action #119446
closed
coordination #121720: [saga][epic] Migration to QE setup in PRG2+NUE3 while ensuring availability
coordination #116623: [epic] Migration of SUSE Nbg based openQA+QA+QAM systems to new security zones
Conduct the migration of SUSE openQA+QA systems from Nbg SRV2 to new security zones
Added by okurz about 2 years ago.
Updated 12 months ago.
Description
Motivation¶
See parent #116623
Acceptance criteria¶
- AC1: All QA machines in Nbg SRV2 are in new security zones
- AC2: All QA machines in Nbg SRV2 are fully usable in production
Suggestions¶
- Copied from action #119443: Conduct the migration of SUSE openQA systems from Nbg SRV1 to new security zones size:M added
- Copied to action #119449: Conduct the migration of SUSE openQA+QA systems from Nbg QA labs to new security zones added
- Description updated (diff)
@okurz Hi Oliver, FYI, we suggest to hold on this task of SRV2 migration to security zone until https://progress.opensuse.org/issues/120651 is fixed. Otherwise ipmi jobs will be impacted a lot, because in that ticket it reports that serial log can't be got after security zone migration (all xx_script_run impacted).
- Related to action #120651: [openQA][infra][ipmi][worker][api] The expected pattern CMD_FINISHED-xxxxx returned but did not show up in serial log (wait_serial timed out) size:M added
- Category set to Infrastructure
- Priority changed from Normal to Low
xlai wrote:
@okurz Hi Oliver, FYI, we suggest to hold on this task of SRV2 migration to security zone until https://progress.opensuse.org/issues/120651 is fixed. Otherwise ipmi jobs will be impacted a lot, because in that ticket it reports that serial log can't be got after security zone migration (all xx_script_run impacted).
Yes, I agree. Blocked by #120651 and #119449
- Target version changed from Ready to future
- Status changed from Blocked to Resolved
- Target version changed from future to Ready
With NUE1 decommissioned all active systems are in new security zones and I guess machines that are brought (back) into production will also end up in new security zones. No specific work for improving error reporting here was done and I don't think we need to improve that further. We need to rely on SUSE-IT to monitor their firewall accordingly.
Also available in: Atom
PDF