Please create VPN access groups for connections to telemetry redshift in stage and prod

VERIFIED FIXED

Status

Infrastructure & Operations
Mozilla VPN: ACL requests
VERIFIED FIXED
3 years ago
3 years ago

People

(Reporter: relud, Assigned: lerxst)

Tracking

Details

(Reporter)

Description

3 years ago
telemetry stage host that the stage group should be routed over the vpn for:

52.20.197.16 (pipeline-redshift.stage.mozaws.net) port 5432

telemetry prod host that the prod group should be routed over the vpn for:

52.88.49.90 (pipeline-redshift.prod.mozaws.net) port 5432

users that should be in both groups:

everyone from team_services_ops:
bobm@mozilla.com
bwong@mozilla.com
ckolos@mozilla.com
dthornton@mozilla.com
dwilson@mozilla.com
jlazaro@mozilla.com
jmorrison@mozilla.com
jthomas@mozilla.com
oremj@mozilla.com
tblow@mozilla.com
whd@mozilla.com

And the following people from the telemetry project:
kparlante@mozilla.com
mreid@mozilla.com
spenrose@mozilla.com

I understand that the route for these host will go out to all vpn users, but only those listed above will have the ports open over the vpn.
(Assignee)

Comment 1

3 years ago
How is this different from the already-existing vpn_cloudops_redshift group?
Assignee: vpn-acl → dparsons
(Reporter)

Comment 2

3 years ago
vpn_cloudops_redshift is probably misnamed, it's actually for the tiles project's redshift instance, which should have different people allowed to access it.
(Reporter)

Updated

3 years ago
Blocks: 1204869
(Assignee)

Comment 3

3 years ago
Can you give me a good name for this new group then, and suggest a good name to rename the other group to, so this makes sense? Otherwise it's possible people may get accidentally added to the wrong groups with subsequent requests.
(Reporter)

Comment 4

3 years ago
sure. these groups should be vpn_telemetry_redshift_prod and vpn_telemetry_redshift_stage and the other group should be renamed to vpn_tiles_redshift
(Assignee)

Comment 5

3 years ago
This is complete. New routes should take effect on next puppet run.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
(Reporter)

Comment 6

3 years ago
thanks, routes are working for me.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.