ACL updates for launching scl2 sync storage

RESOLVED FIXED

Status

--
blocker
RESOLVED FIXED
8 years ago
5 years ago

People

(Reporter: petef, Assigned: dmoore)

Tracking

Details

(Reporter)

Description

8 years ago
These rules are to enable launching sync storage in scl2. We're hoping to launch on Wednesday afternoon, so ideally I'd like to start final testing tomorrow (Tuesday) with the rules below in place.

For stats and administration:
* wp-adm01.phx.weave.m.c (10.10.0.5) --> db vlans (first 25 VLANs are sufficient) in scl2 (tcp/3306)

For db replication:
* adm1.scl2.svc.m.c (10.14.2.5) -> wp-adm01.phx.weave.m.c (10.10.0.5) (tcp/3306)

For LDAP replication:
* ldap vlan in scl2 -> ldap vlan in phx (10.10.12.0/24) (tcp/389)

reference for SCL2 vlans:
https://intranet.mozilla.org/SysAdmin/index.php/Documentation/Colo_Layer42#Networking
(Assignee)

Updated

8 years ago
Assignee: network-operations → dmoore
(Assignee)

Updated

8 years ago
Severity: major → blocker
(Assignee)

Comment 1

8 years ago
For the record, the existing routing on wp-adm01 will use the 10.8.75.15 interface to reach the db vlans. I'll build the ACLs using this address.
(Assignee)

Comment 2

8 years ago
This distinction also applies for the db replication rule. If it's important that you use 10.10.0.5 instead of 10.8.75.15, let me know and we'll discuss how to change the routing on wp-adm01.
(Reporter)

Comment 3

8 years ago
Not a problem, we can update any host-based ACLs for phx->scl2 (first rule) and just use the right IP address when initiating connections from scl2->phx adm1 for replication.
(Assignee)

Comment 4

8 years ago
ACLs installed as requested.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.