Closed
Bug 849161
Opened 11 years ago
Closed 11 years ago
Access to elasticsearch-zlb.dev.vlan81.phx.mozilla.com from mpt-vpn on port 9200
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: emorley, Assigned: arzhel)
References
Details
* To develop TBPL/OrangeFactor, I need access to their Elastic Search DBs. * Those DBs currently lives at elasticsearch1.metrics.scl3.mozilla.com, which is accessible over MPT-VPN. * I have access to MPT-VPN (bug 769701). * Bug 772503 is wanting to migrate our Elastic Search DB over to IT's SCL3 ES instance at elasticsearch-zlb.webapp.scl3.mozilla.com * MPT-VPN won't let me connect to elasticsearch-zlb.webapp.scl3.mozilla.com -> I need SCL3 VPN access so I can continue to develop locally. Many thanks :-)
Flags: needinfo?(jstevensen)
Updated•11 years ago
|
Whiteboard: [sysadmin needed]
Reporter | ||
Comment 1•11 years ago
|
||
Any news on this? :-)
Reporter | ||
Comment 2•11 years ago
|
||
Ping
Comment 3•11 years ago
|
||
Please set Ed up on the new VPN with access to elasticsearch1.metrics.scl3.mozilla.com.
Flags: needinfo?(jstevensen)
Comment 4•11 years ago
|
||
I've created a shell account on rocky (scl3 jumphost) with your ssh key. You should be able to ssh in, set a local password, and use that to authenticate over VPN. Let me know if you have any problems.
Assignee: server-ops → mburns
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 5•11 years ago
|
||
Sorry, but this access will have to be revoked ASAP. We will instead let you access elasticsearch1.metrics.scl3.mozilla.com via MPT-VPN, which is SOP for these kind of requests.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 6•11 years ago
|
||
Or, per comment 3, this is a perfect use for the new Mozilla global VPN[1]. [1]https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30769829
Comment 8•11 years ago
|
||
(In reply to Michael Burns [:mburns] from comment #4) > I've created a shell account on rocky (scl3 jumphost) with your ssh key. You > should be able to ssh in, set a local password, and use that to authenticate > over VPN. > > Let me know if you have any problems. Please remove this account, and don't ever create a manual account again without explicit OpSec approval. Page or call my mobile phone if this is an issue.
Comment 9•11 years ago
|
||
(In reply to Dumitru Gherman [:dumitru] from comment #6) > Or, per comment 3, this is a perfect use for the new Mozilla global VPN[1]. > > [1]https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30769829 Comment 3 is incorrect, so yeah doesn't hold :) Ed, we're going to get you access to elasticsearch-zlb.dev.vlan81.phx.mozilla.com:9200 over mpt-vpn if that works for you. That's the ES dev cluster and you can do all your dev/stage testing there. Sounds good?
Updated•11 years ago
|
Summary: Please may Ed Morley have SCL3 VPN access → Access to elasticsearch-zlb.dev.vlan81.phx.mozilla.com from mpt-vpn
Reporter | ||
Comment 10•11 years ago
|
||
(In reply to Shyam Mani [:fox2mike] from comment #9) > Ed, we're going to get you access to > elasticsearch-zlb.dev.vlan81.phx.mozilla.com:9200 over mpt-vpn if that works > for you. That's the ES dev cluster and you can do all your dev/stage testing > there. Sounds good? Yup that works equally as well from my POV (I didn't know setting up this flow was an option). Sorry if this request has caused any hassle!
Comment 11•11 years ago
|
||
(In reply to Ed Morley [:edmorley UTC+0] from comment #10) > (In reply to Shyam Mani [:fox2mike] from comment #9) > > Ed, we're going to get you access to > > elasticsearch-zlb.dev.vlan81.phx.mozilla.com:9200 over mpt-vpn if that works > > for you. That's the ES dev cluster and you can do all your dev/stage testing > > there. Sounds good? > > Yup that works equally as well from my POV (I didn't know setting up this > flow was an option). Sorry if this request has caused any hassle! Not your fault at all :) Over to netops. Please open mpt-vpn to elasticsearch-zlb.dev.vlan81.phx.mozilla.com port 9200 please. Thanks!
Assignee: mburns → network-operations
Status: REOPENED → NEW
Component: Server Operations: Account Requests → Server Operations: ACL Request
QA Contact: tfairfield → ravi
Whiteboard: [sysadmin needed]
Comment 12•11 years ago
|
||
please, please. double, please. I should take a break :D
Assignee | ||
Updated•11 years ago
|
Assignee: network-operations → arzhel
Assignee | ||
Comment 13•11 years ago
|
||
Connection to elasticsearch-zlb.dev.vlan81.phx.mozilla.com 9200 port [tcp/wap-wsp] succeeded!
Status: NEW → RESOLVED
Closed: 11 years ago → 11 years ago
Flags: needinfo?
Resolution: --- → FIXED
Updated•11 years ago
|
Flags: needinfo?
Reporter | ||
Comment 14•11 years ago
|
||
My fault for not catching that the FQDN in comment 9 differed from the one I gave in comment 0, but I need access to the SCL3 ES instance not PHX, and production not dev/staging. ie mpt-vpn -> elasticsearch-zlb.webapp.scl3.mozilla.com:9200
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Updated•11 years ago
|
Summary: Access to elasticsearch-zlb.dev.vlan81.phx.mozilla.com from mpt-vpn → Access to elasticsearch-zlb.webapp.scl3.mozilla.com from mpt-vpn on port 9200
Comment 15•11 years ago
|
||
(In reply to Ed Morley [:edmorley UTC+1] from comment #14) > My fault for not catching that the FQDN in comment 9 differed from the one I > gave in comment 0, but I need access to the SCL3 ES instance not PHX, and > production not dev/staging. > > ie mpt-vpn -> elasticsearch-zlb.webapp.scl3.mozilla.com:9200 Why do you need access to production? We don't give anyone access to production instances as far as I know, which is why I asked webops and made this request. For development purposes, please use the dev instance?
Reporter | ||
Comment 16•11 years ago
|
||
(In reply to Shyam Mani [:fox2mike] from comment #15) > Why do you need access to production? We don't give anyone access to > production instances as far as I know, which is why I asked webops and made > this request. For development purposes, please use the dev instance? The dev instance is empty & I really need up to date production data with which to test each time (the data is submitted to ES from TBPL; OrangeFactor just visualises it and doesn't write to the DB). When this came up before I thought the ES db size was deemed too large to mirror, but I can't seem to find the bug where that was discussed now. We could always just mirror the last 2-4 weeks of records I guess? (A few GB perhaps?). We also don't have a dev/staging instance for OrangeFactor at the moment either.
Reporter | ||
Comment 17•11 years ago
|
||
Oh, I've just found bug 755365, the last few comments of which seem helpful. mcote/jgriffin, can you weigh in here (mainly comment 15).
Comment 18•11 years ago
|
||
Yes, we need access to current live data for development purposes. This either needs to come from the production ES cluster, or we'll need to implement a way to automatically mirror that data into the dev ES cluster.
Comment 20•11 years ago
|
||
Phrawzty, your thoughts on comment #16, please? :)
Flags: needinfo?(dmaher)
Comment 21•11 years ago
|
||
(In reply to Ed Morley [:edmorley UTC+1] from comment #16) > The dev instance is empty & I really need up to date production data with > which to test each time (the data is submitted to ES from TBPL; OrangeFactor > just visualises it and doesn't write to the DB). When this came up before I > thought the ES db size was deemed too large to mirror, but I can't seem to > find the bug where that was discussed now. We could always just mirror the > last 2-4 weeks of records I guess? (A few GB perhaps?). We also don't have a > dev/staging instance for OrangeFactor at the moment either. As I mentioned in bugs 755365 and 772503, there are three ES clusters that may be interesting to you : production clusters at each of PHX1 and SCL3, and a development cluster at PHX1. As you mentioned just above, you only need a few GB of data, therefore one of those clusters (the dev PHX1 cluster, for example) would be largely sufficient; the comments above would seem to indicate that this access has already been granted. If you have a specific need for direct access to an ES cluster at SCL3, then we do not have a solution for you at this time, as there is only a production ES cluster at that data centre. In determining the need for said solution, it may be worth noting that there is plenty of bandwidth available between SCL3 and PHX1, and that the round-trip latency is around 20ms.
Flags: needinfo?(dmaher)
Reporter | ||
Comment 22•11 years ago
|
||
Ok, fair enough. Filed bug 860256 to set up the mirroring to the PHX dev instance and morphing this bug to be about setting up flows that dev instance (which is already complete).
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
Summary: Access to elasticsearch-zlb.webapp.scl3.mozilla.com from mpt-vpn on port 9200 → Access to elasticsearch-zlb.dev.vlan81.phx.mozilla.com from mpt-vpn on port 9200
Updated•11 years ago
|
Product: mozilla.org → Infrastructure & Operations
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•