Closed
Bug 1077284
Opened 10 years ago
Closed 10 years ago
need AWS secgroups altered for nagios-{usw1,use1,use2}
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
x86
macOS
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Atoll, Assigned: arzhel)
References
Details
Attachments
(1 file)
32.11 KB,
image/png
|
Details |
Hi, we need an alteration to the AWS EC2 security groups for nagios-usw1, nagios-use1, nagios-use2. We don't seem to have access to these that we're aware of, so I'm filing this to try and get help from releng. The specific change to be made is to add 3 new outbound rules to whatever security group(s) are associated with: nagios1.private.usw1.mozilla.com nagios1.private.use1.mozilla.com nagios1.private.use2.mozilla.com The new rules to add are: Custom TCP Rule, TCP, 6697, Custom IP, 54.72.42.192/32 Custom TCP Rule, TCP, 6697, Custom IP, 54.219.165.167/32 Custom TCP Rule, TCP, 6697, Custom IP, 54.85.60.193/32 That same security group should already contain this rule (among others): Custom TCP Rule, TCP, 6697, Custom IP, 63.245.216.214/32 And these new IPs should match the AWS admin console screenshot attached, but please double-check in case I typed something wrong.
Updated•10 years ago
|
Assignee: server-ops → relops
Component: Server Operations → RelOps
Product: mozilla.org → Infrastructure & Operations
QA Contact: shyam → arich
Also, I would like to add this host: 63.245.214.141/32 (which is the SCL3 IRC server)
Updated•10 years ago
|
Assignee: relops → dustin
Comment 2•10 years ago
|
||
BTW, it'd be great to add the "nagios" security group to http://hg.mozilla.org/build/cloud-tools/file/958d14baf6b3/configs/securitygroups.yml
Assignee: dustin → relops
Updated•10 years ago
|
Assignee: relops → dustin
Comment 3•10 years ago
|
||
This flow is in fact restricted on fw1.releng.scl3, which is the egress for internet traffic from the releng VPCs. dustin@fw1.releng.scl3.mozilla.net> show security policies from-zone vpc to-zone untrust ... Policy: nagios--irc, State: enabled, Index: 1679, Scope Policy: 0, Sequence number: 6 Source addresses: nagios1.private.releng.use1, nagios1.private.releng.usw1, nagios1.private.releng.usw2 Destination addresses: concrete Applications: ircd-ssl Action: permit, log So, it looks like the destination addresses there need to change to correspond to the new servers described in comment 0 and comment 1.
Assignee: dustin → network-operations
Component: RelOps → NetOps: DC ACL Request
QA Contact: arich → jbarnell
Assignee | ||
Comment 4•10 years ago
|
||
Added to the global-policies so everything should have access to those IPs
Assignee: network-operations → arzhel
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•