Indeed it was. Instances on virt1 couldn't talk to the outside world due to a improper SNAT rule that was an artifact of our multi-host network-node attempt.
On Wed, Jun 27, 2012 at 12:47 PM, Ryan Lane <[email protected]> wrote: > This is a bug, likely due to the multi-host network node changes we > attempted the other day. > > On Wed, Jun 27, 2012 at 2:38 AM, Andrew Bogott <[email protected]> wrote: >> I'm moving this discussion from IRC to email in hopes of spanning a few >> more timezones. >> >> A few people (me included) have noticed that some instances which >> recently had access to the outside Internet no longer have this access. For >> example, my swiss-army-instance 'utils-abogott' used to chat with freenode >> and can no longer. The same change in access has happened to >> etherpad.wmflabs.org, and presumably many other instances. >> >> I'm assuming this is on purpose, due to a new policy that increases >> enforcement of security groups. True? >> >> If yes, I still have two questions: >> >> 1) In the default security group for that project I see this rule: 22, 22, >> 0.0.0.0/0 which I would take to mean 'ssh allowed to/from anywhere.' And >> yet, best I can tell I cannot initiate an ssh connection to anywhere from >> that system. Am I making a dumb mistake? >> >> 2) The help page about security groups >> (https://labsconsole.wikimedia.org/wiki/Help:Security) suggests that >> security settings cannot be changed for existing instances. Doesn't that >> pose quite a serious problem for people who are invested in instances that >> existed before the (presumed) new security policy? >> >> Thanks! >> >> -Andrew >> >> >> _______________________________________________ >> Labs-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/labs-l >> > > _______________________________________________ > Labs-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/labs-l _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
