Add route to phx to build-vpn

RESOLVED FIXED

Status

Release Engineering
General
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: nthomas, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
I'd like to be able to reach
 symbols1.dmz.phx1.mozilla.com, 10.8.74.48
 dp-ausstage01.phx.mozilla.com, 10.8.74.30
using the build-vpn (rather than bouncing through a jump host like mpt-vpn). Could we advertise the route ?

Doesn't really block bug 741648, more for tracking.
This isn't about advertising routes, really - it's firewall flows.

You can access symbols1 at symbolpush.mozilla.org with no VPN at all, so that's moot.

dp-ausstage01 is already accessible from build-network hosts.  I *think* the new build VPN host is on the list of allowed source IPs (10.26/16), so this will probably just work once that VPN host is up.  In fact, I think the same will be the case for symbols1.  Can you verify at that time, and bump back if it doesn't work?
Assignee: server-ops-releng → nobody
Component: Server Operations: RelEng → Release Engineering
QA Contact: mrz → release
(Reporter)

Comment 2

6 years ago
Luckily port 22 is open from build-vpn.m.c, so I just added a manual route to my Viscosity config to get ssh connections working. Port 80 is blocked but I can just use mpt-vpn in the meantime if I need that.
(Reporter)

Comment 3

6 years ago
Updated situation from irc convo:
* arr gave the netops bug blocking the new vpn a prod (743857), letting them know it would be helpful to have that vpn up so that we can reach aus3-staging for release taks
* if that doesn't work out RelEng can use the existing vpn with documented work arounds
(Reporter)

Updated

6 years ago
No longer blocks: 741648

Comment 4

6 years ago
Nick reports that this is working via the new scl3-based build-vpn.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Updated

5 years ago
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.