Page MenuHomePhabricator
Create Task
Maniphest T282209

Enable connection from labweb1001/labweb1002 to s6
Closed, ResolvedPublic
Actions

Description

labswiki will be moved to s6 during the DC switchover in June.
RIght now there is no connectivity from labweb1001/1002 to s6 hosts, so this needs to be changed.

The second step once the connectivity is allowed would be to deploy mysql grants, but that can be tracked after T282074 is done

Current connection to m5 master works:

root@labweb1001:~# telnet db1128.eqiad.wmnet 3306
Trying 10.64.0.98...
Connected to db1128.eqiad.wmnet.
Escape character is '^]'.
]
5.5.5-10.4.18-MariaDB-log��B#&5vtf~�is&a81-/CDiemysql_native_passwordConnection closed by foreign host.

Connection to either s6 master and one of s6 slaves does not work:

root@labweb1001:~# telnet db1131.eqiad.wmnet 3306
Trying 10.64.32.6...
^C
root@labweb1001:~# telnet db1165.eqiad.wmnet 3306
Trying 10.64.16.187...

Details

SubjectRepoBranchLines +/-
profile:mariadb:core: Hack in access from labwebs to s6operations/puppetproduction+28 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Marostegui created this task.May 7 2021, 4:53 AM
Restricted Application edited projects, added cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptMay 7 2021, 4:53 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Marostegui mentioned this in T282074: Audit labswiki grants.May 7 2021, 5:00 AM
Andrew added a comment.May 11 2021, 2:46 PM

Probably the correct solution to this is to move the wikitech servers onto private IPs; I'm creating a subtask to investigate that.

Andrew mentioned this in T282573: Move labweb/cloudweb hosts to private IPs.May 11 2021, 2:47 PM
gerritbot added a comment.May 11 2021, 3:01 PM

Change 689092 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] profile:mariadb:core: Hack in access from labwebs to s6

https://gerrit.wikimedia.org/r/689092

gerritbot added a project: Patch-For-Review.May 11 2021, 3:01 PM
RhinosF1 subscribed.May 11 2021, 3:04 PM
Andrew added a comment.May 11 2021, 3:05 PM

further discussion suggests that moving to private IPs might not be the right solution/necessary (in part because we hope to deprecate the labweb servers entirely sometime soon.) I've proposed a temporary patch that resembles the current approach used on m5 -- it's pretty straightforward but if you hate it let me know and I can pursue the private-ip approach instead.

Marostegui added a comment.May 11 2021, 3:54 PM

In order to have a clearer list of GRANTS, I would prefer private-ip approach (I guess they'd be 10.64.%?). But I don't have any strong opinions really against either approach. We'd need to work on T282573 anyways, to either add the new IPs (if they are public) and remove the old ones.

aborrero triaged this task as High priority.May 11 2021, 4:08 PM
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
aborrero assigned this task to Andrew.May 11 2021, 4:29 PM
Andrew added a comment.May 11 2021, 5:05 PM

The more I look at moving to private IPs the more complicated it looks... let's stick with the ferm hack for now; when we move wikitech off of labweb* entirely that will make the move to private IPs easier anyway. I'll catch up with comments on the pending ferm patch.

Andrew added a comment.Jun 7 2021, 8:39 PM

Just to reconfirm... the attached patch (https://gerrit.wikimedia.org/r/c/operations/puppet/+/689092) will resolve this task.

gerritbot added a comment.Jun 8 2021, 1:51 PM

Change 689092 merged by Andrew Bogott:

[operations/puppet@production] profile:mariadb:core: Hack in access from labwebs to s6

https://gerrit.wikimedia.org/r/689092

Andrew closed this task as Resolved.Jun 8 2021, 1:56 PM
andrew@labweb1001:~$ telnet db1131.eqiad.wmnet 3306
Trying 10.64.32.6...
Connected to db1131.eqiad.wmnet.
Escape character is '^]'.
]
Maintenance_bot removed a project: Patch-For-Review.Jun 8 2021, 2:11 PM
Andrew closed subtask T282573: Move labweb/cloudweb hosts to private IPs as Declined.Jul 13 2021, 2:43 PM
nskaggs mentioned this in Unknown Object (Task).Mar 31 2022, 8:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL