emergency flow requests for keymaster01 and keystage01.dmz.scl3.mozilla.com

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps: DC ACL Request
RESOLVED FIXED
6 years ago
4 years ago

People

(Reporter: arr, Assigned: dmoore)

Tracking

Details

(Reporter)

Description

6 years ago
Long story short, these blades were not supposed to move till next week.  Releng doesn't have a chassis.  They're sitting in an infra chassis in the dmz right now because there's no networking back to the releng bu from any existing chassis.

This situation is temporary (a few weeks at best?) because these hosts will be going away when the thunderbird infrastructure is fully merged into the firefox releng infrastructure.

Since these should be on the releng bu but are not, can we please:

Please allow access to these two vms from all releng VLANs.
Please allow all outgoing connections.

I'm hoping that will pretty much equal what they had in sjc1.
(Assignee)

Updated

6 years ago
Assignee: network-operations → dmoore
(Assignee)

Comment 1

6 years ago
dmoore@fw1.scl3# show | compare rollback 1 
[edit security policies from-zone dc to-zone dmz]
+     /* 753122 */
+     policy keyservers-build {
+         match {
+             source-address build;
+             destination-address [ keystage01 keymaster01 ];
+             application any;
+         }
+         then {
+             permit;
+         }
+     }
[edit security zones security-zone dmz address-book]
       address ftp3 { ... }
+      address keystage01 10.22.74.143/32;
+      address keymaster01 10.22.74.144/32;
(Assignee)

Comment 2

6 years ago
dmoore@fw1a.scl1# show | compare 
[edit security zones security-zone untrust address-book]
+      address keymaster01.dmz.scl3 10.22.74.144/32;
+      address keystage01.dmz.scl3 10.22.74.143/32;
[edit security zones security-zone untrust address-book address-set all-build-nets]
+       address keymaster01.dmz.scl3;
+       address keystage01.dmz.scl3;
(Assignee)

Comment 3

6 years ago
dmoore@fw1a.mtv1.mozilla.net# show | compare
[edit security zones security-zone external address-book]
+      address keymaster01.dmz.scl3 10.22.74.144/32;
+      address keystage01.dmz.scl3 10.22.74.143/32;
[edit security zones security-zone external address-book address-set build]
+       address keymaster01.dmz.scl3;
+       address keystage01.dmz.scl3;
(Reporter)

Updated

5 years ago
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.