action #116626
closedcoordination #121720: [saga][epic] Migration to QE setup in PRG2+NUE3 while ensuring availability
coordination #116623: [epic] Migration of SUSE Nbg based openQA+QA+QAM systems to new security zones
Migration of SUSE QA systems to new security zones - QAM systems
0%
Updated by okurz almost 2 years ago
- Due date set to 2022-09-30
- Status changed from New to Feedback
- Assignee set to okurz
- Target version set to Ready
Asked apappas and hrommel in https://suse.slack.com/archives/C02CANHLANP/p1663317032423209?thread_ts=1663252311.052159&cid=C02CANHLANP
regarding the above topic, has anyone addressed you regarding QAM machines? If not then we should coordinate this so that QAM machines are also covered by security zone migration plans
Updated by okurz almost 2 years ago
Negative response, i.e. we will need to plan and execute a security zone migration for the qam domain as well.
Updated by okurz almost 2 years ago
According to apappas DHCP/DNS is provided by SUSE-IT EngInfra no a VM davinci.suse.de, managed within https://gitlab.suse.de/OPS-Service/salt/. Example change https://gitlab.suse.de/OPS-Service/salt/-/merge_requests/2531/diffs to edit entries.
The VM is managed by SUSE-IT EngInfra with a salt config hosted, same with qam.suse.cz on another VM.
So likely the best approach is to create a new security zone of each QA as well as QAM and use a DHCP/DNS service provided by SUSE-IT infrastructure following the model of the existing QAM network.
Updated by okurz almost 2 years ago
- Related to action #117043: Request DHCP+DNS services for new QE network zones, same as already provided for .qam.suse.de and .qa.suse.cz added
Updated by okurz almost 2 years ago
- Due date deleted (
2022-09-30) - Status changed from Feedback to Blocked
Discussed in weekly QE sync 2022-09-28 and we agreed including hrommel1 in particular that we can aim for eventually having a joint QE network security zone but for now we should plan a QAM zone replacing the current one as needed and when needed by SUSE-IT Cybersecurity.
For now I will block this ticket on #117043 because I would like to sort out how we can maintain DHCP/DNS more easily before we apply any changes.
Updated by okurz almost 2 years ago
- Priority changed from High to Normal
#117043 first, will take some time
Updated by okurz over 1 year ago
- Category set to Infrastructure
- Status changed from Blocked to New
- Assignee deleted (
okurz)
#117043 completed, work can be continued
Updated by okurz 10 months ago
- Status changed from New to Resolved
- Assignee set to okurz
- Target version changed from future to Ready
With NUE1 decommissioned all active systems are in new security zones and I guess machines that are brought (back) into production will also end up in new security zones