Proposal: publictest[1-9] addresses
Warren Togami
wtogami at redhat.com
Tue Oct 31 01:43:06 UTC 2006
Last week we discussed the need to open ports like 22 and 80 for the
mercurial test currently hosted on test1 to proceed with public testing.
I did not want to request this firewall change because it would make
it inconsistent, difficult to track, and a thus long-term security risk.
This is because we do NOT want public facing ssh except in known
defined ways.
Proposal
========
test[1-9] remain internal-only test addresses. We assign new addresses
for services ready for public facing testing.
publictest[1-9].fedora.phx.redhat.com (internal)
publictest[1-9].fedora.redhat.com (external)
Port Forwards:
22
80
443
8887 (potential test plague master)
8888 (potential plague builder)
8889 (potential plague builder)
As a matter of security policy, Infrastructure team must approve any and
all uses of publictest[1-9] addresses, especially if they require public
facing ssh. Public facing ssh is necessary for mercurial and other VCS
testing.
Thoughts? Should we go ahead?
Warren Togami
wtogami at redhat.com
More information about the Fedora-infrastructure-list
mailing list