Page MenuHomePhabricator
Create Task
Maniphest T279486

Web proxies are resolved to internal IPs outside of WMCS network
Closed, ResolvedPublic
Actions

Description

urbanecm@notebook  ~
$ host wmcz-stats-turnilo.wmcloud.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

wmcz-stats-turnilo.wmcloud.org has address 172.16.6.36
urbanecm@notebook  ~
$

I created wmcz-stats-turnilo.wmcloud.org from horizon, and it resolves to an internal IP from outside of WMCS network, which...kinda ruins its purpose.

The private IP matches the instance that should be behind the proxy.

The proxy itself seems to work:

urbanecm@titanium  ~
$ curl -k -H 'Host: wmcz-stats-turnilo.wmcloud.org' -I https://185.15.56.49
HTTP/2 200
server: nginx/1.13.6
date: Tue, 06 Apr 2021 22:30:34 GMT
content-type: text/html; charset=utf-8
content-length: 338
strict-transport-security: max-age=31622400
x-clacks-overhead: GNU Terry Pratchett

urbanecm@titanium  ~
$

Details

SubjectRepoBranchLines +/-
Update wmf-proxy-dashboard submoduleopenstack/horizon/deploymain+1 -1
Fix the front-end IP in the proxy dns entryopenstack/horizon/wmf-proxy-dashboardmain+4 -1
Customize query in gerrit

Event Timeline

Urbanecm created this task.Apr 6 2021, 10:28 PM
Restricted Application edited projects, added cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptApr 6 2021, 10:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
taavi subscribed.Apr 6 2021, 10:29 PM
Krenair subscribed.Apr 6 2021, 10:29 PM
Urbanecm updated the task description. (Show Details)Apr 6 2021, 10:30 PM
RhinosF1 subscribed.Apr 6 2021, 10:33 PM
bd808 subscribed.EditedApr 6 2021, 10:33 PM

Reproducible:

$ dig T279486.wmcloud.org @ns0.openstack.eqiad1.wikimediacloud.org +short
172.16.3.219
$ dig T279486.wmcloud.org @8.8.8.8 +short
172.16.3.219

172.16.3.219 is the internal ip of the instance I pointed the proxy at.

Krenair added a comment.Apr 7 2021, 12:07 AM

https://gerrit.wikimedia.org/r/c/openstack/horizon/wmf-proxy-dashboard/+/609859/1/wikimediaproxydashboard/views.py#b240 looks possibly suspect as it appears to conflate proxy external IP with backend internal IP but it's from July, might be it didn't get rolled out until recently?

gerritbot added a comment.Apr 7 2021, 2:41 AM

Change 677415 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[openstack/horizon/wmf-proxy-dashboard@main] Fix the front-end IP in the proxy dns entry

https://gerrit.wikimedia.org/r/677415

gerritbot added a project: Patch-For-Review.Apr 7 2021, 2:41 AM
gerritbot added a comment.Apr 7 2021, 7:35 PM

Change 677415 merged by Andrew Bogott:

[openstack/horizon/wmf-proxy-dashboard@main] Fix the front-end IP in the proxy dns entry

https://gerrit.wikimedia.org/r/677415

gerritbot added a comment.Apr 7 2021, 7:36 PM

Change 677646 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[openstack/horizon/deploy@main] Update wmf-proxy-dashboard submodule

https://gerrit.wikimedia.org/r/677646

gerritbot added a comment.Apr 7 2021, 7:37 PM

Change 677646 merged by Andrew Bogott:

[openstack/horizon/deploy@main] Update wmf-proxy-dashboard submodule

https://gerrit.wikimedia.org/r/677646

Maintenance_bot removed a project: Patch-For-Review.Apr 7 2021, 8:10 PM
Andrew closed this task as Resolved.Apr 13 2021, 4:09 PM
Andrew claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL