Closed
Bug 1011523
Opened 11 years ago
Closed 11 years ago
Open netflows from buildbot-master[113-116] to buildbot-rw-vip.db.scl3.mozilla.com:3306 and releng-rabbitmq-zlb.webapp.scl3.mozilla.com 5672
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
x86_64
Linux
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: armenzg, Assigned: arzhel)
References
Details
See bug 859528 for similar request.
Marking as major since our releng operations are in a bad state and we need to increase the capacity soon.
10.134.49.144 --fqdn buildbot-master113.srv.releng.use1.mozilla.com
10.134.48.122 --fqdn buildbot-master114.srv.releng.use1.mozilla.com
10.132.49.29 --fqdn buildbot-master115.srv.releng.usw2.mozilla.com
10.132.50.189 --fqdn buildbot-master116.srv.releng.usw2.mozilla.com
|
Reporter | |
Comment 1•11 years ago
|
||
Can you also open this flow?
* releng-rabbitmq-zlb.webapp.scl3.mozilla.com 5672 (self-serve agent)
See bug 985088 for a previous example.
|
|
Reporter | |
Updated•11 years ago
|
Summary: Open netflows from buildbot-master[113-116] to buildbot-rw-vip.db.scl3.mozilla.com:3306 → Open netflows from buildbot-master[113-116] to buildbot-rw-vip.db.scl3.mozilla.com:3306 and releng-rabbitmq-zlb.webapp.scl3.mozilla.com 5672
|
|
Reporter | |
Comment 2•11 years ago
|
||
In our notes I also see this:
"request for the new hosts to the "Build Masters group""
Is that still relevant?
|
|
Reporter | |
Comment 3•11 years ago
|
||
Actually this:
** request for the new hosts to be added to the "Build Masters group"
** request for the new IPs to be added to the "Build Masters" list in the firewall rules
I think it is related to this:
https://bugzil.la/812342#c13
https://mana.mozilla.org/wiki/display/SECURITY/Firewall+Policy+Recommendation%3A+RelEng-SCl3
|
Assignee | |
Comment 4•11 years ago
|
||
Added to the address-set in releng.scl3 and scl1, let me know if something doesn't work as expected
Assignee: network-operations → arzhel
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
||
Comment 5•11 years ago
|
||
$ nc -zv buildbot-rw-vip.db.scl3.mozilla.com 3306
nc: connect to buildbot-rw-vip.db.scl3.mozilla.com port 3306 (tcp) failed: Connection timed out
I tried this from
buildbot-master113.srv.releng.use1.mozilla.com has address 10.134.49.144
buildbot-master114.srv.releng.use1.mozilla.com has address 10.134.48.122
buildbot-master115.srv.releng.usw2.mozilla.com has address 10.132.49.29
buildbot-master116.srv.releng.usw2.mozilla.com has address 10.132.50.189
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 6•11 years ago
|
||
Indeed, I forgot the firewall outside the releng BUs (scl3)
Should be good now
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
|
||
Updated•3 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•