Closed Bug 742083 Opened 8 years ago Closed 8 years ago

Flow request for RelEng --> symbols1.dmz.phx1.mozilla.com & dp-ausstage01.phx.mozilla.com

Categories

(Infrastructure & Operations :: NetOps: DC ACL Request, task, major)

x86
All
task
Not set
major

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: nthomas, Assigned: cransom)

References

Details

Our build slaves,
 10.250.48.0/22
 10.2.90.0/23
 10.2.48.0/24
 10.2.71.0/24
 10.12.48.0/21
 10.26.0.0./16
need to reach
 symbols1.dmz.phx1.mozilla.com, 10.8.74.48
 dp-ausstage01.phx.mozilla.com, 10.8.74.30
via ssh and scp. Please open a network flow to enable  that.
Assignee: network-operations → cransom
open and verified.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
(In reply to Nick Thomas [:nthomas] from comment #0)
>  10.2.90.0/23  (moz2-linux-slave27.build.m.o, try-linux-slave24.build.m.o)
>  10.2.71.0/24  (bm-xserve15.build.m.o)

These blocks aren't working from the hosts listed in brackets. Perhaps they got left out because they're in sjc1 ? We'll need the flows between moving the two services to phx1 and deprecating the machines in scj1.

>  10.12.48.0/21

10.2.48 through 51 are OK for both hosts, but 10.12.52 can't open dp-ausstage01.phx.mozilla.com.  It would be good to fix this, but it's not critical right now.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
the build-vpn hosts should be fixed though I don't have creds to verify. it's an artifact of the old firewall that I didn't think to check and will go away soon.

10.12.48.0 was incorrectly figured as a /22, i've updated that to a /21 and should be functional now.
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
Looks great now, thanks Casey.
Status: RESOLVED → VERIFIED
Sorry, I missed our win64 machines in 10.2.40.0/22
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
where does 10.2.40 live? I don't see that attached to a firewall.
nick meant 10.12.40.0/22 (winbuild in scl1)
I did. Looking forward to not making the .2/.12 typo any more when sjc1 goes away.
When could we grant 10.12.40.0/22 access too ?
Casey (not unreasonably) likes new bugs.  I'll open one.
bug 745164
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
hrm. swore I updated this and fixed 10.12.40, it's been in there for a few days if you can verify.
Works well now, thanks.
Status: RESOLVED → VERIFIED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.