telemetry stage host that the stage group should be routed over the vpn for: 184.108.40.206 (pipeline-redshift.stage.mozaws.net) port 5432 telemetry prod host that the prod group should be routed over the vpn for: 220.127.116.11 (pipeline-redshift.prod.mozaws.net) port 5432 users that should be in both groups: everyone from team_services_ops: firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org And the following people from the telemetry project: email@example.com firstname.lastname@example.org email@example.com I understand that the route for these host will go out to all vpn users, but only those listed above will have the ports open over the vpn.
How is this different from the already-existing vpn_cloudops_redshift group?
Assignee: vpn-acl → dparsons
vpn_cloudops_redshift is probably misnamed, it's actually for the tiles project's redshift instance, which should have different people allowed to access it.
Can you give me a good name for this new group then, and suggest a good name to rename the other group to, so this makes sense? Otherwise it's possible people may get accidentally added to the wrong groups with subsequent requests.
sure. these groups should be vpn_telemetry_redshift_prod and vpn_telemetry_redshift_stage and the other group should be renamed to vpn_tiles_redshift
This is complete. New routes should take effect on next puppet run.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
thanks, routes are working for me.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.