action #119443
Updated by okurz about 2 years ago
## Motivation
See parent #116623
## Acceptance criteria
* **AC1:** All QA machines in Nbg SRV1 are in new security zones
* **AC2:** All QA machines in Nbg SRV1 are fully usable in production
## Suggestions
* Monitor [Slack #discuss-qe-new-security-zones](https://suse.slack.com/archives/C0488BZNA5S)
* Starting 2022-10-31 react to Lazaros Haleplidis conducting the migration
* Ensure openqaworker11 https://racktables.nue.suse.com/index.php?page=object&object_id=9584 as the primary test machine is reachable over SSH and IPMI
* Document changes in our infrastructure documentation, e.g. progress.opensuse.org/projects/openqav3/wiki/, https://wiki.suse.net/index.php/OpenQA, https://gitlab.suse.de/openqa/salt-pillars-openqa/-/blob/master/openqa/workerconf.sls
* Rinse and repeat for the other machines
* Ensure machines are usable
## Open points
* *DONE* ~~Failed to connect to gitlab.suse.de port 443 from both worker11.oqa.suse.de and worker12.oqa.suse.de~~
* *TODO* https://openqa.suse.de/tests/9870589#step/suseconnect_scc/23 failed trying to access scc.suse.com . I thought there would be no restrictions contacting services outside the network zones. What are the actual rules applied?
* worker13 back in production
* worker10 back in production
* worker2 back in production
* worker3 back in production
* worker5 back in production
* worker6 back in production
* worker8 back in production
* worker9 back in production
* Unpause "Packet loss between worker hosts and other hosts alert"
## Out-of-scope
* This is not including o3 (openqa.opensuse.org) machines as they are in a dedicated network already