Page MenuHomePhabricator

Add alert[12]001 to network ACLs
Closed, ResolvedPublic


These hosts will be replacing icinga* hosts in parent task, namely: has address has IPv6 address 2620:0:861:3:208:80:154:88 has address has IPv6 address 2620:0:860:3:208:80:153:84

Please add to network ACLs where needed, we'll followup with decom'ing icinga* hosts when the time comes, thanks!

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Change 620883 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/public@master] Add alert[12]001 to existing icinga ACL terms

Change 620883 merged by jenkins-bot:
[operations/homer/public@master] Add alert[12]001 to existing icinga ACL terms

ayounsi claimed this task.
ayounsi added a subscriber: ayounsi.


fgiunchedi added subscribers: Dwisehaupt, Jgreen.

Thanks @ayounsi !

Reopening since we'll need to add these hosts to pfw devices as well, cc @Jgreen and @Dwisehaupt could you help with that ? Thanks!

@ayounsi looks like mgmt access isn't permitted yet, can't ping mgmt.eqiad.wmnet e.g.

alert1001# ping ps1-c1-eqiad.mgmt.eqiad.wmnet
PING ps1-c1-eqiad.mgmt.eqiad.wmnet ( 56(84) bytes of data.
--- ps1-c1-eqiad.mgmt.eqiad.wmnet ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 24ms

Mentioned in SAL (#wikimedia-operations) [2020-08-18T11:53:56Z] <XioNoX> add new icinga hosts to mr policies - T260533

fgiunchedi triaged this task as Medium priority.Aug 19 2020, 9:05 AM
herron claimed this task.

Nope! I think we're good here