Page MenuHomePhabricator
Create Task
Maniphest T280225

Cloud: drop NAT exception for IRCD
Closed, ResolvedPublic
Actions

Description

As of this writing, the IRCD service has a NAT exception from cloud to production.

Recently, the server kraz has been removed and replaced by irc1001 and irc2001, which seems like a perfect moment to re-evaluate the NAT exception.

@bd808 wrote:

The irc1001/2001 boxes host an independent IRC service that is only used to provide recent changes activity feeds in the form of read-only irc channels organized by project+language (https://wikitech.wikimedia.org/wiki/IRCD). This NAT exception would allow our irc boxes to see which Cloud VPS instance a connected bot is coming from. Because the channels are read only to attached clients I"m not sure that has a lot of operational value though (no reason to block/k-line spammers/harassers in a read-only environment).

I think we should just drop the NAT exception and see what happens.

Details

SubjectRepoBranchLines +/-
cr/firewall: dro IRCD exception (kraz)operations/homer/publicmaster+0 -11
Update NAT exceptions for kraz -> irc1001/irc2001operations/puppetproduction+12 -6
cloud: drop NAT exception for IRCD (kraz)operations/puppetproduction+0 -6
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero created this task.Apr 15 2021, 8:33 AM
gerritbot added a comment.Apr 15 2021, 8:34 AM

Change 679278 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Muehlenhoff):

[operations/puppet@production] Update NAT exceptions for kraz -> irc1001/irc2001

https://gerrit.wikimedia.org/r/679278

gerritbot added a project: Patch-For-Review.Apr 15 2021, 8:34 AM
aborrero triaged this task as Medium priority.Apr 15 2021, 8:34 AM
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
gerritbot added a comment.Apr 15 2021, 8:37 AM

Change 679709 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloud: drop NAT exception for IRCD (kraz)

https://gerrit.wikimedia.org/r/679709

gerritbot added a comment.Apr 15 2021, 8:44 AM

Change 679716 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/homer/public@master] cr/firewall: dro IRCD exception (kraz)

https://gerrit.wikimedia.org/r/679716

gerritbot added a comment.Apr 15 2021, 9:04 AM

Change 679709 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloud: drop NAT exception for IRCD (kraz)

https://gerrit.wikimedia.org/r/679709

gerritbot added a comment.Apr 15 2021, 9:07 AM

Change 679278 abandoned by Arturo Borrero Gonzalez:

[operations/puppet@production] Update NAT exceptions for kraz -> irc1001/irc2001

Reason:

merged https://gerrit.wikimedia.org/r/c/operations/puppet/ /679709 instead

https://gerrit.wikimedia.org/r/679278

gerritbot added a comment.Apr 15 2021, 11:11 AM

Change 679716 merged by Arturo Borrero Gonzalez:

[operations/homer/public@master] cr/firewall: dro IRCD exception (kraz)

https://gerrit.wikimedia.org/r/679716

aborrero mentioned this in rOHPUe67721b22441: cr/firewall: dro IRCD exception (kraz).Apr 15 2021, 11:13 AM
Stashbot added a comment.Apr 15 2021, 11:14 AM

Mentioned in SAL (#wikimedia-operations) [2021-04-15T11:14:25Z] <arturo> merging homer changes for cr-eqiad (T280225)

Stashbot added a comment.Apr 15 2021, 11:14 AM

Mentioned in SAL (#wikimedia-operations) [2021-04-15T11:14:57Z] <arturo> merging homer changes for cr-codgw (T280225)

aborrero closed this task as Resolved.Apr 15 2021, 11:17 AM
Maintenance_bot removed a project: Patch-For-Review.Apr 15 2021, 12:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL