Closed Bug 1240518 Opened 9 years ago Closed 9 years ago

please give the release management team access to Balrog (aka AUS) dev + production

Categories

(Infrastructure & Operations :: MOC: Service Requests, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: Usul)

Details

We'd like the Release Management team (lmandel@mozilla.com, sledru@mozilla.com, cdenizet@mozilla.com, ehenry@mozilla.com, rkaiser@mozilla.com, rkothari@mozilla.com) access to both the Balrog dev+prod environments (https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=8062552). I _think_ they all have VPN access already, but we if not we can sort that out separately.
Ben you filed the bug does this means it also adds approval ?
Assignee: nobody → ludovic
Yup. And for posterity, there was general consensus among RelEng that this is fine.
Added lmandel to vpn_aus4_admins,cn=balrog,ou=groups,dc=mozilla ditto for sledru, cdenizet, liz,kairo, and rkothari
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
I think something additional may be needed. Ritu can resolve aus4-admin-dev, but not route to it: Pinging aus4-admin-dev.external.zlb.scl3.mozilla.com [10.8.81.223] with 32 bytes of data: Reply from 10.22.248.1: Destination net unreachable. Reply from 10.22.248.1: Destination net unreachable. Reply from 10.22.248.1: Destination net unreachable. Reply from 10.22.248.1: Destination net unreachable.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
That's all that's on our list to grant this access. Can you give us an example of someone who has working access to compare against?
and I assume Ritu is on the global VPN?
(In reply to Peter Radcliffe [:pir] from comment #5) > That's all that's on our list to grant this access. Can you give us an > example of someone who has working access to compare against? I've got working access :). rwood@mozilla.com does too, and might be a better model (he got access much more recently than me). (In reply to Peter Radcliffe [:pir] from comment #6) > and I assume Ritu is on the global VPN? I think she is, she had VPN access prior to this AFAIK. Ritu, can you confirm?
Flags: needinfo?(rkothari)
rwood doesn't appear to have any extra groups that would make a difference. The symptoms above could be explained by being in an office but not on the VPN or being on the VPN before the changes ere made and not reconnecting (new access only gets applied after a reconnection).
(In reply to Ben Hearsum (:bhearsum) from comment #7) > (In reply to Peter Radcliffe [:pir] from comment #5) > > That's all that's on our list to grant this access. Can you give us an > > example of someone who has working access to compare against? > > I've got working access :). rwood@mozilla.com does too, and might be a > better model (he got access much more recently than me). > > (In reply to Peter Radcliffe [:pir] from comment #6) > > and I assume Ritu is on the global VPN? > > I think she is, she had VPN access prior to this AFAIK. Ritu, can you > confirm? Yes I was connected to "Mozilla Certificate based VPN" when trying to open up both Balrog URLs.
Flags: needinfo?(rkothari)
(In reply to Ritu Kothari (:ritu) from comment #9) > Yes I was connected to "Mozilla Certificate based VPN" when trying to open > up both Balrog URLs. Can you confirm that you've disconnected, reconnected and retried since the groups were added to your account, per comment 8?
Flags: needinfo?(rkothari)
Can any of the other people try and report that it's working ?
$ ping aus4-admin-dev.external.zlb.scl3.mozilla.comPING aus4-admin-dev.external.zlb.scl3.mozilla.com (10.8.81.223) 56(84) bytes of data. From 10-22-248-1.vpn.scl3.mozilla.com (10.22.248.1) icmp_seq=1 Packet filtered but I don't know which url(s) I which try
It appears, from above comments, that this would be a good start but this isn't an application that the MOC uses: http://aus4-admin-dev.external.zlb.scl3.mozilla.com/
I tried this one but, while I can resolve the hostname, it cannot connect $ LANG=C curl http://aus4-admin-dev.external.zlb.scl3.mozilla.com/ curl: (7) Failed to connect to aus4-admin-dev.external.zlb.scl3.mozilla.com port 80: No route to host Note that I am connected to the VPN and can connect to https://ship-it.mozilla.org/
(In reply to Peter Radcliffe [:pir] from comment #13) > It appears, from above comments, that this would be a good start but this > isn't an application that the MOC uses: > > http://aus4-admin-dev.external.zlb.scl3.mozilla.com/ https://aus4-admin-dev.allizom.org is the URL. I'm not sure the zlb one will work correctly...
(In reply to Sylvestre Ledru [:sylvestre] from comment #16) > https://aus4-admin.mozilla.org works! But you said that https://aus4-admin-dev.allizom.org gives you "no route to host", right?
Indeed: $ LANG=C curl https://aus4-admin-dev.allizom.org/ curl: (7) Failed to connect to aus4-admin-dev.allizom.org port 443: No route to host
Sounds like that host needs to be added to vpn_aus4_admins. I'll open a bug for that.
Yup, both the URLs are now accessible via VPN.
Flags: needinfo?(rkothari)
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED
Thanks for working through this so quickly. It's really great for RelMan to have access now!
You need to log in before you can comment on or make changes to this bug.