Closed Bug 1101641 Opened 10 years ago Closed 10 years ago

Remove servo stuff

Categories

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps: DC ACL Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dustin, Assigned: dcurado)

References

Details

Per bug 1071178, we're not hosting servo anymore. That means VLANs build.servo and srv.servo can be deleted from configs and inventory. It means we can tear down a bunch of servo stuff in AWS (already done in bug 1071178) It means that the servo zone can be deleted, and all policies, addresses, etc associated with that zone. It also means that the following policies can be deleted: > delete security policies from-zone dc to-zone vpc policy buildbot-master-servo-01--buildbot-http > delete security policies from-zone vpc to-zone untrust policy github--https > delete security policies from-zone vpc to-zone untrust policy github--git > delete security policies from-zone vpc to-zone untrust policy static_rust-lang_org--http > delete security policies from-zone vpc to-zone untrust policy hg-mozilla-org--web and the following address-book entries: > delete security zones security-zone vpc address-book address build.servo.releng.use1 > delete security zones security-zone vpc address-book address srv.servo.releng.use1 > delete security zones security-zone vpc address-book address buildbot-master1.srv.servo.releng.use1 > delete security zones security-zone vpc address-book address servo-puppet1.srv.servo.releng.use1 > delete security zones security-zone vpc address-book address buildbot-master-servo-01.srv.servo.releng.use1 Note that there are still two hosts in the build.servo VLAN (bug 1100386), but they're not in use so as long as it doesn't cause confusion in configs you can pretend they're not there.
working on this.
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
OK, I removed most of what you asked for. However, these two hosts: buildbot-master1.srv.servo.releng.use1 servo-puppet1.srv.servo.releng.use1 are used in existing policies, so I did not (could not) delete them. These polices are from-zone servo to-zone vpc.. policy buildbot-master1_srv_servo_releng_use1--buildbot match { source-address build-net; destination-address buildbot-master1.srv.servo.releng.use1; application buildbot-rpc; } then { permit; } and policy servo-puppet1_srv_servo_releng_use1--puppet match { source-address build-net; destination-address servo-puppet1.srv.servo.releng.use1; application [ puppet junos-http junos-https ]; } then { permit; } If these are no longer needed, please let me know. Thanks.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Those are from-zone servo, so they can be deleted along with the zone itself. Also, I still see https://inventory.mozilla.org/en-US/core/vlan/161/ https://inventory.mozilla.org/en-US/core/vlan/162/
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I removed the two policies mentioned in comment 2, and the two address-book entries. I did a quick check for removing the servo security zone entirely, and there a fair number of policies where it is used. If it's OK with you, I'd like to create a separate bug to remove the zone.
Fine by me -- but that's what this bug was for, so I don't really see why :)
OK, I'll use this bug then. felt like the scope changed, but I'm probably wrong. Will work on this today.
Maybe that was confusing -- I opened bug 1108571 to get the stuff that was missed here.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.