Closed
Bug 743713
Opened 12 years ago
Closed 12 years ago
buildbot masters -> buildbot db VIPs
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: cransom)
References
Details
from: 10.12.48.18 (buildbot-master04.build.scl1.mozilla.com) 10.12.48.16 (buildbot-master06.build.scl1.mozilla.com) 10.2.71.132 (buildbot-master07.build.sjc1.mozilla.com) 10.2.71.133 (buildbot-master08.build.sjc1.mozilla.com) 10.2.71.134 (buildbot-master09.build.sjc1.mozilla.com) 10.2.71.142 (buildbot-master10.build.sjc1.mozilla.com) 10.2.71.142 (buildbot-master10.build.sjc1.mozilla.com) 10.12.49.11 (buildbot-master11.build.scl1.mozilla.com) 10.12.49.12 (buildbot-master12.build.scl1.mozilla.com) 10.12.49.13 (buildbot-master13.build.scl1.mozilla.com) 10.12.49.14 (buildbot-master14.build.scl1.mozilla.com) 10.12.49.15 (buildbot-master15.build.scl1.mozilla.com) 10.12.49.16 (buildbot-master16.build.scl1.mozilla.com) 10.12.49.17 (buildbot-master17.build.scl1.mozilla.com) 10.12.49.18 (buildbot-master18.build.scl1.mozilla.com) 10.250.48.237 (buildbot-master19.build.mtv1.mozilla.com) 10.250.48.238 (buildbot-master20.build.mtv1.mozilla.com) 10.12.49.19 (buildbot-master21.build.scl1.mozilla.com) 10.250.48.235 (buildbot-master22.build.mtv1.mozilla.com) 10.12.49.2 (buildbot-master23.build.scl1.mozilla.com) 10.12.49.3 (buildbot-master24.build.scl1.mozilla.com) 10.12.49.4 (buildbot-master25.build.scl1.mozilla.com) 10.2.71.144 (buildbot-master26.build.sjc1.mozilla.com) 10.2.71.141 (buildbot-master27.build.sjc1.mozilla.com) 10.26.48.17 (buildbot-master30.srv.releng.scl3.mozilla.com) 10.26.48.18 (buildbot-master31.srv.releng.scl3.mozilla.com) to buildbot-rw-vip.db.scl3.mozilla.com:tcp/3306 from 10.2.71.143 (cruncher.build.sjc1.mozilla.com) 10.12.48.22 (buildapi01.build.scl1.mozilla.com) to buildbot-rw-vip.db.scl3.mozilla.com:tcp/3306 (This is similar to the flows in bug 739194, just with different destination addresses. I suspect we will be able to remove those flows at the same time, but I'll let catlee make that call)
|
Assignee | |
Comment 1•12 years ago
|
||
since 739194 already specifies the sources, it's basically no effort to add the -rw-vip destination and wait to remove the buildbot addresses later.
Assignee: network-operations → cransom
Status: NEW → ASSIGNED
|
Reporter | |
Comment 2•12 years ago
|
||
12:04 < catlee-mtg> dustin: yeah, we can probably shut them off 12:04 < catlee-mtg> there's one thing that I know of that uses it 12:04 < catlee-mtg> but it's not in the critical path anywhere so yes, please replace the flows in bug 739194 with these flows. That will save one flow bug :)
Status: ASSIGNED → NEW
|
|
Assignee | |
Comment 3•12 years ago
|
||
flows replaced, here's what's getting applied:
[edit security policies from-zone dc to-zone db policy buildbot1-mysql match]
- source-address [ tm-b01-master01 buildbot-master ];
- destination-address buildbot1;
- application mysql;
+ source-address tm-b01-master01;
+ destination-address buildbot1;
+ application mysql;
[edit security policies from-zone dc to-zone db]
policy b1-db-mysql { ... }
+ /* 743713 */
+ policy buildbot-rw-vip-mysql {
+ match {
+ source-address [ buildbot-master cruncher.build.sjc1 buildapi01.build.scl1 ];
+ destination-address buildbot-rw-vip;
+ application mysql;
+ }
+ then {
+ permit;
+ }
+ }
- /* 739194 */
- policy buildbot2-mysql {
- match {
- source-address [ cruncher.build.sjc1 buildapi01.build.scl1 ];
- destination-address buildbot2;
- application mysql;
- }
- then {
- permit;
- }
- }Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Product: mozilla.org → Infrastructure & Operations
|
||
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•