host frmon2001.frack.codfw.wmnet
vlan frack-administration-codfw
IP: 10.195.0.66
MAC: d0:94:66:5f:54:16
I will make the pfw/iptables policies and update this task
host frmon2001.frack.codfw.wmnet
vlan frack-administration-codfw
IP: 10.195.0.66
MAC: d0:94:66:5f:54:16
I will make the pfw/iptables policies and update this task
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Add failover URL and public IP for frmon* | operations/dns | master | +7 -2 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Unknown Object (Task) | |||||
Resolved | Jgreen | T196476 rack/setup/install Prometeuse/Grafana host frmon2001 for fr-tech | |||
Resolved | • cwdent | T221475 Network setup for frmon2001.frack.codfw.wmnet |
@ayounsi - the new policies are at 1555726449, let me know if you need anything else thanks
Does this need a public IP and NAT?
Is it fine to push it anytime or sync up with you?
commit 606f45371334528bbbd51a4daa17805f1fddd7e4 (HEAD -> master, origin/master, origin/HEAD) Author: Casey Dentinger <cdentinger@wikimedia.org> Date: Tue Apr 23 16:23:20 2019 +0000 amend frmon fw policy arzhel pointed out that we'd be opening https to a server with no nat entry. since public https uses the wildcard cert it uglified the idea of a service url. so the url is pointing right at frmon1001. therefore not opening https seems like the best approach. that required a slightly aberrant edit to the pfw policy, mentioning the same server in two different groups, but it seems to generate fine.
@ayounsi i put new policies at 1556036997
Mentioned in SAL (#wikimedia-operations) [2019-04-23T22:33:52Z] <XioNoX> push firewall rule to pfw3-codfw - T221475
Mentioned in SAL (#wikimedia-operations) [2019-04-23T22:35:49Z] <XioNoX> push firewall rule to pfw3-eqiad - T221475
https://github.com/wikimedia/operations-dns/blob/master/templates/152.80.208.in-addr.arpa#L24
208.80.152.235/28 is free.
Change 506707 had a related patch set uploaded (by Cdentinger; owner: Cdentinger):
[operations/dns@master] Add failover URL and public IP for frmon*
Change 506707 merged by Jgreen:
[operations/dns@master] Add failover URL and public IP for frmon*
Mentioned in SAL (#wikimedia-operations) [2019-04-29T18:22:31Z] <Jeff_Green> authdns-update for T221475
@cwdent the switch ports were not setup. You should be good now.
papaul@fasw-c-codfw# run show interfaces ge-[0-1]/0/16 descriptions Interface Admin Link Description ge-0/0/16 up up frmon2001:eth0 ge-1/0/16 up up frmon2001:eth1