Closed
Bug 1126226
Opened 10 years ago
Closed 10 years ago
more treeherder flows
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mdoglio, Assigned: dcurado)
References
Details
(Keywords: treeherder)
Can you please add the following flows (etl nodes->readonly db) ?
Staging:
10.22.75.25 -> 10.22.70.92:3306
10.22.75.26 -> 10.22.70.92:3306
Production:
10.22.75.28 -> 10.22.27.116:3306
10.22.75.29 -> 10.22.27.116:3306
Comment 1•10 years ago
|
||
Please could we also have a dump of all of the flow configs for stage and prod please?
It would just be good to vet them to ensure we're not missing anything else - thanks :-)
Keywords: treeherder
Assignee | ||
Updated•10 years ago
|
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•10 years ago
|
||
The security policies you asked for have been added.
(sorry for the delay, I had an "energetic" meeting I had to be in, and could not multi-task)
Please let me know if there any problems?
Thanks.
From zone: private, To zone: db
Source addresses:
treeherder-etl2.stage: 10.22.75.26/32
treeherder-etl1.stage: 10.22.75.25/32
treeherder-rabbitmq1.stage: 10.22.75.31/32
treeherderadm: 10.22.75.150/32
Destination addresses:
treeherder-stage-ro-vip: 10.22.70.92/32
treeherder-stage-rw-vip: 10.22.70.42/32
Application: mysql
IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
Source port range: [0-0]
Destination port range: [3306-3306]
----------------------------------------------
From zone: private, To zone: metrics
Source addresses:
treeherder-etl2: 10.22.75.29/32
treeherder-etl1: 10.22.75.28/32
treeherder-rabbitmq1: 10.22.75.19/32
treeherderadm: 10.22.75.150/32
Destination addresses:
treeherder-ro-vip: 10.22.27.116/32
treeherder-rw-vip: 10.22.27.117/32
Application: mysql
IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
Source port range: [0-0]
Destination port range: [3306-3306]
Assignee | ||
Comment 3•10 years ago
|
||
As for comment #1 -- That is a non-trivial request.
Before spending, I don't know, a couple hours figuring that out
through via the firewall, is it really needed?
It may be the easiest way to get that information is querying netops bugs that mention
treeherder. Every request we've received has been completed, so that would be a complete
list. That said, I'm not sure that should fall on to our plate. You can do that work
as well as I can.
Flags: needinfo?(emorley)
Comment 4•10 years ago
|
||
(In reply to Dave Curado :dcurado from comment #3)
> Before spending, I don't know, a couple hours figuring that out
> through via the firewall, is it really needed?
I was just after a copy/paste of whatever configuration file I thought was checked into some private IT repo that managed these flows. If that's not how it works, then no worries.
Flags: needinfo?(emorley)
Assignee | ||
Comment 5•10 years ago
|
||
Ah, I see. Yes, if it was that easy, that would be great.
Unfortunately it's not. We translate the bugs we get into firewall syntax.
If this gets to be a serious issue, please re-open this bug, and I'll try to
get a listing of all the security policies.
I hope that sounds reasonable.
Thanks!
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment 6•10 years ago
|
||
Yeah that's absolutely fine - I don't expect you to spend hours doing that. Unfortunately everything's (understandably) a bit of a black box to those outside of it/ops, so it's hard to know how much work a request is.
Comment 7•10 years ago
|
||
Thank you for the new flows :-)
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•