Closed Bug 1494066 Opened 6 years ago Closed 6 years ago

please update releng signing server flows

Categories

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps: DC ACL Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: van)

References

Details

We are repurposing the mac-depsigning* machines as production signing servers, so we need to change some of the flows. The hostnames (but not IPs) are changing as follows: mac-depsigning1.srv.releng.mdc1.mozilla.com -> mac-v2-signing1.srv.releng.mdc1.mozilla.com mac-depsigning2.srv.releng.mdc1.mozilla.com -> mac-v2-signing2.srv.releng.mdc1.mozilla.com mac-depsigning3.srv.releng.mdc1.mozilla.com -> mac-v2-signing3.srv.releng.mdc1.mozilla.com mac-depsigning4.srv.releng.mdc2.mozilla.com -> mac-v2-signing4.srv.releng.mdc2.mozilla.com mac-depsigning5.srv.releng.mdc2.mozilla.com -> mac-v2-signing5.srv.releng.mdc2.mozilla.com mac-depsigning6.srv.releng.mdc2.mozilla.com -> mac-v2-signing6.srv.releng.mdc2.mozilla.com And these machines should now be treated the same as the other mac-v2-signing* machines as far as network flows go. Based on https://bugzilla.mozilla.org/show_bug.cgi?id=1381152, it looks like this might mean adding them to releng_signing?
Blocks: 1494067
Van, have you seen this? We'd like to bring these online tomorrow (Thurs) if possible.
Flags: needinfo?(vle)
Hm, I just realized that production signing workers can already access these servers, eg: $ nc -vz mac-v2-signing4.srv.releng.mdc2.mozilla.com 9120 Connection to mac-v2-signing4.srv.releng.mdc2.mozilla.com 9120 port [tcp/*] succeeded! ...which I guess is because of policy 8 from https://bugzilla.mozilla.org/show_bug.cgi?id=1381152#c2 So maybe there's nothing to do here other than perhaps update same hostnames in configs?
Assignee: network-operations → vle
Flags: needinfo?(vle)
:aki, can you test and let me know which have failed? if the IPs didn't change, it should work. i don't have an account to these boxes to test.
Flags: needinfo?(aki)
Looks like this is Just Working. Thanks Van!
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(aki)
Resolution: --- → FIXED
Do we need to rename anything anywhere to avoid future confusion when asking for ACLs for mac-v2-signing{1..6}? Eg: are they still listed as mac-depsigning{1..6} anywhere?
See Also: → 1500323
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.