openSUSE admin

Hello,

in this meeting I would like to present and discuss the network design proposal for the openSUSE infrastructure in SUSE's new PRG2 data center.
As with any exciting changes there will be new challenges - please attend if you are interested and especially if you could imagine helping with network topics in the future. :-)

Best,
Georg

2023-08-03 heroes meeting

network setup in PRG2 datacenter

• openSUSE will get independent hardware, SUSE is "just" the ISP
• discussion about the network layout - summary will be posted on heroes mailinglist

Layout proposals for access via VPN:
management jumphost = allows access to physical machines if user has SSH access to it
1. https://paste.opensuse.org/pastes/e3baac534ebe -> two pools in OpenVPN separated by LDAP group, privileged users get network level access to admin network which contains the management jumphost
2. https://paste.opensuse.org/pastes/2d7d1d18fa9f -> single OpenVPN pool, all users get network level access to all virtual machines including the management jumphost
3. https://paste.opensuse.org/pastes/8efc7ef6e3d0 -> single OpenVPN pool, users get network level access to all machines with no jumphost

Votes in meeting:
- Proposal 1: ii
- Proposal 2: iii
- Proposal 3:

• Network firewall/router
  • manageable but HA
  • OPN/PfSense poor 10G?
  • -> test openSUSE/NFTables based setup, accept short downtime from VRRP switching (three votes)
• HAProxy behind for common services

status reports

• mailman VM updated, needed time to fix all the mailman packages -> waiting for arrival in Factory
• redmine update WIP on https://progress-test.opensuse.org/ -> waiting for licensed plugins
• cdn.o.o setup - cache invalidation triggers added in repopusher and via inotify watchrepodata.service
• jekyll now only fails single broken pages instead of failing/not deploying all jekyll-based pages