Closed Bug 637484 Opened 13 years ago Closed 13 years ago

ACL updates for launching scl2 sync storage

Categories

(Infrastructure & Operations Graveyard :: NetOps, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: petef, Assigned: dmoore)

Details

These rules are to enable launching sync storage in scl2. We're hoping to launch on Wednesday afternoon, so ideally I'd like to start final testing tomorrow (Tuesday) with the rules below in place.

For stats and administration:
* wp-adm01.phx.weave.m.c (10.10.0.5) --> db vlans (first 25 VLANs are sufficient) in scl2 (tcp/3306)

For db replication:
* adm1.scl2.svc.m.c (10.14.2.5) -> wp-adm01.phx.weave.m.c (10.10.0.5) (tcp/3306)

For LDAP replication:
* ldap vlan in scl2 -> ldap vlan in phx (10.10.12.0/24) (tcp/389)

reference for SCL2 vlans:
https://intranet.mozilla.org/SysAdmin/index.php/Documentation/Colo_Layer42#Networking
Assignee: network-operations → dmoore
Severity: major → blocker
For the record, the existing routing on wp-adm01 will use the 10.8.75.15 interface to reach the db vlans. I'll build the ACLs using this address.
This distinction also applies for the db replication rule. If it's important that you use 10.10.0.5 instead of 10.8.75.15, let me know and we'll discuss how to change the routing on wp-adm01.
Not a problem, we can update any host-based ACLs for phx->scl2 (first rule) and just use the right IP address when initiating connections from scl2->phx adm1 for replication.
ACLs installed as requested.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.