Closed
Bug 1240518
Opened 9 years ago
Closed 9 years ago
please give the release management team access to Balrog (aka AUS) dev + production
Categories
(Infrastructure & Operations :: MOC: Service Requests, task)
Infrastructure & Operations
MOC: Service Requests
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bhearsum, Assigned: Usul)
Details
We'd like the Release Management team (lmandel@mozilla.com, sledru@mozilla.com, cdenizet@mozilla.com, ehenry@mozilla.com, rkaiser@mozilla.com, rkothari@mozilla.com) access to both the Balrog dev+prod environments (https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=8062552).
I _think_ they all have VPN access already, but we if not we can sort that out separately.
Assignee | ||
Comment 1•9 years ago
|
||
Ben you filed the bug does this means it also adds approval ?
Assignee: nobody → ludovic
Reporter | ||
Comment 2•9 years ago
|
||
Yup. And for posterity, there was general consensus among RelEng that this is fine.
Assignee | ||
Comment 3•9 years ago
|
||
Added lmandel to vpn_aus4_admins,cn=balrog,ou=groups,dc=mozilla ditto for sledru, cdenizet, liz,kairo, and rkothari
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 4•9 years ago
|
||
I think something additional may be needed. Ritu can resolve aus4-admin-dev, but not route to it:
Pinging aus4-admin-dev.external.zlb.scl3.mozilla.com [10.8.81.223] with 32
bytes of data:
Reply from 10.22.248.1: Destination net unreachable.
Reply from 10.22.248.1: Destination net unreachable.
Reply from 10.22.248.1: Destination net unreachable.
Reply from 10.22.248.1: Destination net unreachable.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 5•9 years ago
|
||
That's all that's on our list to grant this access. Can you give us an example of someone who has working access to compare against?
Comment 6•9 years ago
|
||
and I assume Ritu is on the global VPN?
Reporter | ||
Comment 7•9 years ago
|
||
(In reply to Peter Radcliffe [:pir] from comment #5)
> That's all that's on our list to grant this access. Can you give us an
> example of someone who has working access to compare against?
I've got working access :). rwood@mozilla.com does too, and might be a better model (he got access much more recently than me).
(In reply to Peter Radcliffe [:pir] from comment #6)
> and I assume Ritu is on the global VPN?
I think she is, she had VPN access prior to this AFAIK. Ritu, can you confirm?
Flags: needinfo?(rkothari)
Comment 8•9 years ago
|
||
rwood doesn't appear to have any extra groups that would make a difference.
The symptoms above could be explained by being in an office but not on the VPN or being on the VPN before the changes ere made and not reconnecting (new access only gets applied after a reconnection).
(In reply to Ben Hearsum (:bhearsum) from comment #7)
> (In reply to Peter Radcliffe [:pir] from comment #5)
> > That's all that's on our list to grant this access. Can you give us an
> > example of someone who has working access to compare against?
>
> I've got working access :). rwood@mozilla.com does too, and might be a
> better model (he got access much more recently than me).
>
> (In reply to Peter Radcliffe [:pir] from comment #6)
> > and I assume Ritu is on the global VPN?
>
> I think she is, she had VPN access prior to this AFAIK. Ritu, can you
> confirm?
Yes I was connected to "Mozilla Certificate based VPN" when trying to open up both Balrog URLs.
Flags: needinfo?(rkothari)
Comment 10•9 years ago
|
||
(In reply to Ritu Kothari (:ritu) from comment #9)
> Yes I was connected to "Mozilla Certificate based VPN" when trying to open
> up both Balrog URLs.
Can you confirm that you've disconnected, reconnected and retried since the groups were added to your account, per comment 8?
Flags: needinfo?(rkothari)
Assignee | ||
Comment 11•9 years ago
|
||
Can any of the other people try and report that it's working ?
Comment 12•9 years ago
|
||
$ ping aus4-admin-dev.external.zlb.scl3.mozilla.comPING aus4-admin-dev.external.zlb.scl3.mozilla.com (10.8.81.223) 56(84) bytes of data.
From 10-22-248-1.vpn.scl3.mozilla.com (10.22.248.1) icmp_seq=1 Packet filtered
but I don't know which url(s) I which try
Comment 13•9 years ago
|
||
It appears, from above comments, that this would be a good start but this isn't an application that the MOC uses:
http://aus4-admin-dev.external.zlb.scl3.mozilla.com/
Comment 14•9 years ago
|
||
I tried this one but, while I can resolve the hostname, it cannot connect
$ LANG=C curl http://aus4-admin-dev.external.zlb.scl3.mozilla.com/
curl: (7) Failed to connect to aus4-admin-dev.external.zlb.scl3.mozilla.com port 80: No route to host
Note that I am connected to the VPN and can connect to https://ship-it.mozilla.org/
Reporter | ||
Comment 15•9 years ago
|
||
(In reply to Peter Radcliffe [:pir] from comment #13)
> It appears, from above comments, that this would be a good start but this
> isn't an application that the MOC uses:
>
> http://aus4-admin-dev.external.zlb.scl3.mozilla.com/
https://aus4-admin-dev.allizom.org is the URL. I'm not sure the zlb one will work correctly...
Comment 16•9 years ago
|
||
Reporter | ||
Comment 17•9 years ago
|
||
(In reply to Sylvestre Ledru [:sylvestre] from comment #16)
> https://aus4-admin.mozilla.org works!
But you said that https://aus4-admin-dev.allizom.org gives you "no route to host", right?
Comment 18•9 years ago
|
||
Indeed:
$ LANG=C curl https://aus4-admin-dev.allizom.org/
curl: (7) Failed to connect to aus4-admin-dev.allizom.org port 443: No route to host
Comment 19•9 years ago
|
||
Sounds like that host needs to be added to vpn_aus4_admins. I'll open a bug for that.
Yup, both the URLs are now accessible via VPN.
Flags: needinfo?(rkothari)
Assignee | ||
Updated•9 years ago
|
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 21•9 years ago
|
||
Thanks for working through this so quickly. It's really great for RelMan to have access now!
You need to log in
before you can comment on or make changes to this bug.
Description
•