Project

General

Profile

Actions
Copy link

action #116626

closed

coordination #121720: [saga][epic] Migration to QE setup in PRG2+NUE3 while ensuring availability

coordination #116623: [epic] Migration of SUSE Nbg based openQA+QA+QAM systems to new security zones

Migration of SUSE QA systems to new security zones - QAM systems

Added by okurz over 1 year ago. Updated 5 months ago.

Status:
Resolved
Priority:
Low
Assignee:
okurz
Target version:
openQA Project - Ready
Start date:
2022-09-15
Due date:
% Done:

0%

Estimated time:
Tags:
infra

Related issues 1 (0 open1 closed)

Related to QA - action #117043: Request DHCP+DNS services for new QE network zones, same as already provided for .qam.suse.de and .qa.suse.czResolvedokurz

Actions
Actions
Copy link
 #1

Updated by okurz over 1 year ago

  • Parent task set to #116623
Actions
Copy link
 #2

Updated by okurz over 1 year ago

  • Priority changed from Normal to High
Actions
Copy link
 #3

Updated by okurz over 1 year ago

  • Due date set to 2022-09-30
  • Status changed from New to Feedback
  • Assignee set to okurz
  • Target version set to Ready

Asked apappas and hrommel in https://suse.slack.com/archives/C02CANHLANP/p1663317032423209?thread_ts=1663252311.052159&cid=C02CANHLANP

regarding the above topic, has anyone addressed you regarding QAM machines? If not then we should coordinate this so that QAM machines are also covered by security zone migration plans

Actions
Copy link
 #4

Updated by okurz over 1 year ago

Negative response, i.e. we will need to plan and execute a security zone migration for the qam domain as well.

Actions
Copy link
 #5

Updated by okurz over 1 year ago

According to apappas DHCP/DNS is provided by SUSE-IT EngInfra no a VM davinci.suse.de, managed within https://gitlab.suse.de/OPS-Service/salt/. Example change https://gitlab.suse.de/OPS-Service/salt/-/merge_requests/2531/diffs to edit entries.
The VM is managed by SUSE-IT EngInfra with a salt config hosted, same with qam.suse.cz on another VM.

So likely the best approach is to create a new security zone of each QA as well as QAM and use a DHCP/DNS service provided by SUSE-IT infrastructure following the model of the existing QAM network.

Actions
Copy link
 #6

Updated by okurz over 1 year ago

  • Related to action #117043: Request DHCP+DNS services for new QE network zones, same as already provided for .qam.suse.de and .qa.suse.cz added
Actions
Copy link
 #7

Updated by okurz over 1 year ago

  • Due date deleted (2022-09-30)
  • Status changed from Feedback to Blocked

Discussed in weekly QE sync 2022-09-28 and we agreed including hrommel1 in particular that we can aim for eventually having a joint QE network security zone but for now we should plan a QAM zone replacing the current one as needed and when needed by SUSE-IT Cybersecurity.
For now I will block this ticket on #117043 because I would like to sort out how we can maintain DHCP/DNS more easily before we apply any changes.

Actions
Copy link
 #8

Updated by okurz over 1 year ago

  • Priority changed from High to Normal

#117043 first, will take some time

Actions
Copy link
 #9

Updated by okurz about 1 year ago

  • Category set to Infrastructure
  • Status changed from Blocked to New
  • Assignee deleted (okurz)

#117043 completed, work can be continued

Actions
Copy link
 #10

Updated by okurz about 1 year ago

  • Priority changed from Normal to Low
Actions
Copy link
 #11

Updated by okurz about 1 year ago

  • Target version changed from Ready to future
Actions
Copy link
 #12

Updated by okurz 5 months ago

  • Status changed from New to Resolved
  • Assignee set to okurz
  • Target version changed from future to Ready

With NUE1 decommissioned all active systems are in new security zones and I guess machines that are brought (back) into production will also end up in new security zones

Actions
Copy link

Also available in: Atom PDF