New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 839520 link

Starred by 1 user
Status: Fixed
Owner:
nxia@chromium.org
Last visit > 30 days ago
Closed: May 2018
Cc:
akes...@chromium.org
cra...@chromium.org
nxia@chromium.org
pprabhu@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 839028



Sign in to add a comment

Switch sync_cloudsql_access.py to use external IPs

Project Member Reported by dgarr...@chromium.org, May 3 2018 
One approach to solving https://crbug.com/839028 is to switch to the TKO DBs external IP address (aka Primary IP, aka V2 IP).

If we update sync_cloudsql_access.py to use external IP addresses for our Ganeti instances when whitelisting them, this is feasible.

The challenges are:

1) We have to discover the external IPs ourselves with a mechanism like:
  runlocalssh ansible -i bin/di shard -a "curl -s -4 myexternalip.com/raw"

2) Those IPs can change without warning.
3) TKO "migrate" user accounts will not work via the V2 IP address.


2/3 may or may not be significant issues.

Comment 1 by dgarr...@chromium.org, May 3 2018

Cc: nxia@chromium.org

Comment 2 by nxia@chromium.org, May 3 2018

Blocking: 839028

Comment 3 by akes...@chromium.org, May 3 2018

Cc: pprabhu@chromium.org
Labels: Chase-Pending
Owner: nxia@chromium.org
Status: Assigned (was: Untriaged)
I believe nxia@ is working on this?

Anyway, I also suggest that we augment it to use both external and internal IPs, rather than switch it. That makes it possible to migrate back and forth between v1 and v2 tko address.

Chase-Pending in case this isn't already resolved by next week.

Comment 4 by akes...@chromium.org, May 3 2018

Cc: cra...@chromium.org
Project Member

Comment 5 by bugdroid1@chromium.org, May 4 2018 

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chromeos/chromeos-admin/+/260c46bf7a8e20c861aa6a853c9230551ecd9454

commit 260c46bf7a8e20c861aa6a853c9230551ecd9454
Author: Ningning Xia <nxia@google.com>
Date: Fri May 04 05:01:13 2018

Comment 6 by dgarr...@chromium.org, May 4 2018

Status: Started (was: Assigned)
nxia@'s CLs for this have been run (and updated the TKO whitelist), but have not yet landed.

Since the lab has been less affected by this issue today/last night, we will hold off on switches TKO IPs today. 

https://crrev.com/i/620845

Comment 7 by cra...@chromium.org, May 7 2018

Labels: -Chase-Pending Chase
Status: Fixed (was: Started)

Comment 8 by nxia@chromium.org, May 7 2018

Status: Assigned (was: Fixed)
https://chromium-review.googlesource.com/c/chromiumos/third_party/autotest/+/1042874

CL is still in CQ. will close the bug after the CL is merged.
Project Member

Comment 9 by bugdroid1@chromium.org, May 8 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/aeb8b63f700b3015745233923b482161f55e6397

commit aeb8b63f700b3015745233923b482161f55e6397
Author: Ningning Xia <nxia@google.com>
Date: Tue May 08 03:46:00 2018

Fetch server external ips for sync_cloudsql_access

BUG= chromium:839520 
TEST=None
CQ-DEPEND=CL:*620407

Change-Id: If8fe9c36fc856fad1912fec5266fcf4df25709e3
Reviewed-on: https://chromium-review.googlesource.com/1042874
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Ningning Xia <nxia@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>

[modify] https://crrev.com/aeb8b63f700b3015745233923b482161f55e6397/site_utils/sync_cloudsql_access.py

Comment 10 by nxia@chromium.org, May 8 2018

Status: Fixed (was: Assigned)

Sign in to add a comment