Closed Bug 846538 Opened 13 years ago Closed 12 years ago

Please open access from Socorro dev/stage to elasticsearch dev/stage

Categories

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps: DC ACL Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: adrian, Assigned: ahill)

Details

Hi! We are going to need access to our fresh elasticsearch clusters from Socorro dev and stage. = dev = from: 10.8.74.64 to: 10.8.81.10[2,3,4]:9200 = stage = from: * 10.8.75.48 * 10.8.100.7[4,5] * 10.8.81.5[5,6] to: 10.8.81.10[5,6,7,8,9]:9200 I think we will also need to open access to the load balancers for those clusters, but I cannot find any information about them. :phrawzty might know, but we can do without for the moment. Thanks, Adrian
Summary: Please open acces from Socorro dev/stage to elasticsearch dev/stage → Please open access from Socorro dev/stage to elasticsearch dev/stage
Assignee: network-operations → ahill
Priority: -- → P3
This blocks a quarterly goal for us. If you get the chance to take a look at it in the next couple of days I would be grateful. Thanks!
To be honest, the jury is still out on whether fronting the ES clusters via Zeus is actually a good idea or not; that said, it is how every other ES cluster is set up in our environment already. In the interest of consistency, I will go ahead and set up Zeus balancing for your extant Dev and Stage ES clusters. This will obviously alter the flows requested in comment #0. I will update this ticket with the correct "to" lines once IPs have been assigned.
Flags: needinfo?(dmaher)
Priority: P3 → --
Daniel, can I get an update on this please?
Rejoice! The Zeus VIPs are active : * socorro-es.dev.webapp.phx1.mozilla.com (10.8.81.198) * socorro-es.stage.webapp.phx1.mozilla.com (10.8.81.199) The flows, therefore, are : From: * socorro1.dev.dmz.phx1 (10.8.74.64) To: * socorro-es.dev.webapp.phx1 (10.8.81.198) : tcp/9200 and From: * socorroadm.stage.private.phx1 (10.8.75.48) * socorro-processor[1,2].stage.metrics.phx1 (10.8.100.7[4,5]) * socorro-mware[1,2].stage.webapp.phx1 (10.8.81.5[5,6]) To: * socorro-es.stage.webapp.phx1 (10.8.81.199) : tcp/9200 I would also like to personally apologise for my slow reaction time on this bug. If there's anything more I can do to help you guys out, please don't hesitate to let me know.
Flags: needinfo?(dmaher) → needinfo?(ahill)
Opened. Let me know if there are any issues.
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: needinfo?(ahill)
Resolution: --- → FIXED
[agaudebert@socorroadm.stage.private.phx1 ~]$ curl -XGET socorro-es.stage.webapp.phx1.mozilla.com curl: (7) couldn't connect to host Same thing from all 5 stage hosts. dev works fine though.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
There is no firewall between socorrow-mware[1,2].stage.webapp and socorro-es.stage.webapp since they reside on the same vlan. If you cannot connect between those hosts, there may be some other issue (firewall on socorro-es.stage? socorro-es.stage not listening on 9200?) I double checked the flows on the other stage hosts and they look correct per your request. Feel free to find me in irc (ahill in #netops) and we can troubleshoot.
I forgot to specify the port in my command... Sorry about that. Verified, working on all hosts. Thanks!
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.