Allow access to Trove API endpoints (port 8779) from cloud-vps instances
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Andrew
	May 13 2021, 6:28 PM

Description

The cloudcontrols have this port open, but connections still time out. I'm guessing we need some kind of filtering exception in cloudgw or elsewhere.

	Project	Branch	Lines +/-	Subject
	operations/puppet	production	+40 -0	Trove: open up a lot of read-only policies
	operations/homer/public	master	+1 -1	cr/firewall.conf: allow openstack Trove port TCP/8779

Status	Assigned	Task
Resolved	None	T128158 Tools web interface for tool authors (Brainstorming ticket)
Open	None	T136335 Allow self-serve database credential and permissions management for Toolforge projects
Open	None	T188406 Provide access to user created databases in PAWS
Resolved	Bstorm	T267683 Move PAWS to it's own database (and away from ToolsDB)
Resolved	Andrew	T212595 [Feature request] Database as a Service (Trove) for Cloud VPS projects
Resolved	• taavi	T282801 openstack-browser: Display Trove databases
Resolved	Andrew	T282809 Allow access to Trove API endpoints (port 8779) from cloud-vps instances

Change 691140 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/homer/public@master] cr/firewall.conf: allow openstack Trove port TCP/8779

Change 691140 merged by jenkins-bot:

[operations/homer/public@master] cr/firewall.conf: allow openstack Trove port TCP/8779

Mentioned in SAL (#wikimedia-operations) [2021-05-17T09:29:11Z] <topranks> push CR691140 to eqiad and codfw core routers - T282809

@Andrew the firewall now allows traffic to pass, however looks like the policies don't allow anonymous access:

troveclient.apiclient.exceptions.Forbidden: Policy doesn't allow limits:index to be performed. (HTTP 403)

Change 692354 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] Trove: open up a lot of read-only policies

Change 692354 merged by Andrew Bogott:

[operations/puppet@production] Trove: open up a lot of read-only policies

This task may be ready to close, assigning to @Andrew for confirmation.

Andrew closed this task as Resolved.May 20 2021, 2:34 PM