Closed
Bug 1100573
Opened 10 years ago
Closed 10 years ago
Remove releng AWS puppet masters from address books
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: dcurado)
References
Details
Simplifying! All of these can go:
> delete security policies from-zone bb to-zone vpc policy bb-vpc--puppet
> delete security policies from-zone bb to-zone vpc policy releng-puppet
> delete security policies from-zone build to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone dc to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone inband to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone mobile to-zone vpc policy releng-puppet
> delete security policies from-zone openstack_stage to-zone vpc policy openstack-stage--puppet
> delete security policies from-zone openstack_stage to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone pod to-zone vpc policy releng-puppet
> delete security policies from-zone relabs to-zone vpc policy releng-puppet
> delete security policies from-zone servo to-zone vpc policy releng-puppet
> delete security policies from-zone srv to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone test to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone try to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone vpc to-zone untrust policy puppet-github
> delete security policies from-zone winbuild to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone wintest to-zone vpc policy releng-puppet--puppet
> delete security policies from-zone wintry to-zone vpc policy releng-puppet--puppet
> delete security zones security-zone vpc address-book address servo-puppet1.srv.servo.releng.use1 10.134.82.20/32
> delete security zones security-zone vpc address-book address releng-puppet1.srv.releng.use1 10.134.48.57/32
> delete security zones security-zone vpc address-book address releng-puppet2.srv.releng.use1 10.134.49.5/32
> delete security zones security-zone vpc address-book address releng-puppet1.srv.releng.usw2 10.132.48.212/32
> delete security zones security-zone vpc address-book address releng-puppet2.srv.releng.usw2 10.132.48.229/32
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet1.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet2.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet1.srv.releng.usw2
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet2.srv.releng.usw2
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet1.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet2.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet1.srv.releng.usw2
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet2.srv.releng.usw2
(and if you look at all of that you'll see it's pretty darn redundant!)
Assignee | ||
Comment 1•10 years ago
|
||
working on this.
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•10 years ago
|
||
Some comments from Dave:
First of all, thank you very much for spending the time and energy to remove un-needed firewall configuration. Every time I do a commit on some of our firewalls, I am worried by the amount
of time it takes the firewall to get it done -- the configurations are large in proportion to
the amount of CPU the firewall has. And while we get steady stream of requests to add stuff,
the requests to remove things are few and far between. i.e. lots of dead wood.
Second thing, just as an FYI... not a request to change anything, just sharing...
these things:
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet1.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet2.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet1.srv.releng.usw2
> delete security zones security-zone vpc address-book address-delete releng-puppet address releng-puppet2.srv.releng.usw2
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet1.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet2.srv.releng.use1
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet1.srv.releng.usw2
> delete security zones security-zone vpc address-book address-delete all-releng-puppet address releng-puppet2.srv.releng.usw2
are actually address-sets, and deleting them can be done with:
delete security zones security-zone vpc address-book address-set releng-puppet
delete security zones security-zone vpc address-book address-set all-releng-puppet
Finally, I could not delete this address-book entry:
delete security zones security-zone vpc address-book address servo-puppet1.srv.servo.releng.use1 10.134.82.20/32
because it is referenced in this policy:
policy servo-puppet1_srv_servo_releng_use1--puppet
Thanks again!
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 3•10 years ago
|
||
Heh, I copied the 'show .. | display set' output and changed 'set' to 'delete', but should have looked a little harder. Thanks for getting my meaning :)
We have another delete coming for servo which will take care of that last addressbook entry.
I like deleting things too! I'll have another one soon that leaves from-zone <*> to-zone vpc as a blanket permit (basically making vpc another dc-like zone), once bug 1058225 lands.
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•