Page MenuHomePhabricator

WMCS public range diffscan
Open, LowPublic


Following up from an IRC discussion. is used/reserved for WMCS dynamic public IPs, which mean that ports on that range will often be opening/closing.

To reduce the mail noise sent to, it has been suggested to only send notification about that range to cloud-admin.

The current way diffscan is deployed makes it impossible to have two different instances of diffscan running in parallel, it should be easy though to change it (after all, it's a cronjob, a text file, and a python script).

Even easier (at least as a short/medium time solution) is to:

1/ Remove from the current (root@) diffscan instance
2/ Add a 2nd instance of diffscan (on a separate host) to scan
For that, once a host has been selected (probably not worth creating a VM only for that), the diffscan profile needs to be applied to the VM (via horizon), and then the following Hiera facts need to be applied to that VM:

profile::diffscan::groupname: Labs-to-public-v4    <-- no space or special characters, will be in the email's subject

Similar to

Event Timeline

ayounsi triaged this task as Low priority.Oct 10 2018, 4:20 PM
ayounsi created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 10 2018, 4:20 PM

Change 465654 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/puppet@production] Diffscan, don't scan the WMCS public range

Change 465654 merged by Ayounsi:
[operations/puppet@production] Diffscan, don't scan the WMCS public range