centos-infra

Clone
Source Code
GIT

#1641 Prepare AWS new VPC for isolated builders
Closed: Fixed 15 days ago by arrfab. Opened 3 months ago by arrfab.

Closed: Fixed
Reopen Issue

As part of the DC move (see #1579) , we'll redesign how/where our infra is hosted and we'll use the hybrid cloud model, with kojihub and NFS storage still on prem (RH DC) but builders remotely connected to hub, while still isolated and not reachable from internet (and themselves having no route to go to internet)

The proposed plan to implement before the migration will happen :

  • setup a new VPC in one region (to be defined but close to new RDU3 DC)
  • ensuring a bastion/proxy can be initialized to reach isolated EC2 instances in that new VPC
  • ensuring a zabbix proxy would be able to monitor "locally" that isolated infra (zabbix active proxy)
  • deploy new aarch64/x86_64 EC2 instances that will be acting as koji builders for cbs.centos.org (not in createrepo channel as not able to touch NFS host)
  • Configuring these through ansible group_vars to reach cbs kojihub through proxy in that VPC, and also same for scm proxy (git operations when fetching from git.centos.org and gitlab.com/CentOS)

Metadata Update from @arrfab:
- Issue tagged with: cbs, dc-move, high-gain, high-trouble
3 months ago

Metadata Update from @arrfab:
- Issue marked as blocking: #1579
3 months ago

Metadata Update from @arrfab:
- Issue assigned to arrfab
a month ago

status update:

  • vpc is created and public/private subnets configured in two availability zones in one region
  • bastion host is deployed and configured to access other ec2 provisioned instances
  • zabbix proxy is there and using TLS from agent to proxy and from proxy to upstream zabbix
  • caching host (and also pure http/https proxy for git operation) is deployed and working

closing this one as all work is done and we'll just create other sub-tasks for the koji builders for the real DC migration (not tied to aws setup for VPC, all working now)

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
15 days ago

Log in to comment on this ticket.

Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.