Permit routing from eqiad1-r instances to labnet1001
Closed, ResolvedPublic

Description

In order to support some intermittent states during the migration between regions we need VMs in eqiad1-r to be able to talk to the nova API in eqiad.

In particular, our shinken host is now in eqiad1-r and it needs to know about all VMs in both regions.

Shinken-02 is on 172.16.7.178 and the nova api in eqiad runs on labnet1001.eqiad.wmnet.

Andrew created this task.Nov 13 2018, 10:02 PM
Restricted Application added a project: Operations. · View Herald TranscriptNov 13 2018, 10:02 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Mentioned in SAL (#wikimedia-operations) [2018-11-13T22:24:45Z] <XioNoX> add term labnet-nova-api to cloud-in4 on cr1/2-eqiad - T209424

Pushed to cr1/2-eqiad

[edit firewall family inet filter cloud-in4]
[...]
+      term labnet-nova-api {
+          from {
+              destination-address {
+                  /* labnet1001 */
+                  10.64.20.13/32;
+              }
+              protocol tcp;
+              destination-port 8774;
+          }
+          then accept;
+      }
[...]
ayounsi closed this task as Resolved.Nov 13 2018, 10:33 PM