I'm unable to access: http://slavealloc.build.mozilla.org/ http://buildbot-master62.srv.releng.use1.mozilla.com:8001/ When using the new MozillaVPN (https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30769829). See dependant bug for where BuildVPN permission was granted. Thank you :-)

Since this is a custom setup and we are trying to avoid blanket access. I've created a group vpn_emorley for you with those two hosts in it. Please let me know if there is more access required and I can update the group. You'll need to disconnect/reconnect to get the changes.

Talked about this with Ed. We'd like to create a "sheriff" group for Ed, RyanVM, KWierso, and Tomcat that has access to the following: https://secure.pub.build.mozilla.org/slavealloc/ui/ (this is the new URL for slavealloc, with slavealloc.b.m.o now deprecated.) srv.releng.scl3.mozilla.com srv.releng.use1.mozilla.com srv.releng.usw2.mozilla.com buildbot-master45.build.scl1.mozilla.com buildbot-master44.build.scl1.mozilla.com buildbot-master43.build.scl1.mozilla.com buildbot-master42.build.scl1.mozilla.com buildbot-master29.build.scl1.mozilla.com buildbot-master22.build.scl1.mozilla.com buildbot-master20.build.scl1.mozilla.com buildbot-master10.build.scl1.mozilla.com

Ok, done. Except buildbots-masters 22, 20 and 10 aren't resolving for me, so I didn't add those. Is that an error? secure.pub.build.mozilla.org is a public IP. Does that still need to be routed through the VPN, or can I just leave that one out?

Note: I created vpn_sheriff and removed vpn_emorley. Added the other folks to vpn_sheriff. I think I still need one more tweak before kwierso can connect, since it's not a corp LDAP account, so might need to hold off on him testing.

(In reply to Justin Dow [:jabba] from comment #3) > Ok, done. > > Except buildbots-masters 22, 20 and 10 aren't resolving for me, so I didn't > add those. Is that an error? Whoops! Those three are mtv1, not scl1. > secure.pub.build.mozilla.org is a public IP. Does that still need to be > routed through the VPN, or can I just leave that one out? I...don't know. This is pretty new, so I'll have to defer to Dustin there.

It doesn't need to be routed through the VPN, no.

Ok, should be all good to go

master list for mtv1 missed one of the tegra masters: buildbot-master19.build.mtv1.mozilla.com

Added.

I can confirm I can successfully access the handful of buildbot masters I tried + that the new slavealloc URL is accessible without being connected to the VPN (albeit my LDAP perms don't appear to be sufficient but will file another bug) - thank you :-)

This appears to have regressed recently - not sure if just for me, or for all of the vpn_sheriff group. I can access the buildbot masters (eg http://buildbot-master70.srv.releng.use1.mozilla.com:8201/buildslaves/t-w864-ix-065) via the old Build VPN, but not via the new global Mozilla VPN. Note: bug 891789 touched my ldap groups recently, don't know if that inadvertently changed anything else.

10:29:23 - Tomcat: edmorley: the buildbot master page works for me 10:29:35 - Tomcat: no problem via the new vpn -> Seems like just my groups were reset?

Hmm, I don't see any problems with your groups. What kind of connection errors are you seeing? resolution failures, timeouts or connection refused?

And now it's working again, typical! :-) (I can't remember which error type now, sorry)