Re: Freeze break request: Upgrade FAS to 0.12.0 and open firewall on db-fas01 from basset01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 17, 2016 at 05:28:17PM -0400, Patrick Uiterwijk wrote:
> Hi,
> 
> Could I get +1s for the following things:
> 
> 1. Upgrade FAS to 0.12.0: this release includes hooks for spam checks, and is currently running in Staging.
> 2. Installation of basset01.phx2 prod (not per se freeze break as it's a new host).

+1 for me

> 3. Open the db-fas01 prod firewall for basset01.phx2 (see patch) so that it can import the prod data.

I'd like an overview of how it works/why it needs this access.

Basically if I knew from IRC logs that you were working on something against our
dear spammers, I've heard for the first time the word Basset in the IRC meeting
of today.
I saw from the FAS commits that FAS will make some queries to it, but I'd like
an overview of why it needs access to FAS' DB, what for?
Our FAS DB is probably one of our most sensible host and I'd like to know what
apps accessing it are doing before agreeing on granting access.

Do you think you could present a little bit Basset to us?
I see a Basset project on pagure so I guess it's it, but it doesn't even have a
README to explain what it is and the setup.py isn't more helpful :)

Thanks,

Pierre



> Note that this specifically does not include updating the FAS config to make use of the Basset calls,
> I will open a new FBR when I'm ready for that.
> This means that for the time being, there should be no visible changes to FAS until we enable this.
> I could hold off on the FAS upgrade until we are ready, but I figured I could get it done now. (if I can get
> at least +1s for nr 2/3, I can get started).
> 
> 
> 
> [master 36bd988] Enable access from basset01 to db-fas01
>  1 file changed, 3 insertions(+)
> [puiterwijk@batcave01 host_vars]$ git show HEAD
> commit 36bd9884fc2a846ebc784713be8d88a5c555018a
> Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date:   Thu Mar 17 21:20:58 2016 +0000
> 
>     Enable access from basset01 to db-fas01
>     
>     Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> 
> diff --git a/inventory/host_vars/db-fas01.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.phx2.fedoraproject.or
> index 83372cc..00b6fb1 100644
> --- a/inventory/host_vars/db-fas01.phx2.fedoraproject.org
> +++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org
> @@ -37,6 +37,9 @@ custom_rules: [
>      '-A INPUT -p tcp -m tcp -s 10.5.126.46  --dport 5432 -j ACCEPT',
>      '-A INPUT -p tcp -m tcp -s 10.5.126.47  --dport 5432 -j ACCEPT' ,
>  
> +    # basset01
> +    '-A INPUT -p tcp -m tcp -s 10.5.126.194  --dport 5432 -j ACCEPT',
> +
>      # sundries02...
>      '-A INPUT -p tcp -m tcp -s 10.5.126.41   --dport 5432 -j ACCEPT',

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux