Page MenuHomePhabricator

Revoke production prometheus fundraising access
Closed, ResolvedPublic

Description

Now that we have our monitor server working, we can disconnect the prod->pay_lvs prometheus connections, and (I guess?) remove fundraising boards from grafana.wm.o

  • close firewall holes
  • close iptables holes
  • remove pay-lvs* from prod prometheus targets
  • remove prometheus from pay-lvs*
  • remove fundraising boards from the UI

Event Timeline

Change 501519 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] grafana: remove frack datasources

https://gerrit.wikimedia.org/r/501519

Change 501519 merged by Filippo Giunchedi:
[operations/puppet@production] grafana: remove frack datasources

https://gerrit.wikimedia.org/r/501519

Change 502158 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] grafana: add frack to deleteDatasources

https://gerrit.wikimedia.org/r/502158

Change 502158 merged by Filippo Giunchedi:
[operations/puppet@production] grafana: add frack to deleteDatasources

https://gerrit.wikimedia.org/r/502158

@ayounsi there is a new config at -1554758904, removing prod prometheus and grafana access to pay-lvs servers.

Mentioned in SAL (#wikimedia-operations) [2019-04-08T22:00:59Z] <XioNoX> pfw firewall rules update - T217355

fgiunchedi triaged this task as Medium priority.Apr 9 2019, 8:38 AM
commit 5e6951f6082627a1f61f38d27532a48197eada4f
Author: Casey Dentinger <cdentinger@wikimedia.org>
Date:   Mon Apr 29 17:03:13 2019 +0000

remove prometheus from pay_lvs servers

also removes a stupid hack \o/
commit 173b34cd01bdc0aa5998af347406d9775755656f (HEAD -> master, origin/master, origin/HEAD)
Author: Casey Dentinger <cdentinger@wikimedia.org>
Date:   Mon Apr 29 17:07:06 2019 +0000

include prometheus client explicitly