From c689253523fd0fb3d1e6367f71515538431c22f9 Mon Sep 17 00:00:00 2001 From: Francis Kayiwa Date: Wed, 18 Dec 2024 14:13:59 -0500 Subject: [PATCH 1/2] use sandboxes for ufw work we will use sandboxes for our ufw experiments this makes abid staging stay up --- playbooks/abid.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/abid.yml b/playbooks/abid.yml index 2ef507c824..f25b9e8fa5 100644 --- a/playbooks/abid.yml +++ b/playbooks/abid.yml @@ -10,8 +10,6 @@ - ../group_vars/abid/{{ runtime_env | default('staging') }}.yml - ../group_vars/abid/vault.yml roles: - - role: roles/ufw_firewall - when: runtime_env == "staging" - role: roles/abid post_tasks: From 5714ba1966368b2d2e871cd08afb67be3faf5246 Mon Sep 17 00:00:00 2001 From: Francis Kayiwa Date: Wed, 18 Dec 2024 16:16:07 -0500 Subject: [PATCH 2/2] remove the ufw rules for abid --- group_vars/abid/staging.yml | 36 ------------------------------------ 1 file changed, 36 deletions(-) diff --git a/group_vars/abid/staging.yml b/group_vars/abid/staging.yml index 0c770383f2..f2a17efc7c 100644 --- a/group_vars/abid/staging.yml +++ b/group_vars/abid/staging.yml @@ -1,41 +1,5 @@ --- # firewall -ufw_firewall_rules: -# ssh - - protocol: tcp - source: 10.249.64.0/18 - port: 22 - action: ACCEPT - - protocol: tcp - source: 10.249.0.0/18 - port: 22 - action: ACCEPT - - protocol: tcp - source: 128.112.0.0/16 - port: 22 - action: ACCEPT - - protocol: tcp - source: 172.20.95.0/24 - port: 22 - action: ACCEPT - - protocol: tcp - source: 172.20.192.0/19 - port: 22 - action: ACCEPT -# http - - protocol: tcp - source: 128.112.200.0/21 - port: 80 - action: ACCEPT - - protocol: tcp - source: 128.112.0.0/16 - port: 80 - action: ACCEPT - - protocol: tcp - source: 172.20.80.0/22 - port: 80 - action: ACCEPT -ufw_firewall_after_rules: [] postgres_host: "lib-postgres-staging1.princeton.edu" postgres_version: 15 postgresql_is_local: false