Page MenuHomePhabricator
Create Task
Maniphest T96335

Use base::firewall on tools proxies
Closed, ResolvedPublic
Actions

Description

This should allow access to:

port 80 / 443 to everyone in the universe
port 8282 from just labs (for proxylistener)
redis replication port from just other webproxies
port 22 from bastions

This allows us to open up the redis replication just to other webproxies instead of opening it up to the world.

Details

SubjectRepoBranchLines +/-
tools: Allow redis access between proxiesoperations/puppetproduction+8 -0
dynamicproxy: Do not bind redis only on localhostoperations/puppetproduction+0 -1
dynamicproxy: Include firewall for base proxyoperations/puppetproduction+2 -0
tools: Enable firewall on webproxiesoperations/puppetproduction+2 -0
tools: Explicitly open port for proxylisteneroperations/puppetproduction+7 -0
dynamicproxy: Add ferm rules for http / httpsoperations/puppetproduction+12 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

yuvipanda created this task.Apr 17 2015, 12:56 AM
yuvipanda raised the priority of this task from to Needs Triage.
yuvipanda updated the task description. (Show Details)
yuvipanda added projects: ToolLabs-Goals-Q4, Toolforge.
yuvipanda added subscribers: Aklapper, yuvipanda.
gerritbot subscribed.Apr 17 2015, 1:02 AM

Change 204685 had a related patch set uploaded (by Yuvipanda):
dynamicproxy: Add ferm rules for http / https

https://gerrit.wikimedia.org/r/204685

gerritbot added a project: Patch-For-Review.Apr 17 2015, 1:02 AM
yuvipanda updated the task description. (Show Details)Apr 17 2015, 1:10 AM
yuvipanda set Security to None.
gerritbot added a comment.Apr 17 2015, 1:13 AM

Change 204688 had a related patch set uploaded (by Yuvipanda):
tools: Explicitly open port for proxylistener

https://gerrit.wikimedia.org/r/204688

gerritbot added a comment.Apr 17 2015, 1:13 AM

Change 204685 merged by Yuvipanda:
dynamicproxy: Add ferm rules for http / https

https://gerrit.wikimedia.org/r/204685

yuvipanda mentioned this in rOPUP40e04d6cd0dd: dynamicproxy: Add ferm rules for http / https.Apr 17 2015, 1:14 AM
gerritbot added a comment.Apr 17 2015, 1:18 AM

Change 204688 merged by Yuvipanda:
tools: Explicitly open port for proxylistener

https://gerrit.wikimedia.org/r/204688

yuvipanda mentioned this in rOPUPf5bc5cbccf7b: tools: Explicitly open port for proxylistener.Apr 17 2015, 1:18 AM
gerritbot added a comment.Apr 17 2015, 1:47 AM

Change 204693 had a related patch set uploaded (by Yuvipanda):
tools: Enable firewall on webproxies

https://gerrit.wikimedia.org/r/204693

gerritbot added a comment.Apr 17 2015, 1:47 AM

Change 204693 merged by Yuvipanda:
tools: Enable firewall on webproxies

https://gerrit.wikimedia.org/r/204693

yuvipanda mentioned this in rOPUPdd6973e4f206: tools: Enable firewall on webproxies.Apr 17 2015, 1:47 AM
gerritbot added a comment.Apr 17 2015, 2:35 AM

Change 204697 had a related patch set uploaded (by Yuvipanda):
dynamicproxy: Include firewall for base proxy

https://gerrit.wikimedia.org/r/204697

gerritbot added a comment.Apr 17 2015, 2:35 AM

Change 204698 had a related patch set uploaded (by Yuvipanda):
dynamicproxy: Do not bind redis only on localhost

https://gerrit.wikimedia.org/r/204698

gerritbot added a comment.Apr 17 2015, 2:46 AM

Change 204697 merged by Yuvipanda:
dynamicproxy: Include firewall for base proxy

https://gerrit.wikimedia.org/r/204697

yuvipanda mentioned this in rOPUPe365a18684c9: dynamicproxy: Include firewall for base proxy.Apr 17 2015, 2:47 AM
gerritbot added a comment.Apr 17 2015, 2:57 AM

Change 204698 merged by Yuvipanda:
dynamicproxy: Do not bind redis only on localhost

https://gerrit.wikimedia.org/r/204698

yuvipanda mentioned this in rOPUP6e7d80c63d9c: dynamicproxy: Do not bind redis only on localhost.Apr 17 2015, 2:57 AM
gerritbot added a comment.Apr 17 2015, 3:12 AM

Change 204701 had a related patch set uploaded (by Yuvipanda):
tools: Allow redis access between proxies

https://gerrit.wikimedia.org/r/204701

gerritbot added a comment.Apr 17 2015, 3:13 AM

Change 204701 merged by Yuvipanda:
tools: Allow redis access between proxies

https://gerrit.wikimedia.org/r/204701

yuvipanda mentioned this in rOPUP113358714b8c: tools: Allow redis access between proxies.Apr 17 2015, 3:14 AM
yuvipanda closed this task as Resolved.Apr 17 2015, 3:28 AM
yuvipanda claimed this task.

Boom all done :D

yuvipanda added a project: Labs-Q4-Sprint-3.Apr 18 2015, 4:21 AM
yuvipanda moved this task from Backlog to Redundancy on the ToolLabs-Goals-Q4 board.Apr 23 2015, 3:02 AM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:52 PM
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJun 7 2017, 6:52 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL