configs/securitygroups.yml
author Rail Aliiev <rail@mozilla.com>
Mon, 09 Jun 2014 11:45:26 -0400
changeset 429 dbdf3c0695e8de9d8be090abc6df5333fa7aa7fc
parent 419 2aff440e33b0619ef820116a9d863a471434b681
child 538 539ffaefb8f100729ea9756ec0f839283a332f16
permissions -rw-r--r--
Bug 986477 - Don't require puppet or DNS to launch new instances

tests:
    description: security group for test slaves
    regions:
        us-west-1: vpc-7a7dd613
        us-west-2: vpc-cd63f2a4
        us-east-1: vpc-b42100df
    apply-to:
        instances:
            tags:
                - [moz-type, tst-linux*]
                - [Name, tst-linux*-ec2-*]
        interfaces:
            tags:
                - [moz-type, tst-linux*]
    inbound:
        - proto: tcp
          ports: [22, 5900]
          hosts:
            - cruncher.build.mozilla.org
            - slaveapi1.srv.releng.scl3.mozilla.com
            - slaveapi-dev1.srv.releng.scl3.mozilla.com
            - 10.22.75.6/31
            - 10.22.252.0/22
            - 10.22.248.0/22
            - dev-master1.build.mozilla.org
            - aws-manager1.srv.releng.scl3.mozilla.com
        - proto: icmp
          ports: [-1]
          hosts:
            - 10.22.75.6/31
            - 10.22.252.0/22
            - 10.22.248.0/22
            - cruncher.build.mozilla.org
            - slaveapi1.srv.releng.scl3.mozilla.com
            - slaveapi-dev1.srv.releng.scl3.mozilla.com
            - dev-master1.build.mozilla.org
            - aws-manager1.srv.releng.scl3.mozilla.com


    outbound:
        - proto: -1
          hosts:
            - 0.0.0.0/0

build:
    description: security group for build slaves
    regions:
        us-west-1: vpc-7a7dd613
        us-west-2: vpc-cd63f2a4
        us-east-1: vpc-b42100df
    apply-to:
        instances:
            tags:
                - [moz-type, bld-linux64]
                - [Name, bld-linux64-ec2-*]
        interfaces:
            tags:
                - [moz-type, bld-linux64]
    inbound:
        - proto: tcp
          ports: [22, 5900]
          hosts:
            - cruncher.build.mozilla.org
            - slaveapi1.srv.releng.scl3.mozilla.com
            - slaveapi-dev1.srv.releng.scl3.mozilla.com
            - 10.22.75.6/31
            - 10.22.252.0/22
            - 10.22.248.0/22
            - dev-master1.build.mozilla.org
            - aws-manager1.srv.releng.scl3.mozilla.com
        - proto: icmp
          ports: [-1]
          hosts:
            - 10.22.75.6/31
            - 10.22.252.0/22
            - 10.22.248.0/22
            - cruncher.build.mozilla.org
            - slaveapi1.srv.releng.scl3.mozilla.com
            - slaveapi-dev1.srv.releng.scl3.mozilla.com
            - dev-master1.build.mozilla.org
            - aws-manager1.srv.releng.scl3.mozilla.com


    outbound:
        - proto: -1
          hosts:
            - 0.0.0.0/0
try:
    description: security group for try build slaves
    regions:
        us-west-1: vpc-7a7dd613
        us-west-2: vpc-cd63f2a4
        us-east-1: vpc-b42100df
    apply-to:
        instances:
            tags:
                - [moz-type, try-linux64]
                - [Name, try-linux64-ec2-*]
        interfaces:
            tags:
                - [moz-type, try-linux64]
    inbound:
        - proto: tcp
          ports: [22, 5900]
          hosts:
            - cruncher.build.mozilla.org
            - slaveapi1.srv.releng.scl3.mozilla.com
            - slaveapi-dev1.srv.releng.scl3.mozilla.com
            - 10.22.75.6/31
            - 10.22.252.0/22
            - 10.22.248.0/22
            - dev-master1.build.mozilla.org
            - aws-manager1.srv.releng.scl3.mozilla.com
        - proto: icmp
          ports: [-1]
          hosts:
            - 10.22.75.6/31
            - 10.22.252.0/22
            - 10.22.248.0/22
            - cruncher.build.mozilla.org
            - slaveapi1.srv.releng.scl3.mozilla.com
            - slaveapi-dev1.srv.releng.scl3.mozilla.com
            - dev-master1.build.mozilla.org
            - aws-manager1.srv.releng.scl3.mozilla.com


    outbound:
        - proto: -1
          hosts:
            - 0.0.0.0/0