communication #133634
closed
- Private changed from Yes to No
Hello,
in this meeting I would like to present and discuss the network design proposal for the openSUSE infrastructure in SUSE's new PRG2 data center.
As with any exciting changes there will be new challenges - please attend if you are interested and especially if you could imagine helping with network topics in the future. :-)
Best,
Georg
- Status changed from New to Closed
2023-08-03 heroes meeting
network setup in PRG2 datacenter
- openSUSE will get independent hardware, SUSE is "just" the ISP
- discussion about the network layout - summary will be posted on heroes mailinglist
Layout proposals for access via VPN:
management jumphost = allows access to physical machines if user has SSH access to it
1. https://paste.opensuse.org/pastes/e3baac534ebe -> two pools in OpenVPN separated by LDAP group, privileged users get network level access to admin network which contains the management jumphost
2. https://paste.opensuse.org/pastes/2d7d1d18fa9f -> single OpenVPN pool, all users get network level access to all virtual machines including the management jumphost
3. https://paste.opensuse.org/pastes/8efc7ef6e3d0 -> single OpenVPN pool, users get network level access to all machines with no jumphost
Votes in meeting:
- Proposal 1: ii
- Proposal 2: iii
- Proposal 3:
- Network firewall/router
- manageable but HA
- OPN/PfSense poor 10G?
- -> test openSUSE/NFTables based setup, accept short downtime from VRRP switching (three votes)
- HAProxy behind for common services
status reports
- mailman VM updated, needed time to fix all the mailman packages -> waiting for arrival in Factory
- redmine update WIP on https://progress-test.opensuse.org/ -> waiting for licensed plugins
- cdn.o.o setup - cache invalidation triggers added in repopusher and via inotify watchrepodata.service
- jekyll now only fails single broken pages instead of failing/not deploying all jekyll-based pages
Also available in: Atom
PDF