git mirror in PHX1 is hosted on outbound NAT ip for PHX1

RESOLVED FIXED

Status

RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: atoll, Assigned: cransom)

Tracking

Details

The outbound NAT ip for PHX1 is 63.245.216.244, which is also serving "gitmirror.pub.phx1.mozilla.com" on port 80. This overlap seems unintentional; perhaps "gitmirror" should be served from a different IP?

10:46 < atoll> 63.245.216.244
10:46 < atoll> 244.216.245.63.in-addr.arpa domain name pointer gitmirror.pub.phx1.mozilla.com.
10:49 < casey> that's odd.
10:51  * casey digs
(Assignee)

Comment 1

6 years ago
somewhere along the line, svc-ops got a source nat IP for .244 and gitmirror got a destination nat for the same. I don't know which clobbered when, but gitmirror should get moved to a new IP.  I'll allocate a new IP and destnat.
Duplicate of this bug: 764924
(Assignee)

Comment 3

6 years ago
I duplicated a PTR record at 63.245.216.249 for gitmirror, added the dest nat on the firewall, verified flows will not need to be updated (built to an internal address, not changing).  Verified 9418 is listening on the new IP.

I'd move the A record as well but not sure who the owners are or who to coordinate with, so I'll leave that to serverops if that's ok.  After cut, I'll pull the dnat for 244.

Comment 4

6 years ago
I think oremj set this up, and various webops projects are using it for their updates. cc'ing them

Comment 5

6 years ago
The vast majority (all, maybe?) of our git-based apps are currently hosted on github rather than our own git, so I don't think there will be much that would be affected by this. Even if there was, we should have used a DNS name rather than an IP, so as long as DNS resolves to a working IP we should be okay.

TL;DR: I expect no WebOps breakage from this. :)

Note that I don't speak for AMO Ops (oremj/jthomas)... not sure if or how they'd be affected.
> Note that I don't speak for AMO Ops (oremj/jthomas)... not sure if or how
> they'd be affected.

We are also using github, so this should not affect us.
Jenkins stuff might be using the internal IP of gitmirror (since the machines are in the DMZ). If that's not affected (gitmirror1.dmz.phx1.mozilla.com IIRC) then jenkins/ci.mozilla.org should be fine.

Comment 8

6 years ago
We are fine with this.
Assignee: server-ops → network-operations
Component: Server Operations → Server Operations: Netops
QA Contact: phong → ravi
(Assignee)

Comment 9

6 years ago
So you just want me to switch this at any time?
(Assignee)

Comment 10

6 years ago
Ok, DNS has been flipped to .249. I'll pull the old configuration bits out tomorrow.
Status: NEW → ASSIGNED
(Assignee)

Updated

6 years ago
Assignee: network-operations → cransom
(Assignee)

Comment 11

6 years ago
this was done last week.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.