Last modified: 2014-08-28 01:20:55 UTC
Currently, intra-project traffic (i. e., from tools-login to tools-redis or from tools-webproxy to tools-webgrid-01) is not subject to the firewall rules of security groups. Due to that, security groups are not up to date, for example, the redis security group doesn't explicitely allow traffic on port 6379. The move to eqiad could change the default behaviour. Therefore, prior to the move, we need to make sure that: a) all hosts have proper security groups assigned, and b) security groups really allow traffic they're supposed to allow.
Anything intended "prior to the move" is not all that relevant today. :-)
Eh, yes, irrespective of the DC location, we should still make sure that: a) all hosts have proper security groups assigned, and b) security groups really allow traffic they're supposed to allow.
agree, just because we didn't already do it doesn't mean it's invalid :)