Closed Bug 753122 Opened 12 years ago Closed 11 years ago

emergency flow requests for keymaster01 and keystage01.dmz.scl3.mozilla.com

Categories

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps: DC ACL Request
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: arich, Assigned: dmoore)

Details

Long story short, these blades were not supposed to move till next week.  Releng doesn't have a chassis.  They're sitting in an infra chassis in the dmz right now because there's no networking back to the releng bu from any existing chassis.

This situation is temporary (a few weeks at best?) because these hosts will be going away when the thunderbird infrastructure is fully merged into the firefox releng infrastructure.

Since these should be on the releng bu but are not, can we please:

Please allow access to these two vms from all releng VLANs.
Please allow all outgoing connections.

I'm hoping that will pretty much equal what they had in sjc1.
Assignee: network-operations → dmoore
dmoore@fw1.scl3# show | compare rollback 1 
[edit security policies from-zone dc to-zone dmz]
+     /* 753122 */
+     policy keyservers-build {
+         match {
+             source-address build;
+             destination-address [ keystage01 keymaster01 ];
+             application any;
+         }
+         then {
+             permit;
+         }
+     }
[edit security zones security-zone dmz address-book]
       address ftp3 { ... }
+      address keystage01 10.22.74.143/32;
+      address keymaster01 10.22.74.144/32;
dmoore@fw1a.scl1# show | compare 
[edit security zones security-zone untrust address-book]
+      address keymaster01.dmz.scl3 10.22.74.144/32;
+      address keystage01.dmz.scl3 10.22.74.143/32;
[edit security zones security-zone untrust address-book address-set all-build-nets]
+       address keymaster01.dmz.scl3;
+       address keystage01.dmz.scl3;
dmoore@fw1a.mtv1.mozilla.net# show | compare
[edit security zones security-zone external address-book]
+      address keymaster01.dmz.scl3 10.22.74.144/32;
+      address keystage01.dmz.scl3 10.22.74.143/32;
[edit security zones security-zone external address-book address-set build]
+       address keymaster01.dmz.scl3;
+       address keystage01.dmz.scl3;
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.