Last week we discussed the need to open ports like 22 and 80 for the
mercurial test currently hosted on test1 to proceed with public testing.
I did not want to request this firewall change because it would make
it inconsistent, difficult to track, and a thus long-term security risk.
This is because we do NOT want public facing ssh except in known
defined ways.
Proposal
========
test[1-9] remain internal-only test addresses. We assign new addresses
for services ready for public facing testing.
publictest[1-9].fedora.phx.redhat.com (internal)
publictest[1-9].fedora.redhat.com (external)
Port Forwards:
22
80
443
8887 (potential test plague master)
8888 (potential plague builder)
8889 (potential plague builder)
As a matter of security policy, Infrastructure team must approve any and
all uses of publictest[1-9] addresses, especially if they require public
facing ssh. Public facing ssh is necessary for mercurial and other VCS
testing.
Thoughts? Should we go ahead?
Warren Togami
wtogami@xxxxxxxxxx
