Closed Bug 798490 Opened 12 years ago Closed 12 years ago

Open SSH between ftp*.dmz.scl3 and metrics-logger1.private.scl3

Categories

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps: DC ACL Request
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: ericz, Unassigned)

Details

Currently we have SSH open between ftp[1-6].dmz.scl3 and metrics-logger1.private.scl3 for log transfer.  I just put all of the log transfer bits into Puppet so when we add a new FTP server it'll automatically start transferring logs to metrics-logger1.  The only problem I foresee is not having a netflow in place for new FTP servers.  I don't know what our firewall capabilities are, but can we make it so a new FTP server like ftp[1-6].dmz.scl3 will automatically be able to ssh logs to metrics-logger1?
We currently don't have a way to accomplish this.  We can't leave holes in the network awaiting new servers, so each new flow needs to be reviewed before it is opened.  

Once the inventory system is more integrated with the network acl policy, this can be much more automated.

In the meantime, the flow from the ftp servers and logger is mostly trivial and would only take a few minutes to review and open once the request is submitted.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.