Page MenuHomePhabricator
Create Task
Maniphest T294437

Add egress rules for dbproxy1017 & dbproxy1021
Closed, ResolvedPublic
Actions

Description

These are the proxies being added in front of m5-master

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
toolhub: Add egress to m5-master dbproxy nodesoperations/deployment-chartsmaster+18 -7
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Oct 27 2021, 2:23 PM
Marostegui mentioned this in T288093: Place m5 proxies in codfw and eqiad.Oct 27 2021, 2:40 PM
bd808 changed the task status from Open to In Progress.Oct 27 2021, 4:36 PM
bd808 claimed this task.
bd808 triaged this task as High priority.
bd808 moved this task from Backlog to In Progress on the Toolhub board.
bd808 added a project: Developer-Advocacy (Oct-Dec 2021).
Restricted Application added a project: User-bd808. · View Herald TranscriptOct 27 2021, 4:36 PM
gerritbot added a comment.Oct 27 2021, 4:48 PM

Change 735031 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):

[operations/deployment-charts@master] toolhub: Add egress to m5-master dbproxy nodes

https://gerrit.wikimedia.org/r/735031

gerritbot added a project: Patch-For-Review.Oct 27 2021, 4:48 PM
gerritbot added a comment.Oct 27 2021, 6:18 PM

Change 735031 merged by jenkins-bot:

[operations/deployment-charts@master] toolhub: Add egress to m5-master dbproxy nodes

https://gerrit.wikimedia.org/r/735031

bd808 closed this task as Resolved.Oct 27 2021, 6:42 PM

After deploying the updated helm chart, the networkpolicy for the toolhub namespace in eqiad allows port 3306 outbound to:

  • 10.64.48.43/32 (dbproxy1017.eqiad.wmnet)
  • 10.64.32.180/32 (dbproxy1021.eqiad.wmnet)
  • 10.192.48.47/32 (dbproxy2004.codfw.wmnet)
  • 10.64.0.98/32 (db1128.eqiad.wmnet)
  • 10.64.16.35/32 (db1132.eqiad.wmnet)

Checked with kube_env toolhub eqiad; kubectl describe networkpolicies toolhub-main from deploy1002.

Maintenance_bot removed a project: Patch-For-Review.Oct 27 2021, 7:11 PM
Marostegui added a comment.Oct 28 2021, 4:17 AM

Thank you Bryan for fixing this so quickly!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits