action #169348
Updated by mkittler 13 days ago
## Motivation
This will help us for #166598 to allow SUSE NUE2 FC Basement workers to still be connected to OSD by a reverse connection. In #168880 we already added generic openQA related instructions for using a wireguard tunnel. Within #168133 "official IT wireguard solutions" are planned and might still happen but we are not receiving a response how to continue. As alternative we can then try to solve it on our own then using e.g. OSD which would also need to route everything then.
## Acceptance criteria
* **AC1:** NUE2 OSD openQA workers can still successfully run tests over a connection initiated from the webUI OSD
* **AC2:** The configuration is ensured to be persistent, e.g. in salt
* **AC3:** If put into production the attempt is documented, e.g. on https://gitlab.suse.de/suse/wiki/-/blob/main/openqa.md
## Suggestions
* Clarify if this is really needed or if #168133 will be enough instead
* Read http://open.qa/docs/#_wireguard
* Ask dheidler how he did try it as suggested in #168880, e.g. for a NUE2 based openQA workers, e.g. openqaworker1 which is currently powered off anyway, deny access to OSD, e.g. with an /etc/hosts entry, and setup tunneling showing how OSD based tests can still be executed
* Ensure this works for one NUE2 OSD openQA worker
* Roll it out for all using proper salt in https://gitlab.suse.de/openqa/salt-states-openqa
* Document, e.g. on https://gitlab.suse.de/suse/wiki/-/blob/main/openqa.md
* When done, add affected workers back to Salt, e.g. via `for key in petrol.qe.nue2.suse.org sapworker1.qe.nue2.suse.org diesel.qe.nue2.suse.org mania.qe.nue2.suse.org; do salt-key --accept="$key" --include-rejected --yes; done`