Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P89870
(An Untitled Masterwork)
Active
Public
Actions
Authored by
fgiunchedi
on Mar 17 2026, 8:03 AM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Tags
None
Referenced Files
F72941891: raw-paste-data.txt
Mar 17 2026, 8:03 AM
2026-03-17 08:03:54 (UTC+0)
Subscribers
None
Change for cr1-eqiad.wikimedia.org:
[edit firewall family inet filter cloud-vrf-in4]
term deny-from-private { ... }
+ /*
+ ** Allow traffic to cloud and cloudcumin for the Openstack backend to work.
+ ** To be removed once cumin can use the prod proxies instead. - T419996
+ */
+ term allow-cumin {
+ from {
+ destination-address {
+ /* cumin1003 */
+ 10.64.16.154/32;
+ /* cloudcumin1001 */
+ 10.64.48.148/32;
+ /* cumin2003 */
+ 10.192.15.6/32;
+ /* cumin2002 */
+ 10.192.32.49/32;
+ /* cloudcumin2001 */
+ 10.192.32.140/32;
+ }
+ }
+ then accept;
+ }
term deny-to-private-subnets { ... }
[edit firewall family inet6 filter cloud-vrf-in6]
term deny-from-private { ... }
+ /*
+ ** Allow traffic to cloud and cloudcumin for the Openstack backend to work.
+ ** To be removed once cumin can use the prod proxies instead. - T419996
+ */
+ term allow-cumin {
+ from {
+ destination-address {
+ /* cumin2002 */
+ 2620:0:860:103:10:192:32:49/128;
+ /* cloudcumin2001 */
+ 2620:0:860:103:10:192:32:140/128;
+ /* cumin2003 */
+ 2620:0:860:110:10:192:15:6/128;
+ /* cumin1003 */
+ 2620:0:861:102:10:64:16:154/128;
+ /* cloudcumin1001 */
+ 2620:0:861:107:10:64:48:148/128;
+ }
+ }
+ then accept;
+ }
term deny-to-private-subnets { ... }
[edit protocols bgp group Kubedse4]
- neighbor 10.64.0.115 {
- description dse-k8s-worker1012;
- }
[edit protocols bgp group Kubedse6]
- neighbor 2620:0:861:101:10:64:0:115 {
- description dse-k8s-worker1012;
- }
Event Timeline
fgiunchedi
created this paste.
Mar 17 2026, 8:03 AM
2026-03-17 08:03:54 (UTC+0)
Log In to Comment