Page MenuHomePhabricator

Allow access to Trove API endpoints (port 8779) from cloud-vps instances
Closed, ResolvedPublic

Description

The cloudcontrols have this port open, but connections still time out. I'm guessing we need some kind of filtering exception in cloudgw or elsewhere.

Event Timeline

Change 691140 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/homer/public@master] cr/firewall.conf: allow openstack Trove port TCP/8779

https://gerrit.wikimedia.org/r/691140

Change 691140 merged by jenkins-bot:

[operations/homer/public@master] cr/firewall.conf: allow openstack Trove port TCP/8779

https://gerrit.wikimedia.org/r/691140

Mentioned in SAL (#wikimedia-operations) [2021-05-17T09:29:11Z] <topranks> push CR691140 to eqiad and codfw core routers - T282809

@Andrew the firewall now allows traffic to pass, however looks like the policies don't allow anonymous access:

troveclient.apiclient.exceptions.Forbidden: Policy doesn't allow limits:index to be performed. (HTTP 403)

Change 692354 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] Trove: open up a lot of read-only policies

https://gerrit.wikimedia.org/r/692354

Change 692354 merged by Andrew Bogott:

[operations/puppet@production] Trove: open up a lot of read-only policies

https://gerrit.wikimedia.org/r/692354

aborrero added a subscriber: aborrero.

This task may be ready to close, assigning to @Andrew for confirmation.