Actions
action #169348
openCustom, non-IT-provided wireguard tunnels to connect NUE2 OSD openQA workers to OSD
Start date:
2024-10-24
Due date:
2025-01-19 (Due in 57 days)
% Done:
0%
Estimated time:
Description
Motivation¶
This will help us for #166598 to allow SUSE NUE2 FC Basement workers to still be connected to OSD by a reverse connection. In #168880 we already added generic openQA related instructions for using a wireguard tunnel. Within #168133 "official IT wireguard solutions" are planned and might still happen but we are not receiving a response how to continue. As alternative we can then try to solve it on our own then using e.g. OSD which would also need to route everything then.
Acceptance criteria¶
- AC1: NUE2 OSD openQA workers can still successfully run tests over a connection initiated from the webUI OSD
- AC2: The configuration is ensured to be persistent, e.g. in salt
- AC3: If put into production the attempt is documented, e.g. on https://gitlab.suse.de/suse/wiki/-/blob/main/openqa.md
Suggestions¶
- Clarify if this is really needed or if #168133 will be enough instead
- Read http://open.qa/docs/#_wireguard
- Ask dheidler how he did try it as suggested in #168880, e.g. for a NUE2 based openQA workers, e.g. openqaworker1 which is currently powered off anyway, deny access to OSD, e.g. with an /etc/hosts entry, and setup tunneling showing how OSD based tests can still be executed
- Ensure this works for one NUE2 OSD openQA worker
- Roll it out for all using proper salt in https://gitlab.suse.de/openqa/salt-states-openqa
- Document, e.g. on https://gitlab.suse.de/suse/wiki/-/blob/main/openqa.md
- When done, add affected workers back to Salt, e.g. via
for key in petrol.qe.nue2.suse.org sapworker1.qe.nue2.suse.org diesel.qe.nue2.suse.org mania.qe.nue2.suse.org; do salt-key --accept="$key" --include-rejected --yes; done
Actions