Change Details

hieradata/common.yaml: dmz_cidr: '208.80.155.0/22,10.0.0.0/8' This setting contains a list of destination ranges which will not have the normal labs NAT rules applied. I.e. ranges in this list will see internal IPs This does not cover everything in https://wikitech.wikimedia.org/wiki/IP_and_AS_allocations, leading to this: ```lang=bash krenair@bastion-01:~$ curl -skI https://text-lb.{esams,eqiad,ulsfo,codfw,eqsin}.wikimedia.org/wiki/Main_Page -H 'Host: en.wikipedia.org' | grep X-Client-IP X-Client-IP: 208.80.155.129 X-Client-IP: 10.68.17.232 X-Client-IP: 208.80.155.129 X-Client-IP: 10.68.17.232 X-Client-IP: 208.80.155.129``` The current `dmz_cidr` configuration for eqiad1 is (`profile::openstack::eqiad1::neutron::dmz_cidr` hiera key in `hieradata/eqiad/profile/openstack/eqiad1/neutron.yaml`). Checklist to check if we are done with each setting. [] 172.16.0.0/21:91.198.174.0/24 (stuff in esams DC) [] 172.16.0.0/21:198.35.26.0/23 (stuff in uslfo DC) [] 172.16.0.0/21:10.0.0.0/8 (all private addresses in eqiad DC) [] 172.16.0.0/21:208.80.152.0/22 (stuff in codfw DC) [] 172.16.0.0/21:103.102.166.0/24 (stuff in eqsin DC) [x] 172.16.0.0/21:172.16.0.0/21 (just added in {T206261})

``` hieradata/codfw/profile/openstack/labtest/nova.yaml --- profile::openstack::labtest::nova::dmz_cidr hieradata/codfw/profile/openstack/labtestn/neutron.yaml --- profile::openstack::labtestn::neutron::dmz_cidr hieradata/eqiad/profile/openstack/eqiad1/neutron.yaml --- profile::openstack::eqiad1::neutron::dmz_cidr hieradata/eqiad/profile/openstack/main/nova.yaml --- profile::openstack::main::nova::dmz_cidr ``` These setting contains a list of destination ranges which will not have the normal labs NAT rules applied. I.e. ranges in this list will see internal IPs This does not cover everything in https://wikitech.wikimedia.org/wiki/IP_and_AS_allocations, leading to this: ```lang=bash krenair@bastion-01:~$ curl -skI https://text-lb.{esams,eqiad,ulsfo,codfw,eqsin}.wikimedia.org/wiki/Main_Page -H 'Host: en.wikipedia.org' | grep X-Client-IP X-Client-IP: 208.80.155.129 X-Client-IP: 10.68.17.232 X-Client-IP: 208.80.155.129 X-Client-IP: 10.68.17.232 X-Client-IP: 208.80.155.129``` The current `dmz_cidr` configuration for eqiad1 is (`profile::openstack::eqiad1::neutron::dmz_cidr` hiera key in `hieradata/eqiad/profile/openstack/eqiad1/neutron.yaml`). Checklist to check if we are done with each setting. [] 172.16.0.0/21:91.198.174.0/24 (stuff in esams DC) [] 172.16.0.0/21:198.35.26.0/23 (stuff in uslfo DC) [] 172.16.0.0/21:10.0.0.0/8 (all private addresses in eqiad DC) [] 172.16.0.0/21:208.80.152.0/22 (stuff in codfw DC) [] 172.16.0.0/21:103.102.166.0/24 (stuff in eqsin DC) [x] 172.16.0.0/21:172.16.0.0/21 (just added in {T206261})

hieradata/common.yaml: dmz_cidr: '208.80.155.0/22,10.0.0.0/8'``` Thishieradata/codfw/profile/openstack/labtest/nova.yaml --- profile::openstack::labtest::nova::dmz_cidr hieradata/codfw/profile/openstack/labtestn/neutron.yaml --- profile::openstack::labtestn::neutron::dmz_cidr hieradata/eqiad/profile/openstack/eqiad1/neutron.yaml --- profile::openstack::eqiad1::neutron::dmz_cidr hieradata/eqiad/profile/openstack/main/nova.yaml --- profile::openstack::main::nova::dmz_cidr ``` These setting contains a list of destination ranges which will not have the normal labs NAT rules applied. I.e. ranges in this list will see internal IPs This does not cover everything in https://wikitech.wikimedia.org/wiki/IP_and_AS_allocations, leading to this: ```lang=bash krenair@bastion-01:~$ curl -skI https://text-lb.{esams,eqiad,ulsfo,codfw,eqsin}.wikimedia.org/wiki/Main_Page -H 'Host: en.wikipedia.org' | grep X-Client-IP X-Client-IP: 208.80.155.129 X-Client-IP: 10.68.17.232 X-Client-IP: 208.80.155.129 X-Client-IP: 10.68.17.232 X-Client-IP: 208.80.155.129``` The current `dmz_cidr` configuration for eqiad1 is (`profile::openstack::eqiad1::neutron::dmz_cidr` hiera key in `hieradata/eqiad/profile/openstack/eqiad1/neutron.yaml`). Checklist to check if we are done with each setting. [] 172.16.0.0/21:91.198.174.0/24 (stuff in esams DC) [] 172.16.0.0/21:198.35.26.0/23 (stuff in uslfo DC) [] 172.16.0.0/21:10.0.0.0/8 (all private addresses in eqiad DC) [] 172.16.0.0/21:208.80.152.0/22 (stuff in codfw DC) [] 172.16.0.0/21:103.102.166.0/24 (stuff in eqsin DC) [x] 172.16.0.0/21:172.16.0.0/21 (just added in {T206261})