Page MenuHomePhabricator

Allow rsync to dataset1001 from Analytics VLAN
Closed, InvalidPublic

Description

dataset1001 has rsync modules to allow rsyncing from stat1002 and stat1003. e.g.

# write access from stat1002 and stat1003 to pagecounts-ez directory.
# Erik Z uses this.  See T80444.
[pagecounts-ez]
uid = datasets
gid = wikidev
read only = false
path = /data/xmldatadumps/public/other/pagecounts-ez
hosts allow = stat1002.eqiad.wmnet stat1003.eqiad.wmnet

However, it seems the Analytics VLAN ACL network firewall does not allow this. Please poke a hole to allow TCP 873 to dataset1001.

Event Timeline

Ottomata raised the priority of this task from to High.
Ottomata updated the task description. (Show Details)
Ottomata added a project: SRE.
akosiaris claimed this task.
akosiaris@stat1003:~$ telnet -4 dataset1001.wikimedia.org 873
Trying 208.80.154.11...
Connected to dataset1001.wikimedia.org.
Escape character is '^]'.
@RSYNCD: 30.0

Same for connections from stat1002

However

telnet -6 dataset1001.wikimedia.org 873
Trying 2620:0:861:1:208:80:154:11...

But there is currently no ACL for IPv6 blocking this. It is a result of https://phabricator.wikimedia.org/diffusion/OPUP/browse/production/manifests/role/dumps.pp;c0c126b2958aa0e777497bc3730c0f53b47c86ec$35

so that needs to be updated and not network ACLs.

Marking as invalid