action #150956
closedQA - coordination #121720: [saga][epic] Migration to QE setup in PRG2+NUE3 while ensuring availability
QA - coordination #123800: [epic] Provide SUSE QE Tools services running in PRG2 aka. Prg CoLo
o3 cannot send e-mails via smtp relay size:M
0%
Description
Observation¶
After the o3 migration, postfix is no longer able to reach the configured mail relay.
jbaier@new-ariel:~> sudo postconf relayhost
relayhost = [relay.infra.opensuse.org]
jbaier@new-ariel:~> host relay.infra.opensuse.org
relay.infra.opensuse.org has address 192.168.47.4
jbaier@new-ariel:~> ip r
default via 10.150.2.254 dev eth0
10.150.1.0/24 dev eth1 proto kernel scope link src 10.150.1.11
10.150.2.0/24 dev eth0 proto kernel scope link src 10.150.2.10
10.151.15.2 via 10.150.1.254 dev eth1
172.17.0.0/24 dev tun5 proto kernel scope link src 172.17.0.2 linkdown
192.168.47.0/24 dev tun5 scope link linkdown
192.168.112.0/24 dev tun5 scope link linkdown
192.168.254.0/24 dev tun5 scope link linkdown
jbaier@new-ariel:~> mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
4C8A1191D7 5277 Tue Nov 14 15:21:09 o3-admins@opensuse.org
(connect to relay.infra.opensuse.org[192.168.47.4]:25: Connection timed out)
o3-admins@suse.de
team-qa-tools-aaaaejigt64kk3g6p3q4rtgnl4@suse.slack.com
I believe the tun5 is/was the ssh tunnel to old-ariel.
Acceptance criteria¶
- AC1: We are able to receive emails from o3 (again)
Suggestions¶
- DCT migration related so open a thread in Slack #dct-migration (set reminder to yourself so that you ask again if there is no follow-up). If that does not work then we need to open an SD ticket and point to the Slack thread (duh)
- Find out the address of usable mail relay in PRG2 either in opensuse.org or suse.org domain
- Reconfigure postfix on o3 to use it
- Verify the operation
Updated by jbaier_cz 6 months ago
- Related to action #132143: Migration of o3 VM to PRG2 - 2023-07-19 size:M added
Updated by jbaier_cz 6 months ago
- Related to action #133364: Migration of o3 VM to PRG2 - Decommission old-ariel in NUE1 as soon as we do not need it anymore added
Updated by crameleon 6 months ago
Hi,
there is currently no connectivity between the openSUSE and the openQA infrastructure in PRG2, if the openSUSE mail relay should be used this will require implementation on a network level. I'm not sure if a SUSE DMZ mail relay exists, but if one does, that might be a more easy route as it wouldn't have to cross as many segment boundaries.
Updated by okurz 6 months ago
- Due date set to 2023-12-04
- Status changed from Workable to Feedback
https://suse.slack.com/archives/C04MDKHQE20/p1700483127476509
(Oliver Kurz) @John Ford @Moroni Flores @Martin Caj (CC @Georg Pfützenreuter) There is still an open task regarding email sending from ariel.prg2-dmz.suse.org which is now getting more severe because the old connection to relay.infra.opensuse.org was severed. Which email relay should we use on ariel.prg2-dmz.suse.org to send emails? Our internal tracking issue https://progress.opensuse.org/issues/150956
Updated by okurz 6 months ago
(Jiri Novak) do you need it right now or can it wait till (most propably thursday) when mail is migrated and you can use smtp-out1/2.dmz-prg2.suse.org? :slightly_smiling_face: (edited) actually ... this pathway could already partially work. eg to mailinglists it sohuld be fine. to personal mailboxes, it would attempt to deliver to the future imap, which wil lbe overwrtiren. if you wanna experiment, you might try it
mail outside of the network could technically work, but will likely be marked as spam as it's not in SPF yet (edited)
(Oliver Kurz) It can wait until Thursday. Should we then try to reach smtp-out1/2 from within the DMZ or are there special settings needed including allowing in firewall?
(Jiri Novak) you can test (telnet) if the port 25 is already allowed on firewall
(Oliver Kurz) from ariel.dmz-prg2.suse.org I can resolve smtp-out1.dmz-prg2.suse.org to 10.150.64.1 but receive no response on port 25
(Lazaros Haleplidis) let me investigate from the network security side
(Oliver Kurz) So trying again today no change nmap -p 25 10.150.64.1 from ariel.dmz-prg2.suse.org no response
Updated by mgriessmeier 5 months ago
reminded during "DCT migration weekly" to follow up in slack and/or jira, was taken as action item by John Ford and Toks
Updated by livdywan 3 months ago
Updated by okurz 3 months ago
- Related to action #155170: [openqa-in-openqa] [sporadic] test fails in test_running: parallel_failed size:M added
Updated by okurz 3 months ago
- Status changed from Blocked to Resolved
https://jira.suse.com/browse/ENGINFRA-3526 set to Done. We saw a big influx of email which is a good sign. So we can resolve.