Status
Cloud Services
Operations: Marketplace
P1
normal
RESOLVED
FIXED
People
(Reporter: andy+bugzilla, Assigned: jason)
Tracking
Firefox Tracking Flags
(Not tracked)
Details
Solitude db on prod is locked down by netops so that it can't access remote servers, such as https://webservices.bango.com. The stage servers can access remote servers and this brings up issues where by we deploy to prod and then find that solitude db is unable to do something in prod.
|
(Assignee) | |
Updated•4 years ago
|
||
Assignee: nobody → jthomas
Priority: -- → P1
|
|
(Assignee) | |
Comment 1•4 years ago
|
||
I've locked solitude db on stage using iptables ipt_owner module. solitude db stage should now only have outbound access to payments-proxy vip.
Chain OUTPUT (policy ACCEPT 10648 packets, 6366K bytes)
pkts bytes target prot opt in out source destination
19 1288 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 8000 udp dpt:53
3 164 ACCEPT tcp -- * * 0.0.0.0/0 10.8.83.187 owner UID match 8000 tcp dpt:443
12 720 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 8000
-bash-4.1$ whoami
sol_stage
-bash-4.1$ host webservices.bango.com
webservices.bango.com has address 185.35.88.2
-bash-4.1$ nc -w 1 -v webservices.bango.com 443
nc: connect to webservices.bango.com port 443 (tcp) timed out: Operation now in progress
-bash-4.1$ host payments-proxy.allizom.org
payments-proxy.allizom.org is an alias for payments-zlb.stage.addons.phx1.mozilla.com.
payments-zlb.stage.addons.phx1.mozilla.com has address 10.8.83.187
-bash-4.1$ nc -w 1 -v 10.8.83.187 443
Connection to 10.8.83.187 443 port [tcp/https] succeeded!
-bash-4.1$ nc -w 1 -v mozilla.org 443
nc: connect to mozilla.org port 443 (tcp) timed out: Operation now in progress
nc: connect to mozilla.org port 443 (tcp) failed: Network is unreachableStatus: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•