Page MenuHomePhabricator

communication on port 5672 (amqp) between guest instances and cloudcontrols
Closed, ResolvedPublic

Description

I'm sure I saw this work a few weeks ago, but currently I'm unable to contact rabbitmq from guest VMs.

On cloudcontrols we have these firewall rules:

ACCEPT     tcp  --  172.16.0.0/21        anywhere             tcp dpt:amqp
ACCEPT     tcp  --  172.16.128.0/24      anywhere             tcp dpt:amqp
ACCEPT     tcp  --  185.15.56.0/25       anywhere             tcp dpt:amqp
ACCEPT     tcp  --  185.15.57.0/29       anywhere             tcp dpt:amqp

But on a Trove guest (172.16.128.233) I'm unable to reach rabbitmq.

root@trove3:~# telnet cloudcontrol2001-dev.wikimedia.org 5672
Trying 208.80.153.59...

Is there a filtering rule blocking this? Or am I just making a mistake with my firewall math?

Event Timeline

Probably the easiest place to test this is is on the VM abogott-victoria-packages.andrewtestproject.codfw1dev.wikimedia.cloud.

Change 681315 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/homer/public@master] firewall: cloud-in4: new TCP port in cloudcontrol servers for rabbitmq

https://gerrit.wikimedia.org/r/681315

aborrero triaged this task as Medium priority.Tue, Apr 20, 9:39 AM
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.

Change 681315 merged by Andrew Bogott:

[operations/homer/public@master] firewall: cloud-in4: new TCP port in cloudcontrol servers for rabbitmq

https://gerrit.wikimedia.org/r/681315