Fix iptables for fedmsg on fedimg hosts.

3 files changed, 12 insertions, 2 deletions

diff --git a/inventory/group_vars/fedimg b/inventory/group_vars/fedimg
index f19b65d5b..0e124c558 100644
--- a/inventory/group_vars/fedimg
+++ b/inventory/group_vars/fedimg
@@ -6,7 +6,11 @@ num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 
-tcp_ports: [ 3000 ]
+tcp_ports: [
+   # These are all for outgoing fedmsg.
+   3000, 3001, 3002, 3003, 3004, 3005, 3006,
+   3007, 3008, 3009, 3010, 3011, 3012, 3013,
+]
 
 # TODO, restrict this down to just sysadmin-releng
 fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg
diff --git a/inventory/group_vars/fedimg-stg b/inventory/group_vars/fedimg-stg
index f19b65d5b..0e124c558 100644
--- a/inventory/group_vars/fedimg-stg
+++ b/inventory/group_vars/fedimg-stg
@@ -6,7 +6,11 @@ num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 
-tcp_ports: [ 3000 ]
+tcp_ports: [
+   # These are all for outgoing fedmsg.
+   3000, 3001, 3002, 3003, 3004, 3005, 3006,
+   3007, 3008, 3009, 3010, 3011, 3012, 3013,
+]
 
 # TODO, restrict this down to just sysadmin-releng
 fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg
diff --git a/roles/fedmsg/base/templates/endpoints-fedimg.py.j2 b/roles/fedmsg/base/templates/endpoints-fedimg.py.j2
index 5a4fb9d4a..73b1b26a4 100644
--- a/roles/fedmsg/base/templates/endpoints-fedimg.py.j2
+++ b/roles/fedmsg/base/templates/endpoints-fedimg.py.j2
@@ -4,6 +4,8 @@ suffix  = 'stg.phx2.fedoraproject.org'
 suffix = 'phx2.fedoraproject.org'
 {% endif %}
 
+# REMEMBER -- if you change these, you need to also change the iptables rules in
+# inventory/groups/fedimg and inventory/groups/fedimsg-stg
 primary_threads = 4
 atomic_threads = 2
 NUM_FEDIMG_PORTS = 2 * ((primary_threads + atomic_threads) + 1)