[Labs-l] Project security group changes in eqiad labs
Bryan Davis
bd808 at wikimedia.org
Thu Mar 6 23:53:19 UTC 2014
I got some helpful tips from Coren in irc today that I thought I'd
pass on to others who may be starting to setup their projects in
eqiad.
Security group rules from pmtpa were copied over to eqiad, which is
awesome, but they probably need some changes. I needed to change the
port 22 (ssh) allowed CIDR range so that proxying via
bastion-eqiad.wmflabs.org was allowed. To do this:
* Add a rule allowing port 22 TCP from 10.0.0.0/8
* Delete old rule allowing port 22 TCP from 10.4.0.0/21
Just to be "safe" I did the same thing for port 5666 (icinga monitor)
in eqiad. I also changed my ssh allowed rule in pmtpa to make copying
things from one data center to the other easier.
Thanks to Coren for pointing me to this and giving me the CIDR range
to use. And in general big props to everyone who has helped get the
eqiad data center up and running. Three cheers for the death of
gluster!
Bryan
--
Bryan Davis Wikimedia Foundation <bd808 at wikimedia.org>
[[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA
irc: bd808 v:415.839.6885 x6855
More information about the Labs-l
mailing list