Closed
Bug 753122
Opened 12 years ago
Closed 11 years ago
emergency flow requests for keymaster01 and keystage01.dmz.scl3.mozilla.com
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
x86
macOS
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: arich, Assigned: dmoore)
Details
Long story short, these blades were not supposed to move till next week. Releng doesn't have a chassis. They're sitting in an infra chassis in the dmz right now because there's no networking back to the releng bu from any existing chassis. This situation is temporary (a few weeks at best?) because these hosts will be going away when the thunderbird infrastructure is fully merged into the firefox releng infrastructure. Since these should be on the releng bu but are not, can we please: Please allow access to these two vms from all releng VLANs. Please allow all outgoing connections. I'm hoping that will pretty much equal what they had in sjc1.
Assignee | ||
Updated•12 years ago
|
Assignee: network-operations → dmoore
Assignee | ||
Comment 1•12 years ago
|
||
dmoore@fw1.scl3# show | compare rollback 1 [edit security policies from-zone dc to-zone dmz] + /* 753122 */ + policy keyservers-build { + match { + source-address build; + destination-address [ keystage01 keymaster01 ]; + application any; + } + then { + permit; + } + } [edit security zones security-zone dmz address-book] address ftp3 { ... } + address keystage01 10.22.74.143/32; + address keymaster01 10.22.74.144/32;
Assignee | ||
Comment 2•12 years ago
|
||
dmoore@fw1a.scl1# show | compare [edit security zones security-zone untrust address-book] + address keymaster01.dmz.scl3 10.22.74.144/32; + address keystage01.dmz.scl3 10.22.74.143/32; [edit security zones security-zone untrust address-book address-set all-build-nets] + address keymaster01.dmz.scl3; + address keystage01.dmz.scl3;
Assignee | ||
Comment 3•12 years ago
|
||
dmoore@fw1a.mtv1.mozilla.net# show | compare [edit security zones security-zone external address-book] + address keymaster01.dmz.scl3 10.22.74.144/32; + address keystage01.dmz.scl3 10.22.74.143/32; [edit security zones security-zone external address-book address-set build] + address keymaster01.dmz.scl3; + address keystage01.dmz.scl3;
Reporter | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Product: mozilla.org → Infrastructure & Operations
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•