Page MenuHomePhabricator
Create Task
Maniphest T174203

Investigate decommissioning two eqiad-frack vlans
Closed, ResolvedPublic
Actions

Description

the frack infra in eqiad has two vlans not present in codfw:

  • frack-external1-c-eqiad (doesn't seem to have any host in it)
  • frack-DMZ1-c-eqiad (one host)

In an optic of having the less differences between the two sites, are those vlans still needed?

Related Objects

Event Timeline

ayounsi created this task.Aug 25 2017, 8:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 25 2017, 8:31 PM
Jgreen added a comment.Aug 25 2017, 8:57 PM

Sounds like frack-external1-c-eqiad serves no purpose anymore and we should remove it.

DMZ1 has samarium in it, which is a public-reporting webserver. Since we're using host-based firewalls, I think it would be fine to merge this VLAN with the payments-listener server VLAN.

Jgreen changed the task status from Open to Stalled.Jun 21 2018, 7:02 PM
Jgreen moved this task from Triage to Backlog on the fundraising-tech-ops board.Feb 19 2020, 10:50 PM
Aklapper changed the task status from Stalled to Open.Aug 16 2020, 2:10 PM

@Jgreen: Boldly resetting task status as the previous comments don't explain who or what (task?) exactly this task is stalled on ("If a report is waiting for further input (e.g. from its reporter or a third party) and can currently not be acted on").

For the records, both frack-external1-c-eqiad and frack-DMZ1-c-eqiad are listed under frack in https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/network/data/data.yaml

Jgreen changed the task status from Open to Stalled.Aug 17 2020, 12:40 PM
In T174203#6387343, @Aklapper wrote:

@Jgreen: Boldly resetting task status as the previous comments don't explain who or what (task?) exactly this task is stalled on ("If a report is waiting for further input (e.g. from its reporter or a third party) and can currently not be acted on").

For the records, both frack-external1-c-eqiad and frack-DMZ1-c-eqiad are listed under frack in https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/network/data/data.yaml

Looking at those options I supposed 'waiting on input' is appropriate.

Aklapper added a comment.Aug 17 2020, 12:41 PM

@Jgreen: Thanks for the quick reply! Who exactly is supposed to provide input?

Jgreen added a comment.Aug 17 2020, 12:48 PM
In T174203#6388611, @Aklapper wrote:

@Jgreen: Thanks for the quick reply! Who exactly is supposed to provide input?

Fundraising Tech, Fundraising Tech Ops, and Network Operations. Basically the point is to refactor the VLANs for the fundraising cluster, which is a nontrivial task and implies a bunch of other tasks. It's just a consistency thing, having things the way they are now is not causing problems. So it's low priority, significant effort. I originally stalled it after noticing that nobody had followed up on it for nearly a year after.

ayounsi added a comment.Aug 18 2020, 8:03 AM

samarium is 7 years old, dunno if a replacement has been planned (see also T245161) but it could be a good opportunity to move it out of that vlan.

Jgreen added a comment.Aug 18 2020, 3:21 PM
In T174203#6392168, @ayounsi wrote:

samarium is 7 years old, dunno if a replacement has been planned (see also T245161) but it could be a good opportunity to move it out of that vlan.

Samarium was replaced a while back, the host in that vlan now is frdata1001. But we are looking at a role change for that host over the next few months and can look at the possibility moving it to another vlan at that time.

Jgreen added a comment.Aug 18 2020, 3:48 PM

I think it makes sense to merge frack-listener-{site} with frack-DMZ1-{site} as a non-PCI web services vlan, possibly renamed to something more appropriate.

ayounsi mentioned this in T260772: Check samarium status in Netbox.Aug 19 2020, 8:58 AM
Jgreen mentioned this in T255435: Reconfigure fundraising public-reporting server role to fundraising-data.Feb 10 2021, 7:45 PM
Jgreen changed the task status from Stalled to Open.Mar 12 2021, 7:41 PM
Jgreen moved this task from Backlog to In Progress on the fundraising-tech-ops board.
Stashbot added a comment.Mar 16 2021, 8:15 PM

Mentioned in SAL (#wikimedia-operations) [2021-03-16T20:15:52Z] <XioNoX> remove DMZ zone from pfw3-eqiad - T174203

ayounsi added a comment.Mar 16 2021, 8:15 PM

From Netbox:

Deleted prefix 10.64.40.128/27
Deleted vlan frack-DMZ1-c-eqiad

ayounsi closed this task as Resolved.Mar 16 2021, 8:25 PM
ayounsi claimed this task.

And fully removed from pfw/fasw-eqiad

Jgreen moved this task from In Progress to Done on the fundraising-tech-ops board.Mar 17 2021, 1:22 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL