These rules are to enable launching sync storage in scl2. We're hoping to launch on Wednesday afternoon, so ideally I'd like to start final testing tomorrow (Tuesday) with the rules below in place. For stats and administration: * wp-adm01.phx.weave.m.c (10.10.0.5) --> db vlans (first 25 VLANs are sufficient) in scl2 (tcp/3306) For db replication: * adm1.scl2.svc.m.c (10.14.2.5) -> wp-adm01.phx.weave.m.c (10.10.0.5) (tcp/3306) For LDAP replication: * ldap vlan in scl2 -> ldap vlan in phx (10.10.12.0/24) (tcp/389) reference for SCL2 vlans: https://intranet.mozilla.org/SysAdmin/index.php/Documentation/Colo_Layer42#Networking
For the record, the existing routing on wp-adm01 will use the 10.8.75.15 interface to reach the db vlans. I'll build the ACLs using this address.
This distinction also applies for the db replication rule. If it's important that you use 10.10.0.5 instead of 10.8.75.15, let me know and we'll discuss how to change the routing on wp-adm01.
Not a problem, we can update any host-based ACLs for phx->scl2 (first rule) and just use the right IP address when initiating connections from scl2->phx adm1 for replication.
ACLs installed as requested.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.