Extend firewall rules for new corp LDAP replicas
Closed, InvalidPublic
Actions

Assigned To

None

Authored By

	MoritzMuehlenhoff
	Sep 27 2019, 2:26 PM

Description

We have two LDAP servers which are replicating against an LDAP server in the OIT/corp realm (so that our MXes can detect whether a user is a legitimate wikimedia.org account).

The current servers are dubnium.wikimedia.org and pollux.wikimedia.org and they operate against ldap1.corp.wikimedia.org. There's a new set of servers running Buster (ldap-corp1001.wikimedia.org and ldap-corp2001.wikimedia.org) which will eventually replace dubnium/pollux.

Please add those two in addition, I'll make a separate tasks when dubnium/pollux can go away. (It's my understanding that this will also need a change on OIT's end, I'll reach out to them separately).

Event Timeline

MoritzMuehlenhoff created this task.Sep 27 2019, 2:26 PM

Restricted Application added a project: SRE. · View Herald TranscriptSep 27 2019, 2:26 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

There is only a mention of dubnium.wikimedia.org (208.80.154.13) in the analytics firewall filter.
If that task if for network devices only, feel free to close it. If it's for all types of firewalls (eg. ferm) please re-assign it.

Note that you can follow https://wikitech.wikimedia.org/wiki/RANCID and grep the subfolder configs to check if an IP is on a network device (ACLs, etc)

ayounsi removed a project: netops.Sep 27 2019, 6:30 PM

herron triaged this task as Medium priority.Sep 27 2019, 6:34 PM

Closing, this turned out to be not needed in the end.

Extend firewall rules for new corp LDAP replicasClosed, InvalidPublicActions

Description

Event Timeline

Extend firewall rules for new corp LDAP replicas
Closed, InvalidPublic
Actions