Causing sync failures at the moment... I can connect from bastions but not tin.
Description
Description
Details
Details
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| deployment: fix firewalling for sync-file/scap tin | operations/puppet | production | +9 -0 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Declined | faidon | T97322 Document what is left for having a full cluster installation in codfw | |||
| Resolved | None | T71572 [scap] multi datacenter aware without (major) performance hit | |||
| Resolved | Dzahn | T95436 install/deploy mira as codfw deployment server | |||
| Restricted Task | |||||
| Resolved | MoritzMuehlenhoff | T113351 Ferm rules for tin/mira | |||
| Resolved | Dzahn | T115075 ssh from tin to mira broken |
Event Timeline
Comment Actions
Change 244633 had a related patch set uploaded (by Dzahn):
deployment: fix firewalling for sync-file/scap tin
Comment Actions
this happened with T113351#1714245 . but we just applied this on mira and not on tin yet partly for this reason, double-check if there are missing rules for deployment.
please see the fix above.
I merged that and now:
root@mira:~# iptables -L | grep "tin.eqiad"
ACCEPT tcp -- tin.eqiad.wmnet anywhere tcp dpt:ssh
[tin:~] $ ssh mira.codfw.wmnet
Permission denied (publickey).
Comment Actions
root@tin:~# nmap mira.codfw.wmnet -p 22 .. Host is up (0.034s latency). PORT STATE SERVICE 22/tcp open ssh