Project

General

Profile

action #125450

coordination #125363: [epic] Improve collaboration with Eng-Infra

Improve collaboration with Eng-Infra - Firewall management access, potentially also DHCP+DNS size:M

Added by okurz 3 months ago. Updated 3 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
okurz
Target version:
openQA Project - Ready
Start date:
2023-03-06
Due date:
2023-06-16
% Done:

0%

Estimated time:
Tags:
investigation, firewall, process, infra, Eng-Infra, collaboration, access, admin

Description

Motivation

Apparently in many cases rwawrig can help best with issues spanning over multiple locations, e.g. firewall between NUE1 and NUE2, like in https://sd.suse.com/servicedesk/customer/portal/1/SD-113832 but the timezones diff is an obstacle. Give more people like SUSE QE Tools access to firewalls, even if it's just read-only for investigation?

Acceptance criteria

  • AC1: We can ensure that 2+ persons within EMEA timezones have access to firewalls covering multiple Nbg+Prg locations

Suggestions

History

#1 Updated by okurz 3 months ago

  • Status changed from New to Workable

#2 Updated by okurz 3 months ago

  • Target version changed from Ready to future

#4 Updated by okurz 3 months ago

  • Subject changed from Improve collaboration with Eng-Infra - Firewall access, potentially also DHCP+DNS size:M to Improve collaboration with Eng-Infra - Firewall management access, potentially also DHCP+DNS size:M
  • Description updated (diff)
  • Status changed from Workable to In Progress
  • Assignee set to okurz
  • Target version changed from future to Ready

I presented the proposal in the LSG QE mgmt call within the Product Owner on the bench presentation. Tracking https://sd.suse.com/servicedesk/customer/portal/1/SD-113959 (no update since 2023-03-03). I will discuss with runger in a follow-up next time we meet.

#5 Updated by okurz 3 months ago

  • Tags changed from infra, process, Eng-Infra, firewall, access, collaboration, admin, investigation to infra, process, Eng-Infra, firewall, access, collaboration, admin, investigation, next-office-day

I also brought up the topic in #eng-testing https://suse.slack.com/archives/C02CANHLANP/p1678783976855909

(Oliver Kurz) @Ralf Unger CC @Matthias Griessmeier et al.: https://progress.opensuse.org/issues/125363 are more ideas how to improve collaboration with the Eng-Infra domain, https://progress.opensuse.org/issues/125450 is the specific proposal to just give us more access to ease their work and ours as well

#6 Updated by okurz 3 months ago

  • Status changed from In Progress to Workable

#7 Updated by okurz 3 months ago

  • Description updated (diff)

#8 Updated by okurz about 2 months ago

  • Status changed from Workable to In Progress

okurz wrote:

I will discuss with runger in a follow-up next time we meet.

I had the opportunity to meet with runger. runger will discuss with mgmt contacts tomorrow. We can sync on Wednesday+ on the topic again.

In the meantime just today mcaj responded to https://sd.suse.com/servicedesk/customer/portal/1/SD-113959 and offered root ssh access to DHCP servers for FC Basement QE. In collaboration with mcaj on this.

#9 Updated by openqa_review about 2 months ago

  • Due date set to 2023-05-02

Setting due date based on mean cycle time of SUSE QE Tools

#10 Updated by okurz about 2 months ago

I could confirm that I could now login into walter1.qe.nue2.suse.org as well as walter2. . The dhcp server logs can be accessed with journalctl -u dhcpd.

I added according instructions in https://progress.opensuse.org/projects/qa/wiki/Tools#Onboarding-for-new-joiners

#11 Updated by okurz about 2 months ago

  • Status changed from In Progress to Feedback

Had another talk with runger. We can go ahead with the tickets that we had planned and also we can escalate SD specific tickets as needed. mgriessmeier will talk to mflores next week sharing the good example we had with https://sd.suse.com/servicedesk/customer/portal/1/SD-113959 being entrusted with access to walter1+walter2 for DHCP/DNS so we should apply the same approach for other areas e.g. openQA VM management, firewall access, etc.

#12 Updated by okurz about 1 month ago

  • Due date changed from 2023-05-02 to 2023-05-05

2023-05-01 is public holiday so bumping due date to end of next week to get feedback from mgriessmeier regarding his talk to mflores.

#13 Updated by okurz about 1 month ago

  • Due date changed from 2023-05-05 to 2023-05-12

mgriessmeier will ask mflores about firewall access this week, until next week. Management of VMs should be simpler with the new setup that we expect in prg2. As we hardly have problems with that setup we can wait. I see firewall access as critical. The current approach is suboptimal with little proactive problem management. So as long as we don't have at least read-only access to firewall management I strongly suggest to not further move machines into different network zones and hence also not move machines physically from Maxtorhof.

#14 Updated by okurz about 1 month ago

  • Tags changed from infra, process, Eng-Infra, firewall, access, collaboration, admin, investigation, next-office-day to infra, process, Eng-Infra, firewall, access, collaboration, admin, investigation

#15 Updated by okurz 28 days ago

  • Due date changed from 2023-05-12 to 2023-06-02

From https://suse.slack.com/archives/C02CANHLANP/p1683545373786759?thread_ts=1683545236.034219&cid=C02CANHLANP

(Matthias Griessmeier) mflores will look into the possibility of giving you access to the current firewalls as a short term solution. in the longer run the goal is to have clear processes and permissions established
(Oliver Kurz) sounds great. When can I expect a response for the short term solution?

#16 Updated by okurz 20 days ago

mgriessmeier addressed the topic with mflores. Should wait some days for details, let's see.

#17 Updated by cdywan 3 days ago

  • Due date changed from 2023-06-02 to 2023-06-16

Checked with Matthias. Apparently we're still waiting for Moroni or possibly Martin to get back to us.

Also available in: Atom PDF