Closed
Bug 603403
Opened 14 years ago
Closed 14 years ago
Please forward VNC for these two staging slaves for loan outside of build-vpn
Categories
(Infrastructure & Operations Graveyard :: NetOps, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: lsblakk, Assigned: ravi)
References
Details
talos-r3-xp-001 (10.250.48.231) talos-r3-w7-001 (10.250.48.237)
Comment 1•14 years ago
|
||
Any idea when this can be completed? It's blocking the continuous-integration of Jetpack, unfortunately.
Reporter | ||
Comment 2•14 years ago
|
||
Ping? ETA on this?
Comment 3•14 years ago
|
||
I talked to Clint Talbert today and he said that these should be accessible to me from mpt-vpn, which I do have access to. Is mpt-vpn different from build-vpn? If not, then I should be able to do it, I'll try this and report back.
Comment 4•14 years ago
|
||
mpt-vpn doesn't have access to the build network (but can with firewall changes).
Comment 5•14 years ago
|
||
Just to clarify, we *don't* need these to be world-accessible? Having access via the MPT VPN would be sufficient?
Reporter | ||
Comment 6•14 years ago
|
||
yes - just accessible in mpt-vpn is enough for this.
Comment 7•14 years ago
|
||
Oh, I see. Cool, I'll just wait for this bug to get resolved then.
Comment 8•14 years ago
|
||
We need this done soon, as Atul is chomping at the bit to figure out the issues on these machines so we can get our continuous integration infrastructure up and running and notify Firefox/Gecko developers immediately when their changes break the SDK (to avoid going through the pain we're currently going through at great cost). Thus bumping severity.
Severity: normal → major
Comment 9•14 years ago
|
||
I re-read this bug. Even easier - vpn to the office and we'll let that VPN into those two hosts, both of which are at the office. Working on that.
Assignee | ||
Comment 10•14 years ago
|
||
I'll have this completed today.
Assignee: dmoore → network-operations
Status: NEW → ASSIGNED
Component: Server Operations → Server Operations: Netops
Assignee | ||
Updated•14 years ago
|
Assignee: network-operations → ravi
Assignee | ||
Comment 11•14 years ago
|
||
I was scratching my head once I got the final request. Right now there is no restriction for the MTV VPN to reach any build host. Web VNC is not running... [root@mv-vpn01 openvpn]# nc -vz 10.250.48.231 5800 nc: connect to 10.250.48.231 port 5800 (tcp) failed: Connection refused [root@mv-vpn01 openvpn]# nc -vz 10.250.48.237 5800 nc: connect to 10.250.48.237 port 5800 (tcp) failed: Connection refused But the Java is... [root@mv-vpn01 openvpn]# nc -vz 10.250.48.231 5900 Connection to 10.250.48.231 5900 port [tcp/*] succeeded! [root@mv-vpn01 openvpn]# nc -vz 10.250.48.237 5900 Connection to 10.250.48.237 5900 port [tcp/*] succeeded! I put an explicit rule in place as to not close this access off in the future by accident. security { policies { from-zone internal to-zone build { /* Bug 603403 */ policy vnc { match { source-address office; destination-address build-vnc; application junos-vnc; } then { permit; } } } } zones { security-zone build { address-book { address talos-r3-xp-001 10.250.48.231/32; address talos-r3-w7-001 10.250.48.237/32; address-set build-vnc { address talos-r3-xp-001; address talos-r3-w7-001; } } } } } applications { application tcp-5900 { protocol tcp; destination-port 5900; } application-set vnc-java { application tcp-5900; } }
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Comment 12•14 years ago
|
||
Awesome, it works for me too, thanks!
Updated•14 years ago
|
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 13•14 years ago
|
||
Did the work on opening up VNC disable the Administrator account on talos-r3-w7-001? I can't seem to log back in with RDP to change passwords back. These slaves don't need forwarding anymore and can return to build-vpn access only.
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---
Comment 14•14 years ago
|
||
We only changed the firewall, nothing about the host/OS.
Status: REOPENED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 15•14 years ago
|
||
Ah, ok. Has that change been reversed now? The loan is done and we will be putting this back to releng-only.
Assignee | ||
Comment 16•14 years ago
|
||
The config has been pulled.
Updated•11 years ago
|
Product: mozilla.org → Infrastructure & Operations
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•