You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Portal:Cloud VPS/Admin/notes/Service predictions for cross realm situation: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Arturo Borrero Gonzalez
(mention nova-fullstack)
imported>Arturo Borrero Gonzalez
(add level of effort column)
Line 9: Line 9:
! Predicted future model
! Predicted future model
! Comments
! Comments
! Level of effort
|-
|-
! Cloud rec DNS
! Cloud rec DNS
| cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception.
| cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception.
| case 4
| case 4
|
|
|
|-
|-
Line 18: Line 20:
| cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception.
| cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception.
| case 4
| case 4
|
|
|
|-
|-
Line 23: Line 26:
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| case 4
| case 4
|
|
|
|-
|-
Line 28: Line 32:
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| case 4
| case 4
|
|
|
|-
|-
Line 33: Line 38:
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| case 4
| case 4
|
|
|
|-
|-
Line 39: Line 45:
| ---
| ---
| Recently done, see https://phabricator.wikimedia.org/T272397
| Recently done, see https://phabricator.wikimedia.org/T272397
|
|-
|-
! Metrics services
! Metrics services
| cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| case 1
| case 1
|
|
|
|-
|-
Line 49: Line 57:
| case 4
| case 4
| Might move to case 4 in next iteration
| Might move to case 4 in next iteration
|
|-
|-
! openstack APIs
! openstack APIs
| cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception.
| cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception.
| case 4
| case 4
|
|
|
|-
|-
Line 59: Line 69:
|  
|  
| cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: [[Help:CirrusSearch_elasticsearch_replicas]].
| cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: [[Help:CirrusSearch_elasticsearch_replicas]].
|
|-
|-
! cloud hypervisors (cloudvirt servers)
! cloud hypervisors (cloudvirt servers)
| {{done}} case 4 compliant
| {{done}} case 4 compliant
| ---
| ---
|
|
|
|-
|-
Line 68: Line 80:
| {{done}} case 4 compliant
| {{done}} case 4 compliant
| ---
| ---
|
|
|
|-
|-
Line 73: Line 86:
| TODO
| TODO
| TODO
| TODO
|
|
|
|-
|-
Line 78: Line 92:
| labweb servers in production public VLAN with public IPv4.
| labweb servers in production public VLAN with public IPv4.
| case 3
| case 3
|
|
|
|-
|-
Line 83: Line 98:
| LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 2
|
|
|
|-
|-
Line 89: Line 105:
| TODO
| TODO
| TODO
| TODO
|
|-
|-
! Gerrit
! Gerrit
| gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 2
|
|
|
|-
|-
Line 99: Line 117:
| case 2
| case 2
| Potential low-hanging fruit.
| Potential low-hanging fruit.
|
|-
|-
! kraz ([[IRCD]])
! kraz ([[IRCD]])
Line 104: Line 123:
|
|
| See https://phabricator.wikimedia.org/T280225
| See https://phabricator.wikimedia.org/T280225
|
|-
|-
! Maps NFS
! Maps NFS
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 2
|
|
|
|-
|-
Line 113: Line 134:
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 2
|
|
|
|-
|-
Line 119: Line 141:
|case 2
|case 2
|Dropping the NAT exception is challenging, many moving parts. See [[News/CloudVPS NAT wikis]] and https://phabricator.wikimedia.org/T209011
|Dropping the NAT exception is challenging, many moving parts. See [[News/CloudVPS NAT wikis]] and https://phabricator.wikimedia.org/T209011
|
|-
|-
!nova-fullstack
!nova-fullstack
Line 124: Line 147:
| ---
| ---
|See https://phabricator.wikimedia.org/T272587
|See https://phabricator.wikimedia.org/T272587
|
|-
|-
|- class="sortbottom"
|- class="sortbottom"
Line 130: Line 154:
! Predicted future model
! Predicted future model
! Comments
! Comments
! Level of effort
|}
|}



Revision as of 14:29, 20 May 2021

This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the Cross-Realm_traffic_guidelines.

What Current model Predicted future model Comments Level of effort
Cloud rec DNS cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. case 4
Cloud auth DNS cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. case 4
Toolforge project NFS labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 4
Toolforge home NFS labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 4
Misc project NFS labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 4
Dumps NFS Yes Done case 2 compliant --- Recently done, see https://phabricator.wikimedia.org/T272397
Metrics services cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 1
Wiki replicas case 2 compliant case 4 Might move to case 4 in next iteration
openstack APIs cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception. case 4
cloudelastic cluster (elasticsearch) Yes Done case 2 compliant cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: Help:CirrusSearch_elasticsearch_replicas.
cloud hypervisors (cloudvirt servers) Yes Done case 4 compliant ---
cloud network (cloudnet & cloudgw servers) Yes Done case 4 compliant ---
ceph storage farm TODO TODO
horizon labweb servers in production public VLAN with public IPv4. case 3
LDAP LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2
NFS backups cloudbackup servers in production private VLAN with private IPv4. TODO TODO
Gerrit gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2
APT repositories apt1001.wikimedia.org & apt1002.wikimedia.org & sodium.wikimedia.org, servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2 Potential low-hanging fruit.
kraz (IRCD) Yes Done case 2 compliant See https://phabricator.wikimedia.org/T280225
Maps NFS cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2
Scratch NFS cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2
main Wikis & API servers in production public VLAN with pulic IPv4. Cloud egress NAT exception. case 2 Dropping the NAT exception is challenging, many moving parts. See News/CloudVPS NAT wikis and https://phabricator.wikimedia.org/T209011
nova-fullstack Yes Done case 3 compliant --- See https://phabricator.wikimedia.org/T272587
What Current model Predicted future model Comments Level of effort

See also

Phabricator ticket T207536: Move various support services for Cloud VPS currently in prod into their own instances