We'll need to build and test civi1001 alongside the existing civicrm server, so we'll firewall polices for it. We also need to build replacements for indium, db1025, and lutetium before taking those servers down.
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | LSobanski | T111653 Encrypt all the things | |||
Resolved | Jgreen | T142994 configure TLS for fundraising syslog collection | |||
Declined | None | T91896 Run CRM on HHVM | |||
Resolved | Jgreen | T133524 frack eqiad hardware refresh | |||
Resolved | Jgreen | T145107 replace db1025 with new hardware running jessie | |||
Resolved | Jgreen | T145110 replace lutetium with new hardware running debian/jessie | |||
Resolved | Jgreen | T145116 replace indium (eqiad fundraising logger) with new hardware running jessie | |||
Resolved | • cwdent | T136959 EPIC: build fundraising civicrm (barium) replacement server on Debian Jessie, with HHVM or PHP5.5 | |||
Restricted Task | |||||
Resolved | faidon | T159336 deploy firewall policies for (barium,lutetium,db1025,indium) replacements (civi1001,frdev1001,frdb1002,frlog1001) |
Event Timeline
commit aeb68e44ab27a17c62a8079740402b3088fd573a
Author: Jeff Green <jgreen@wikimedia.org>
Date: Wed Mar 1 10:25:53 2017 -0500
assign IP for civi1001.frack.eqiad.wmnet Bug: T159336
commit f5b42748c4393b7b9736638fafdbc17b67273b9f
Author: Jeff Green <jgreen@wikimedia.org>
Date: Wed Mar 1 15:58:47 2017 +0000
pfw and iptables policies for civi1001
Netops could you please deploy the updated pfw policy when you have a chance? Boron's webdrop updated too.
Also (fundraising private repo):
commit 8e403abe1e552b078d217479c9f48ed23d892380
Author: Jeff Green <jgreen@wikimedia.org>
Date: Mon Mar 6 15:32:57 2017 +0000
iptables and pfw policies for replacement hosts, remove deprecated 10514/tcp Bug: T142994,T145107,T145110,T145116
Note that in addition to the new hosts, some of the policies have been renamed (should be obvious) and we're removing an 'application' for 10514/tcp which is now deprecated.
That's done now :)
(also: le'ts please not use UBN for these kind of issues -- we reserve that for e.g. outage-related tasks)