git mirror in PHX1 is hosted on outbound NAT ip for PHX1



7 years ago
5 years ago


(Reporter: Atoll, Assigned: cransom)





7 years ago
The outbound NAT ip for PHX1 is, which is also serving "" on port 80. This overlap seems unintentional; perhaps "gitmirror" should be served from a different IP?

10:46 < atoll>
10:46 < atoll> domain name pointer
10:49 < casey> that's odd.
10:51  * casey digs

Comment 1

7 years ago
somewhere along the line, svc-ops got a source nat IP for .244 and gitmirror got a destination nat for the same. I don't know which clobbered when, but gitmirror should get moved to a new IP.  I'll allocate a new IP and destnat.
Duplicate of this bug: 764924

Comment 3

7 years ago
I duplicated a PTR record at for gitmirror, added the dest nat on the firewall, verified flows will not need to be updated (built to an internal address, not changing).  Verified 9418 is listening on the new IP.

I'd move the A record as well but not sure who the owners are or who to coordinate with, so I'll leave that to serverops if that's ok.  After cut, I'll pull the dnat for 244.
I think oremj set this up, and various webops projects are using it for their updates. cc'ing them
The vast majority (all, maybe?) of our git-based apps are currently hosted on github rather than our own git, so I don't think there will be much that would be affected by this. Even if there was, we should have used a DNS name rather than an IP, so as long as DNS resolves to a working IP we should be okay.

TL;DR: I expect no WebOps breakage from this. :)

Note that I don't speak for AMO Ops (oremj/jthomas)... not sure if or how they'd be affected.
> Note that I don't speak for AMO Ops (oremj/jthomas)... not sure if or how
> they'd be affected.

We are also using github, so this should not affect us.
Jenkins stuff might be using the internal IP of gitmirror (since the machines are in the DMZ). If that's not affected ( IIRC) then jenkins/ should be fine.
We are fine with this.
Assignee: server-ops → network-operations
Component: Server Operations → Server Operations: Netops
QA Contact: phong → ravi

Comment 9

7 years ago
So you just want me to switch this at any time?

Comment 10

7 years ago
Ok, DNS has been flipped to .249. I'll pull the old configuration bits out tomorrow.


7 years ago
Assignee: network-operations → cransom

Comment 11

7 years ago
this was done last week.
Last Resolved: 7 years ago
Resolution: --- → FIXED
Product: → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.