Page MenuHomePhabricator

Permit traffic between cloudcontrol2001/2003/2004 and cloudcephmon200[1-3]-dev
Closed, ResolvedPublic

Description

I'm setting up the glance-api to use ceph in codfw1dev, and getting some timeouts. I assume that is because traffic is not permitted between cloudcontrol nodes (which are on public IPs) and ceph mons (on cloud-hosts1-b-codfw). Do we have a special rule that permits that in eqiad, or should it just work?

(for context, this firewall rule:

https://gerrit.wikimedia.org/r/c/operations/puppet/+/628946/2/modules/profile/manifests/ceph/mon.pp

)

Event Timeline

Andrew added a subscriber: dcaro.

We need to permit the return traffic in the labs-in4 firewall filter.
I can take care of it early next week. Feel free to send a CR to speed it up if needed.

Andrew triaged this task as High priority.Dec 8 2020, 5:11 PM
Andrew moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.

Arturo is out today and yesterday so we don't have a patch to offer

Change 647098 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/public@master] Add Cloudcontrol term to labs-in4/6

https://gerrit.wikimedia.org/r/647098

Change 647098 merged by jenkins-bot:
[operations/homer/public@master] Add Cloudcontrol term to labs-in4/6

https://gerrit.wikimedia.org/r/647098

@Andrew fix pushed, please let me know if there are still any issues.

Andrew renamed this task from Permit traffic between cloudcontrol2001/2003/2004 and cloudcephmon1001/1002/1003 to Permit traffic between cloudcontrol2001/2003/2004 and cloudcephmon200[1-3]-dev.Dec 8 2020, 10:57 PM

I updated the title of the task, my previous scrawlings were totally wrong about what I needed... I'm just trying to get ceph traffic to work within codfw1dev.