Skip to content

LanDB network management

Editing information in LanDB

For physical hardware, the owner of the machine can edit information in LanDB such as the main user or IP aliases.

For virtual machines, this information is managed by OpenStack and thus the entry in LanDB for the virtual machines is locked from editing. If you try to change the information, you will see the message 'The device MY-DEVICE-NAME is externally managed by a service provider'.

To set the fields in LanDB, you need to use the openstack tool to set the values as described in Setting LanDB fields.

External access through firewall

By default, the CERN outer perimeter firewall blocks incoming access to systems on the CERN site.

Upon request the external firewall can, however, be opened for individual or a set of virtual machines. In any cases, this will require approval by the security team.

For a single machine:

  • go to the request form (replace MY-DEVICE-NAME.CERN.CH with your host name).
  • note that this request form can also be reached from the bottom of the VM overview page in the openstack.cern.ch website.

For a set of machines (which need the same rules in the external firewall):

  • use the LanDB set page to create a set to which the virtual machines can be added (note that for Puppet managed machines it is possible to add nodes via Hiera to LanDB sets)

Note: site firewall openings can be granted for virtual machines in Shared projects. Requests for firewall opening for VMs in Personal projects will not be granted.

IP Address Ranges

For remote sites which have firewall rules, the range of IPs which could be allocated by the OpenStack framework is similar to the whole CERN network.

These addresses are listed here