Closed
Bug 743713
Opened 12 years ago
Closed 12 years ago
buildbot masters -> buildbot db VIPs
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: cransom)
References
Details
from: 10.12.48.18 (buildbot-master04.build.scl1.mozilla.com) 10.12.48.16 (buildbot-master06.build.scl1.mozilla.com) 10.2.71.132 (buildbot-master07.build.sjc1.mozilla.com) 10.2.71.133 (buildbot-master08.build.sjc1.mozilla.com) 10.2.71.134 (buildbot-master09.build.sjc1.mozilla.com) 10.2.71.142 (buildbot-master10.build.sjc1.mozilla.com) 10.2.71.142 (buildbot-master10.build.sjc1.mozilla.com) 10.12.49.11 (buildbot-master11.build.scl1.mozilla.com) 10.12.49.12 (buildbot-master12.build.scl1.mozilla.com) 10.12.49.13 (buildbot-master13.build.scl1.mozilla.com) 10.12.49.14 (buildbot-master14.build.scl1.mozilla.com) 10.12.49.15 (buildbot-master15.build.scl1.mozilla.com) 10.12.49.16 (buildbot-master16.build.scl1.mozilla.com) 10.12.49.17 (buildbot-master17.build.scl1.mozilla.com) 10.12.49.18 (buildbot-master18.build.scl1.mozilla.com) 10.250.48.237 (buildbot-master19.build.mtv1.mozilla.com) 10.250.48.238 (buildbot-master20.build.mtv1.mozilla.com) 10.12.49.19 (buildbot-master21.build.scl1.mozilla.com) 10.250.48.235 (buildbot-master22.build.mtv1.mozilla.com) 10.12.49.2 (buildbot-master23.build.scl1.mozilla.com) 10.12.49.3 (buildbot-master24.build.scl1.mozilla.com) 10.12.49.4 (buildbot-master25.build.scl1.mozilla.com) 10.2.71.144 (buildbot-master26.build.sjc1.mozilla.com) 10.2.71.141 (buildbot-master27.build.sjc1.mozilla.com) 10.26.48.17 (buildbot-master30.srv.releng.scl3.mozilla.com) 10.26.48.18 (buildbot-master31.srv.releng.scl3.mozilla.com) to buildbot-rw-vip.db.scl3.mozilla.com:tcp/3306 from 10.2.71.143 (cruncher.build.sjc1.mozilla.com) 10.12.48.22 (buildapi01.build.scl1.mozilla.com) to buildbot-rw-vip.db.scl3.mozilla.com:tcp/3306 (This is similar to the flows in bug 739194, just with different destination addresses. I suspect we will be able to remove those flows at the same time, but I'll let catlee make that call)
Assignee | ||
Comment 1•12 years ago
|
||
since 739194 already specifies the sources, it's basically no effort to add the -rw-vip destination and wait to remove the buildbot addresses later.
Assignee: network-operations → cransom
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•12 years ago
|
||
12:04 < catlee-mtg> dustin: yeah, we can probably shut them off 12:04 < catlee-mtg> there's one thing that I know of that uses it 12:04 < catlee-mtg> but it's not in the critical path anywhere so yes, please replace the flows in bug 739194 with these flows. That will save one flow bug :)
Status: ASSIGNED → NEW
Assignee | ||
Comment 3•12 years ago
|
||
flows replaced, here's what's getting applied: [edit security policies from-zone dc to-zone db policy buildbot1-mysql match] - source-address [ tm-b01-master01 buildbot-master ]; - destination-address buildbot1; - application mysql; + source-address tm-b01-master01; + destination-address buildbot1; + application mysql; [edit security policies from-zone dc to-zone db] policy b1-db-mysql { ... } + /* 743713 */ + policy buildbot-rw-vip-mysql { + match { + source-address [ buildbot-master cruncher.build.sjc1 buildapi01.build.scl1 ]; + destination-address buildbot-rw-vip; + application mysql; + } + then { + permit; + } + } - /* 739194 */ - policy buildbot2-mysql { - match { - source-address [ cruncher.build.sjc1 buildapi01.build.scl1 ]; - destination-address buildbot2; - application mysql; - } - then { - permit; - } - }
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Product: mozilla.org → Infrastructure & Operations
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•