action #168177
opencoordination #167054: [epic] Run more workloads in CC-compliant PRG2 to be less affected by CC related network changes
Migrate critical VM based services needing access to CC-services to CC areas size:M
0%
Description
Motivation¶
non-compliant NUE2 based production VMs might become problematic due to #165282 so we should evaluate which VMs we can migrate and where and execute accordingly.
Acceptance criteria¶
- AC1: Critical VM based services needing access to CC-services are running from CC areas where reasonable
- AC2: Users can access the services using location independant CNAME records where applicable as in before
Suggestions¶
- DONE Wait for #168174
- DONE Try out with non-critical changes, e.g. tumblesle
- Decide which VMs and/or services should be migrated considering the alternative #168133. At time of writing we have 10 VMs on osiris+qamaster
- Prepare DHCP+DNS changes in https://gitlab.suse.de/OPS-Service/salt/
- See suggestions from #168174-3 about how to migrate
- Migrate VMs from qamaster to a (temporary) service hypervisor running on a free OSD openQA worker, e.g. w38+w39
Updated by okurz about 1 month ago
- Copied from action #167057: Run more standard, qemu OSD openQA jobs in CC-compliant PRG2 and none in NUE2 size:S added
Updated by okurz about 1 month ago
- Subject changed from Evacuate critical VM based services needing access to CC-services to CC areas to Migrate critical VM based services needing access to CC-services to CC areas
Updated by okurz about 1 month ago
- Description updated (diff)
- Assignee set to okurz
Updated by okurz about 1 month ago
- Target version changed from Ready to Tools - Next
Updated by okurz 25 days ago
Just from today https://suse.slack.com/archives/C04S88VCHS7/p1729859212598989
This time it’s about Common Criteria on OpenPlatform
:tldr: : You can now run CC-related workloads on OpenPlatform, if you fulfill the prerequisites :catjam:¶
Please read https://itpe.io.suse.de/open-platform/docs/news/this-sprint-in-openplatform-27 (VPN needed), or https://docs.google.com/document/d/14i2OXdJuFphLpw9CslH3xFDfiZgskSPMsIiWNDMEzPc/edit?usp=sharing (VPN not needed)
Updated by okurz 13 days ago
As today the network access rules have been put in place to prevent access to sensitive data we can see the problems that are linked to that.
Today actually regarding monitoring it seems it's weird that there was a short data outage but by now at least data from OSD itself shows up just fine on https://monitor.qa.suse.de/d/nRDab3Jiz/openqa-jobs-test?orgId=1&from=now-7d&to=now so it's really traffic from OSD (CC) to non-CC monitor is coming through ok it seems. With that it's less critical to move ressources like monitor.qa.suse.de