We will be testing an external graphite hosting service and request all releng networks allow outbound tcp connections on port 2003 to carbon.hostedgraphite.com *.scl1 -> carbon.hostedgraphite.com tcp/2003 *.releng.scl3 -> carbon.hostedgraphite.com tcp/2003 *.releng.use1.aws -> carbon.hostedgraphite.com tcp/2003 *.releng.usw1.aws -> carbon.hostedgraphite.com tcp/2003 *.releng.usw2.aws -> carbon.hostedgraphite.com tcp/2003

The aws cases could probably be done by RelEng with a routing table change, so that the traffic goes direct to the server rather than back down the tunnel to SCL3 first.

It also requires that all machines have public IP addresses, or go through an AWS NAT instance. Nearly all of our instances have public IPs now, so this should be straightforward to do for the bulk of our machines in AWS.

Can we get an ETA on this? Does Releng need a seperate bug?

on it.

I've added the routes to carbon.hostedgraphite.com for our machines that have public IPs. The rest could go back via SCL3 for now.

(In reply to Chris AtLee [:catlee] from comment #5) > I've added the routes to carbon.hostedgraphite.com for our machines that > have public IPs. The rest could go back via SCL3 for now [root@dev-linux64-ec2-jwatkins.dev.releng.use1.mozilla.com ~]# nc -z carbon.hostedgraphite.com 2003 Connection to carbon.hostedgraphite.com 2003 port [tcp/cfinger] succeeded! Thanks. Verified

Should be good in SCL3.

...and SCL1. Please test.

Thanks. lgtm. [root@hp4.relabs.releng.scl3.mozilla.com ~]# nc -z carbon.hostedgraphite.com 2003 Connection to carbon.hostedgraphite.com 2003 port [tcp/cfinger] succeeded! [jwatkins@releng-puppet2.build.scl1.mozilla.com ~]$ nc -z carbon.hostedgraphite.com 2003 Connection to carbon.hostedgraphite.com 2003 port [tcp/cfinger] succeeded!