action #150956
closed
QA - coordination #121720: [saga][epic] Migration to QE setup in PRG2+NUE3 while ensuring availability
QA - coordination #123800: [epic] Provide SUSE QE Tools services running in PRG2 aka. Prg CoLo
o3 cannot send e-mails via smtp relay size:M
Added by jbaier_cz 6 months ago.
Updated 3 months ago.
Description
Observation¶
After the o3 migration, postfix is no longer able to reach the configured mail relay.
jbaier@new-ariel:~> sudo postconf relayhost
relayhost = [relay.infra.opensuse.org]
jbaier@new-ariel:~> host relay.infra.opensuse.org
relay.infra.opensuse.org has address 192.168.47.4
jbaier@new-ariel:~> ip r
default via 10.150.2.254 dev eth0
10.150.1.0/24 dev eth1 proto kernel scope link src 10.150.1.11
10.150.2.0/24 dev eth0 proto kernel scope link src 10.150.2.10
10.151.15.2 via 10.150.1.254 dev eth1
172.17.0.0/24 dev tun5 proto kernel scope link src 172.17.0.2 linkdown
192.168.47.0/24 dev tun5 scope link linkdown
192.168.112.0/24 dev tun5 scope link linkdown
192.168.254.0/24 dev tun5 scope link linkdown
jbaier@new-ariel:~> mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
4C8A1191D7 5277 Tue Nov 14 15:21:09 o3-admins@opensuse.org
(connect to relay.infra.opensuse.org[192.168.47.4]:25: Connection timed out)
o3-admins@suse.de
team-qa-tools-aaaaejigt64kk3g6p3q4rtgnl4@suse.slack.com
I believe the tun5 is/was the ssh tunnel to old-ariel.
Acceptance criteria¶
- AC1: We are able to receive emails from o3 (again)
Suggestions¶
- DCT migration related so open a thread in Slack #dct-migration (set reminder to yourself so that you ask again if there is no follow-up). If that does not work then we need to open an SD ticket and point to the Slack thread (duh)
- Find out the address of usable mail relay in PRG2 either in opensuse.org or suse.org domain
- Reconfigure postfix on o3 to use it
- Verify the operation
- Project changed from openQA Project to openQA Infrastructure
- Description updated (diff)
- Related to action #132143: Migration of o3 VM to PRG2 - 2023-07-19 size:M added
- Related to action #133364: Migration of o3 VM to PRG2 - Decommission old-ariel in NUE1 as soon as we do not need it anymore added
Hi,
there is currently no connectivity between the openSUSE and the openQA infrastructure in PRG2, if the openSUSE mail relay should be used this will require implementation on a network level. I'm not sure if a SUSE DMZ mail relay exists, but if one does, that might be a more easy route as it wouldn't have to cross as many segment boundaries.
- Subject changed from o3 cannot send e-mails via smtp relay to o3 cannot send e-mails via smtp relay size:M
- Description updated (diff)
- Status changed from New to Workable
- Description updated (diff)
- Description updated (diff)
- Due date set to 2023-12-04
- Status changed from Workable to Feedback
(Jiri Novak) do you need it right now or can it wait till (most propably thursday) when mail is migrated and you can use smtp-out1/2.dmz-prg2.suse.org? :slightly_smiling_face: (edited) actually ... this pathway could already partially work. eg to mailinglists it sohuld be fine. to personal mailboxes, it would attempt to deliver to the future imap, which wil lbe overwrtiren. if you wanna experiment, you might try it
mail outside of the network could technically work, but will likely be marked as spam as it's not in SPF yet (edited)
(Oliver Kurz) It can wait until Thursday. Should we then try to reach smtp-out1/2 from within the DMZ or are there special settings needed including allowing in firewall?
(Jiri Novak) you can test (telnet) if the port 25 is already allowed on firewall
(Oliver Kurz) from ariel.dmz-prg2.suse.org I can resolve smtp-out1.dmz-prg2.suse.org to 10.150.64.1 but receive no response on port 25
(Lazaros Haleplidis) let me investigate from the network security side
(Oliver Kurz) So trying again today no change nmap -p 25 10.150.64.1 from ariel.dmz-prg2.suse.org no response
- Due date changed from 2023-12-04 to 2023-12-15
nmap -p 25 10.150.64.1 still "no response" from o3. We are waiting for SUSE-IT to provide an update after my reminders, if not we will remind again.
- Parent task set to #123800
reminded during "DCT migration weekly" to follow up in slack and/or jira, was taken as action item by John Ford and Toks
- Priority changed from High to Normal
Nothing heard, will await tomorrow's weekly DCT migration call.
- Due date deleted (
2023-12-15)
- Status changed from Feedback to Blocked
okurz wrote in #note-16:
https://jira.suse.com/browse/ENGINFRA-3526
No comment so far. Not sure we have any alternative relays... or if this is not being addressed, maybe we need to come up with something else since it breaks everything that normally sends emails.
livdywan wrote in #note-17:
okurz wrote in #note-16:
https://jira.suse.com/browse/ENGINFRA-3526
No comment so far. Not sure we have any alternative relays... or if this is not being addressed, maybe we need to come up with something else since it breaks everything that normally sends emails.
Added another reminder comment.
- Related to action #155170: [openqa-in-openqa] [sporadic] test fails in test_running: parallel_failed size:M added
- Status changed from Blocked to Resolved
Also available in: Atom
PDF