open flows from releng openstack vlan to openstack dbs

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps: DC ACL Request
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: dividehex, Assigned: dcurado)

Tracking

Details

(Reporter)

Description

4 years ago
While trying to initialize the openstack databases, I noticed I wasn't able to connect to the db zlb vips or the db hosts directly.  We need all hosts within vlan2102 (*.admin.cloud.releng.scl3.mozilla.com) to reach the zlb vips and the db hosts on tcp/3306.

*.admin.cloud.releng.scl3.mozilla.com -> openstack-rw-vip.db.scl3.mozilla.com tcp/mysql
*.admin.cloud.releng.scl3.mozilla.com -> openstack-ro-vip.db.scl3.mozilla.com tcp/mysql
*.admin.cloud.releng.scl3.mozilla.com -> openstack[1-2].db.scl3.mozilla.com tcp/mysql
(Assignee)

Updated

4 years ago
Assignee: network-operations → dcurado
(Assignee)

Updated

4 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 1

4 years ago
This policy should be in place now:

  From zone: dc, To zone: db
  Source addresses:
    admin-cloud-net: 10.26.102.0/23
  Destination addresses:
    openstack2: 10.22.70.86/32 
    openstack1: 10.22.70.85/32 
    openstack-ro-vip: 10.22.70.88/32 
    openstack-rw-vip: 10.22.70.87/32
  Application: mysql
    IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
      Source port range: [0-0] 
      Destination port range: [3306-3306]

Please let me know if there are any problems?
Thanks -- Dave
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.