The outbound NAT ip for PHX1 is 220.127.116.11, which is also serving "gitmirror.pub.phx1.mozilla.com" on port 80. This overlap seems unintentional; perhaps "gitmirror" should be served from a different IP? 10:46 < atoll> 18.104.22.168 10:46 < atoll> 244.216.245.63.in-addr.arpa domain name pointer gitmirror.pub.phx1.mozilla.com. 10:49 < casey> that's odd. 10:51 * casey digs
somewhere along the line, svc-ops got a source nat IP for .244 and gitmirror got a destination nat for the same. I don't know which clobbered when, but gitmirror should get moved to a new IP. I'll allocate a new IP and destnat.
I duplicated a PTR record at 22.214.171.124 for gitmirror, added the dest nat on the firewall, verified flows will not need to be updated (built to an internal address, not changing). Verified 9418 is listening on the new IP. I'd move the A record as well but not sure who the owners are or who to coordinate with, so I'll leave that to serverops if that's ok. After cut, I'll pull the dnat for 244.
I think oremj set this up, and various webops projects are using it for their updates. cc'ing them
The vast majority (all, maybe?) of our git-based apps are currently hosted on github rather than our own git, so I don't think there will be much that would be affected by this. Even if there was, we should have used a DNS name rather than an IP, so as long as DNS resolves to a working IP we should be okay. TL;DR: I expect no WebOps breakage from this. :) Note that I don't speak for AMO Ops (oremj/jthomas)... not sure if or how they'd be affected.
> Note that I don't speak for AMO Ops (oremj/jthomas)... not sure if or how > they'd be affected. We are also using github, so this should not affect us.
Jenkins stuff might be using the internal IP of gitmirror (since the machines are in the DMZ). If that's not affected (gitmirror1.dmz.phx1.mozilla.com IIRC) then jenkins/ci.mozilla.org should be fine.
We are fine with this.
Assignee: server-ops → network-operations
Component: Server Operations → Server Operations: Netops
QA Contact: phong → ravi
So you just want me to switch this at any time?
Ok, DNS has been flipped to .249. I'll pull the old configuration bits out tomorrow.
Status: NEW → ASSIGNED
this was done last week.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.