l10n.allizom.org, l10n.stage.webapp.scl3 access to stage db stage-rw-vip.db.scl3.mozilla.com

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps: DC ACL Request
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: Pike, Assigned: dcurado)

Tracking

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3184])

(Reporter)

Description

a year ago
In bug 1233154, we've set the stage instance of elmo, l10n.stage.webapp.scl3 , up to talk to the prod database.

As I'm now in need to stage a deployment that modifies the database schema, I actually need it to talk to the stage database, too.

That's on stage-rw-vip.db.scl3.mozilla.com.

As it times out, my suspicion is that the network flow isn't enabled.

I'd like to be able to connect to both stage-rw-vip.db.scl3.mozilla.com and generic-rw-zeus.db.scl3.mozilla.com from l10n.stage.webapp.scl3.

elmo mana page: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=1082396
Assignee: nobody → server-ops-webops
Component: MOC: Service Requests → WebOps: Other
QA Contact: lypulong → smani

Updated

a year ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3184]
Netops please open a flow for l10n.stage.webapp.scl3.mozilla.com to reach stage-rw-vip.db.scl3.mozilla.com on mysql port 3306.
Assignee: server-ops-webops → network-operations
Component: WebOps: Other → NetOps: DC ACL Request
QA Contact: smani → jbarnell
(Assignee)

Comment 2

a year ago
working on this.
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
(Assignee)

Comment 3

a year ago
I added the l10n.stage.webapp host to an existing related policy.
Hope this is OK with you:

Policy: l10n-a10n--mysql, action-type: permit, State: enabled, Index: 295, Scope Policy: 0
  Policy Type: Configured
  Sequence number: 10
  From zone: webapp, To zone: db
  Source addresses:
    l10n.stage.webapp: 10.22.81.130/32
    a10n.webapp.scl3: 10.22.81.145/32
    l10n-dashboard1.webapp.scl3: 10.22.81.129/32
  Destination addresses:
    stage-rw-vip.db.scl3: 10.22.70.63/32
    stage-ro-vip.db.scl3: 10.22.70.62/32
    generic-r2-zeus.db.scl3: 10.22.70.74/32
    generic-ro-zeus.db.scl3: 10.22.70.75/32
  Application: mysql
    IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
      Source port range: [0-0]
      Destination port range: [3306-3306]
  Per policy TCP Options: SYN check: No, SEQ check: No

Here's the diff:

dcurado@fw1.ops.scl3.mozilla.net> show configuration | compare rollback 1
[edit security policies from-zone webapp to-zone db policy l10n-a10n--mysql match]
-      source-address [ l10n-dashboard1.webapp.scl3 a10n.webapp.scl3 ];
+      source-address [ l10n-dashboard1.webapp.scl3 a10n.webapp.scl3 l10n.stage.webapp ];
Status: ASSIGNED → UNCONFIRMED
Ever confirmed: false
(Reporter)

Comment 4

a year ago
Thanks, yes. Can access both dbs now allright.

Marking FIXED.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.