Maniphest T87105

Either add base::firewall to parsoid hosts or remove them from beta
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	greg
	Jan 17 2015, 6:37 PM

Tags

Referenced Files

None

Subscribers

Description

From https://phabricator.wikimedia.org/T86951#983620

In T86951#983620, @yuvipanda wrote:

After some more digging...

https://gerrit.wikimedia.org/r/#/c/185428/ removed the ferm rule from parsoid, because prod parsoid hosts don't have base::firewall included, and we thought we hada removed all vestiges of base::firewall from beta with T86143. However, it turns out that base::firewall is included by contint::firewall::labs which is included by role::ci::slave::labs::common, on parsoid as well as other *oid hosts on betalabs. So that commit actually broke them all, which is sad. To unify prod and beta again, we'll have to either: add base::firewall to parsoid hosts or remove them from beta. I'll discuss this inside ops and remember to keep track.

I've fixed this now by just adding a common ferm rule to all parsoid hosts opening up port 8000. I'm also adding monitoring now to all *oid hosts to make sure they are still accessible (T87063)

Related Objects

Mentioned In: rOPUP8b5e4cc5f963: parsoid: Include base::firewall on parsoid hosts
T86951: Cannot open VE in Betalabs , throwing error Error loading data from server: 503: parsoidserver-http: HTTP 503
Mentioned Here: T86143: port 22 blocked in some cases despite being allowed with security groups
T86951: Cannot open VE in Betalabs , throwing error Error loading data from server: 503: parsoidserver-http: HTTP 503
T87063: Monitor the Parsoid backend service on beta cluster

Event Timeline

greg created this task.Jan 17 2015, 6:37 PM

greg assigned this task to yuvipanda.

greg raised the priority of this task from to Needs Triage.

greg updated the task description. (Show Details)

greg added projects: acl*sre-team, Beta-Cluster-Infrastructure.

greg added subscribers: greg, yuvipanda.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 17 2015, 6:37 PM

greg moved this task from To Triage to Externally Blocked on the Beta-Cluster-Infrastructure board.Jan 17 2015, 6:37 PM

greg mentioned this in T86951: Cannot open VE in Betalabs , throwing error Error loading data from server: 503: parsoidserver-http: HTTP 503.

Krenair subscribed.Jan 17 2015, 6:51 PM

akosiaris mentioned this in rOPUP8b5e4cc5f963: parsoid: Include base::firewall on parsoid hosts.Jan 19 2015, 7:24 PM

Option 1 was chosen and https://gerrit.wikimedia.org/r/185610 by @yuvipanda was merged some minutes ago. Everything seems fine so resolving

greg moved this task from Externally Blocked to Done on the Beta-Cluster-Infrastructure board.Jan 20 2015, 12:22 AM

• Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:55 PM