Page MenuHomePhabricator
Create Task
Maniphest T159336

deploy firewall policies for (barium,lutetium,db1025,indium) replacements (civi1001,frdev1001,frdb1002,frlog1001)
Closed, ResolvedPublic
Actions

Description

We'll need to build and test civi1001 alongside the existing civicrm server, so we'll firewall polices for it. We also need to build replacements for indium, db1025, and lutetium before taking those servers down.

Related Objects
Search...

Event Timeline

Jgreen created this task.Mar 1 2017, 3:23 PM
Jgreen added a comment.Mar 1 2017, 3:54 PM

commit aeb68e44ab27a17c62a8079740402b3088fd573a
Author: Jeff Green <jgreen@wikimedia.org>
Date: Wed Mar 1 10:25:53 2017 -0500

assign IP for civi1001.frack.eqiad.wmnet

Bug: T159336
Jgreen added a comment.Mar 1 2017, 4:01 PM

commit f5b42748c4393b7b9736638fafdbc17b67273b9f
Author: Jeff Green <jgreen@wikimedia.org>
Date: Wed Mar 1 15:58:47 2017 +0000

pfw and iptables policies for civi1001
Jgreen added a comment.Mar 1 2017, 4:02 PM

Netops could you please deploy the updated pfw policy when you have a chance? Boron's webdrop updated too.

Jgreen removed Jgreen as the assignee of this task.Mar 1 2017, 4:03 PM
Jgreen added a project: netops.
Restricted Application added a project: SRE. · View Herald TranscriptMar 1 2017, 4:03 PM
Jgreen renamed this task from set up firewall policies for barium replacement civi1001 to set up firewall policies for barium, lutetium, db1025, and indium replacement servers.Mar 6 2017, 3:41 PM
Jgreen updated the task description. (Show Details)

Also (fundraising private repo):

commit 8e403abe1e552b078d217479c9f48ed23d892380
Author: Jeff Green <jgreen@wikimedia.org>
Date: Mon Mar 6 15:32:57 2017 +0000

iptables and pfw policies for replacement hosts, remove deprecated 10514/tcp

Bug: T142994,T145107,T145110,T145116

Note that in addition to the new hosts, some of the policies have been renamed (should be obvious) and we're removing an 'application' for 10514/tcp which is now deprecated.

Jgreen raised the priority of this task from Medium to Unbreak Now!.Mar 15 2017, 2:19 PM

Raising priority because this blocks deprecating Precise in fundraising.

Restricted Application added subscribers: Jay8g, TerraCodes. · View Herald TranscriptMar 15 2017, 2:19 PM
Jgreen added a parent task: T145107: replace db1025 with new hardware running jessie.Mar 15 2017, 2:21 PM
Jgreen renamed this task from set up firewall policies for barium, lutetium, db1025, and indium replacement servers to deploy firewall policies for (barium,lutetium,db1025,indium) replacements (civi1001,frdev1001,frdb1002,frlog1001).Mar 15 2017, 2:26 PM
Jgreen added a parent task: T145110: replace lutetium with new hardware running debian/jessie.
Jgreen added a parent task: T145116: replace indium (eqiad fundraising logger) with new hardware running jessie.Mar 15 2017, 2:30 PM
Jgreen added a parent task: Restricted Task.
faidon closed this task as Resolved.EditedMar 15 2017, 4:52 PM
faidon claimed this task.
faidon subscribed.

That's done now :)

(also: le'ts please not use UBN for these kind of issues -- we reserve that for e.g. outage-related tasks)

Jgreen added a comment.Mar 15 2017, 5:08 PM

Great, thank you!!!

Dwisehaupt moved this task from Triage to Done on the fundraising-tech-ops board.Feb 13 2020, 9:30 PM
TerraCodes unsubscribed.Feb 13 2020, 10:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL