Page MenuHomePhabricator
Create Task
Maniphest T280310

communication on port 5672 (amqp) between guest instances and cloudcontrols
Closed, ResolvedPublic
Actions

Description

I'm sure I saw this work a few weeks ago, but currently I'm unable to contact rabbitmq from guest VMs.

On cloudcontrols we have these firewall rules:

ACCEPT     tcp  --  172.16.0.0/21        anywhere             tcp dpt:amqp
ACCEPT     tcp  --  172.16.128.0/24      anywhere             tcp dpt:amqp
ACCEPT     tcp  --  185.15.56.0/25       anywhere             tcp dpt:amqp
ACCEPT     tcp  --  185.15.57.0/29       anywhere             tcp dpt:amqp

But on a Trove guest (172.16.128.233) I'm unable to reach rabbitmq.

root@trove3:~# telnet cloudcontrol2001-dev.wikimedia.org 5672
Trying 208.80.153.59...

Is there a filtering rule blocking this? Or am I just making a mistake with my firewall math?

Details

ProjectBranchLines +/-Subject
operations/homer/publicmaster+1 -1firewall: cloud-in4: new TCP port in cloudcontrol servers for rabbitmq
Customize query in gerrit

Related Objects
Search...

Event Timeline

Andrew created this task.Apr 16 2021, 3:19 AM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptApr 16 2021, 3:19 AM
Andrew reassigned this task from Andrew to aborrero.Apr 16 2021, 3:20 AM

Probably the easiest place to test this is is on the VM abogott-victoria-packages.andrewtestproject.codfw1dev.wikimedia.cloud.

gerritbot added a comment.Apr 20 2021, 9:33 AM

Change 681315 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/homer/public@master] firewall: cloud-in4: new TCP port in cloudcontrol servers for rabbitmq

https://gerrit.wikimedia.org/r/681315

gerritbot added a project: Patch-For-Review.Apr 20 2021, 9:33 AM
aborrero triaged this task as Medium priority.Apr 20 2021, 9:39 AM
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
gerritbot added a comment.Apr 20 2021, 4:15 PM

Change 681315 merged by Andrew Bogott:

[operations/homer/public@master] firewall: cloud-in4: new TCP port in cloudcontrol servers for rabbitmq

https://gerrit.wikimedia.org/r/681315

Andrew mentioned this in rOHPU77a6b2eac1e8: firewall: cloud-in4: new TCP port in cloudcontrol servers for rabbitmq.Apr 20 2021, 4:16 PM
aborrero closed this task as Resolved.Apr 20 2021, 4:34 PM
Andrew added a comment.Apr 20 2021, 8:05 PM

it works! thanks @aborrero

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL