_logs(host):