Le jeudi 09 juin 2016 à 02:09 +0200, Emmanuel Dreyfus a écrit : > Michael Scherer <msche...@redhat.com> wrote: > > > I connected to it from rackspace and stopped rpcbind in a hurry after > > being paged, but I would like to make sure that the netbsd builders are > > a bit more hardened (even if they are already well hardened from what I > > did see, even if there is no firewall), as it seems most of them are > > also running rpcbind (and sockstat show they are not listening only on > > localhost). > > I created minimal filtering rules in /etc/ipf.conf and restarted > rpcbind. I did the same for others NetBSD vm.
ok, great. I did it too for the freebsd builder. > > Emmanuel, would you be ok if we start to manage them with ansible like > > we do for the Centos ones ? > > I have no problem with it, but I must confess a complete lack of > experience with this tool. That's mostly deploy script with ssh. The only issue I face is that you flagged most of /usr as unchangeable, and I do not know how cleanly it would be to remove the flags before applying changes and apply that again with the current layout of our ansible roles. But I will figure something out. -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gluster-infra mailing list Gluster-infra@gluster.org http://www.gluster.org/mailman/listinfo/gluster-infra