If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Access for crashanalysis.dmz.phx1.mozilla.com to socorro-reporting2.db.phx1.mozilla.com

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps: DC ACL Request
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: mpressman, Assigned: jbarnell)

Tracking

Details

(Reporter)

Description

3 years ago
Can we please have access from crashanalysis.dmz.phx1.mozilla.com to socorro-reporting2.db.phx1.mozilla.com on ports 5432, 6432 and 6433. Effectively we need:

10.8.74.42 -> 10.8.70.198:5432
10.8.74.42 -> 10.8.70.198:6432
10.8.74.42 -> 10.8.70.198:6433
(Reporter)

Updated

3 years ago
Blocks: 1121490

Updated

3 years ago
Duplicate of this bug: 1121624

Comment 2

3 years ago
Given this blocks bug 1121490, upping to critical as well as it's release week and I'm missing all custom reports I'm running and which I need to assess releases.
Severity: normal → critical
(Assignee)

Updated

3 years ago
Severity: critical → normal
(Assignee)

Updated

3 years ago
Assignee: network-operations → jbarnell
(Assignee)

Comment 3

3 years ago
This has been added 

jbarnell@fw1.phx1.mozilla.net# show | compare 
[edit security policies from-zone dmz to-zone db]
      policy jenkins--mysql { ... }
+     /* https://bugzilla.mozilla.org/show_bug.cgi?id=1121697 */
+     policy crash-analysis {
+         match {
+             source-address crashanalysis;
+             destination-address socorro-reporting2.db.phx1.mozilla.com;
+             application [ postgres postgres-alt postgres-processors ];
+         }
+         then {
+             permit;
+         }
+     }
[edit security zones security-zone db address-book]
       address jenkins-mysql-ro-vip { ... }
+      address socorro-reporting2.db.phx1.mozilla.com 10.8.70.198/32;

Please test and confirm tonight.

Comment 4

3 years ago
OK, this works, thanks!
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.