Commit 1116a2f9 authored by Boxiang Sun's avatar Boxiang Sun

Update the playbook

parent 3312939a
...@@ -137,6 +137,29 @@ ...@@ -137,6 +137,29 @@
destination: github.com destination: github.com
jump: ACCEPT jump: ACCEPT
- name: Allow to access raw.githubusercontent.com ipv4
lineinfile:
line: "185.199.110.133 githubusercontent.com"
dest: /etc/hosts
- name: Allow to access raw.githubusercontent.com ipv4
iptables:
action: append
chain: OUTPUT
protocol: tcp
destination_port: 443
destination: githubusercontent.com
jump: ACCEPT
- name: Allow to access githubusercontent.com
iptables:
action: append
chain: OUTPUT
protocol: tcp
destination_port: 80
destination: githubusercontent.com
jump: ACCEPT
- name: Allow to access raw.githubusercontent.com ipv6 - name: Allow to access raw.githubusercontent.com ipv6
lineinfile: lineinfile:
line: "2606:50c0:8003::154 raw.githubusercontent.com" line: "2606:50c0:8003::154 raw.githubusercontent.com"
...@@ -173,6 +196,20 @@ ...@@ -173,6 +196,20 @@
line: "47.96.233.62 npmmirror.com" line: "47.96.233.62 npmmirror.com"
dest: /etc/hosts dest: /etc/hosts
- name: Allow to access cdn.npmmirror.com
lineinfile:
line: "8.25.82.226 cdn.npmmirror.com"
dest: /etc/hosts
- name: Allow to access cdn.npmmirror.com
iptables:
action: append
chain: OUTPUT
protocol: tcp
destination_port: 443
destination: cdn.npmmirror.com
jump: ACCEPT
# You can see I allowed the default npmmirror regsitry too # You can see I allowed the default npmmirror regsitry too
# This is because that is for the pure npm installation # This is because that is for the pure npm installation
# Grafana buildout will call yarn manually, which will call storage.googleapis.com first, # Grafana buildout will call yarn manually, which will call storage.googleapis.com first,
...@@ -235,6 +272,7 @@ ...@@ -235,6 +272,7 @@
destination_port: 80 destination_port: 80
destination: raw.githubusercontent.com destination: raw.githubusercontent.com
jump: ACCEPT jump: ACCEPT
- name: Allow to access goproxy.cn - name: Allow to access goproxy.cn
iptables: iptables:
action: append action: append
...@@ -334,6 +372,133 @@ ...@@ -334,6 +372,133 @@
destination: registry.npmjs.org destination: registry.npmjs.org
jump: ACCEPT jump: ACCEPT
# - name: This is an IP behinde the taobao npm registry...
# iptables:
# action: append
# chain: OUTPUT
# protocol: tcp
# destination_port: 443
# dst_range: 47.246.48.225-47.246.48.230
# jump: ACCEPT
- name: This is an IP behinde the taobao npm registry...
iptables:
action: append
chain: OUTPUT
protocol: tcp
destination_port: 443
destination: 8.48.85.1
jump: ACCEPT
- name: Allow to access metabase.com
lineinfile:
line: "185.199.108.153 metabase.com"
dest: /etc/hosts
- name: Allow to access metabase.com
iptables:
action: append
chain: OUTPUT
protocol: tcp
destination_port: 443
destination: metabase.com
jump: ACCEPT
- name: Allow to access metabase.com
iptables:
action: append
chain: OUTPUT
protocol: tcp
destination_port: 80
destination: metabase.com
jump: ACCEPT
- name: Allow to access metabase.com ipv6
lineinfile:
line: "2606:50c0:8000::153 metabase.com"
dest: /etc/hosts
- name: Allow to access metabase.com ipv6
iptables:
ip_version: ipv6
action: append
chain: OUTPUT
protocol: tcp
destination_port: 443
destination: metabase.com
jump: ACCEPT
# cypress using 2 steps of downloading
# so set two entries in the hosts file
- name: Allow to access download.cypress.io
lineinfile:
line: "104.26.6.176 download.cypress.io"
dest: /etc/hosts
- name: Allow to access cdn.cypress.io
lineinfile:
line: "104.26.6.176 cdn.cypress.io"
dest: /etc/hosts
- name: Allow to access cypress.io
iptables:
action: append
chain: OUTPUT
protocol: tcp
destination_port: 443
destination: cdn.cypress.io
jump: ACCEPT
- name: Allow to access localhost:8086
iptables:
ip_version: ipv6
action: append
chain: OUTPUT
protocol: tcp
destination_port: 8086
destination: 2001:67c:1254:105:28ad::d94
jump: ACCEPT
- name: Allow to access localhost:8180
iptables:
ip_version: ipv6
action: append
chain: OUTPUT
protocol: tcp
destination_port: 8180
destination: 2001:67c:1254:105:28ad::d94
jump: ACCEPT
- name: Allow to access localhost:8196, required by test caddy-frontend
iptables:
ip_version: ipv6
action: append
chain: OUTPUT
protocol: tcp
destination_port: 8990
destination: 2001:67c:1254:105:28ad::d94
jump: ACCEPT
- name: Allow to access localhost:8196, required by test jscrawler
iptables:
ip_version: ipv6
action: append
chain: OUTPUT
protocol: tcp
destination_port: 8196
destination: 2001:67c:1254:105:28ad::d94
jump: ACCEPT
- name: Allow to access localhost:9083, required by test jscrawler
iptables:
ip_version: ipv6
action: append
chain: OUTPUT
protocol: tcp
destination_port: 9083
destination: 2001:67c:1254:105:28ad::d94
jump: ACCEPT
# This is for connect to the test suite and upload the test result. # This is for connect to the test suite and upload the test result.
# You need to replace it with your own ERP5 instance domain s # You need to replace it with your own ERP5 instance domain s
- name: Allow to access ERP5 test suite address - name: Allow to access ERP5 test suite address
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment