Page MenuHomePhabricator
Create Task
Maniphest T298042

evaluate & drop cloud NAT exceptions for APT repositories
Closed, ResolvedPublic
Actions

Description

We currently have some cloud egress NAT exceptions for wikimedia APT repositories:

  • apt1001.wikimedia.org
  • apt1002.wikimedia.org
  • sodium.wikimedia.org

These servers are in production public VLAN with public IPv4

I cannot find a reason why we need that. Moreover, sodium is currently migrating, see T286898: Setup new mirror server (mirror1001.wikimedia.org) so this could be the perfect time to revisit this.

Details

SubjectRepoBranchLines +/-
cloud: drop APT repositories NAT exceptionoperations/homer/publicmaster+0 -6
cloudgw: drop APT repositories NAT exceptionoperations/puppetproduction+0 -14
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero created this task.Dec 20 2021, 5:54 PM
gerritbot added a comment.Dec 20 2021, 6:00 PM

Change 748771 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: drop APT repositories NAT exception

https://gerrit.wikimedia.org/r/748771

gerritbot added a project: Patch-For-Review.Dec 20 2021, 6:00 PM
gerritbot added a comment.Dec 20 2021, 6:11 PM

Change 748774 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/homer/public@master] cloud: drop APT repositories NAT exception

https://gerrit.wikimedia.org/r/748774

BilalShirwani closed this task as a duplicate of T298058: [Impact Analysis] Evaluate Impact of Mobile Reply and New Discussion Tools.Dec 21 2021, 12:05 AM
JJMC89 reopened this task as Open.Dec 21 2021, 12:07 AM
aborrero claimed this task.Dec 21 2021, 10:22 AM
aborrero triaged this task as Low priority.
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
gerritbot added a comment.Dec 21 2021, 10:23 AM

Change 748771 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: drop APT repositories NAT exception

https://gerrit.wikimedia.org/r/748771

gerritbot added a comment.Dec 21 2021, 10:31 AM

Change 748774 merged by jenkins-bot:

[operations/homer/public@master] cloud: drop APT repositories NAT exception

https://gerrit.wikimedia.org/r/748774

Stashbot added a comment.Dec 21 2021, 10:39 AM

Mentioned in SAL (#wikimedia-cloud) [2021-12-21T10:39:00Z] <arturo> dropped egress NAT exceptions for WMF apt repos, T298042

aborrero closed this task as Resolved.Dec 21 2021, 10:42 AM
aborrero added a subscriber: ayounsi.

Merged the patches, and apparently works:

aborrero@tools-sgegrid-master:~$ sudo apt update | grep wikimedia.org
Hit:4 http://mirrors.wikimedia.org/debian buster-backports InRelease
Hit:10 http://apt.wikimedia.org/wikimedia buster-wikimedia InRelease

Hopefully we don't need to revert this in the next few days.

Thank @jhathaway and @ayounsi.

Maintenance_bot removed a project: Patch-For-Review.Dec 21 2021, 11:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL