action #168177
opencoordination #167054: [epic] Run more workloads in CC-compliant PRG2 to be less affected by CC related network changes
Migrate critical VM based services needing access to CC-services to CC areas
0%
Description
Motivation¶
non-compliant NUE2 based production VMs might become problematic due to #165282 so we should evaluate which VMs we can migrate and where and execute accordingly.
Acceptance criteria¶
- AC1: Critical VM based services needing access to CC-services are running from CC areas where reasonable
- AC2: Users can access the services using location independant CNAME records where applicable as in before
Suggestions¶
- DONE Wait for #168174
- DONE Try out with non-critical changes, e.g. tumblesle
- Decide which VMs and/or services should be migrated considering the alternative #168133. At time of writing we have 10 VMs on osiris+qamaster
- Prepare DHCP+DNS changes in https://gitlab.suse.de/OPS-Service/salt/
See suggestions from #168174-3 about how to migrateMigrate VMs from qamaster to a (temporary) service hypervisor running on a free OSD openQA worker, e.g. w38+w39- Move VMs to openplatform
Updated by okurz 2 months ago
- Copied from action #167057: Run more standard, qemu OSD openQA jobs in CC-compliant PRG2 and none in NUE2 size:S added
Updated by okurz about 2 months ago
- Subject changed from Migrate critical VM based services needing access to CC-services to CC areas to Migrate critical VM based services needing access to CC-services to CC areas size:M
- Description updated (diff)
- Status changed from New to Workable
Updated by okurz about 2 months ago
- Status changed from Workable to Blocked
Updated by okurz about 2 months ago
- Target version changed from Tools - Next to Ready
Updated by okurz about 2 months ago
- Assignee changed from okurz to mkittler
assigning to mkittler to track blocker tickets for now
Updated by okurz about 2 months ago
Just from today https://suse.slack.com/archives/C04S88VCHS7/p1729859212598989
This time it’s about Common Criteria on OpenPlatform
:tldr: : You can now run CC-related workloads on OpenPlatform, if you fulfill the prerequisites :catjam:¶
Please read https://itpe.io.suse.de/open-platform/docs/news/this-sprint-in-openplatform-27 (VPN needed), or https://docs.google.com/document/d/14i2OXdJuFphLpw9CslH3xFDfiZgskSPMsIiWNDMEzPc/edit?usp=sharing (VPN not needed)
Updated by okurz about 1 month ago
As today the network access rules have been put in place to prevent access to sensitive data we can see the problems that are linked to that.
Today actually regarding monitoring it seems it's weird that there was a short data outage but by now at least data from OSD itself shows up just fine on https://monitor.qa.suse.de/d/nRDab3Jiz/openqa-jobs-test?orgId=1&from=now-7d&to=now so it's really traffic from OSD (CC) to non-CC monitor is coming through ok it seems. With that it's less critical to move ressources like monitor.qa.suse.de
Updated by okurz 23 days ago
- Subject changed from Migrate critical VM based services needing access to CC-services to CC areas size:M to Migrate critical VM based services needing access to CC-services to CC areas
Based on discussion with szarate we should refine and re-estimate the ticket. Better split into multiple S-sized-tasks, e.g. split into "support migration of other people's VMs" and "our own critical service workloads" excluding any "personal toy VMs" :)