Proposal: publictest[1-9] addresses

[Warren Togami]

Last week we discussed the need to open ports like 22 and 80 for the 
mercurial test currently hosted on test1 to proceed with public testing. 
  I did not want to request this firewall change because it would make 
it inconsistent, difficult to track, and a thus long-term security risk. 
  This is because we do NOT want public facing ssh except in known 
defined ways.

Proposal
========
test[1-9] remain internal-only test addresses.  We assign new addresses 
for services ready for public facing testing.

publictest[1-9].fedora.phx.redhat.com (internal)
publictest[1-9].fedora.redhat.com     (external)
Port Forwards:
22
80
443
8887 (potential test plague master)
8888 (potential plague builder)
8889 (potential plague builder)

As a matter of security policy, Infrastructure team must approve any and 
all uses of publictest[1-9] addresses, especially if they require public 
facing ssh.  Public facing ssh is necessary for mercurial and other VCS 
testing.

Thoughts?  Should we go ahead?

Warren Togami
wtogami at redhat.com