You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org
Portal:Cloud VPS/Admin/notes/Service predictions for cross realm situation: Difference between revisions
< Portal:Cloud VPS | Admin
Jump to navigation
Jump to search
imported>Arturo Borrero Gonzalez (add LDAP) |
imported>Arturo Borrero Gonzalez (add phab ticket for APT repositories) |
||
| (10 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the [[Cross-Realm_traffic_guidelines]]. | This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the [[Cross-Realm_traffic_guidelines]]. | ||
| Line 9: | Line 7: | ||
! Predicted future model | ! Predicted future model | ||
! Comments | ! Comments | ||
! Level of effort | |||
|- | |- | ||
! Cloud rec DNS | ! Cloud rec DNS | ||
| Line 14: | Line 13: | ||
| case 4 | | case 4 | ||
| | | | ||
|Medium | |||
|- | |- | ||
! Cloud auth DNS | ! Cloud auth DNS | ||
| Line 19: | Line 19: | ||
| case 4 | | case 4 | ||
| | | | ||
|Medium | |||
|- | |- | ||
! Toolforge project NFS | ! Toolforge project NFS | ||
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | ||
| case | | case 1 | ||
| | | See [[phab:T291405]] | ||
|High | |||
|- | |- | ||
! Toolforge home NFS | ! Toolforge home NFS | ||
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | ||
| case | | case 1 | ||
| | | See [[phab:T291405]] | ||
|High | |||
|- | |- | ||
! | ! Misc project NFS | ||
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | ||
| case | | case 1 | ||
| | | See [[phab:T291405]] | ||
|High | |||
|- | |- | ||
! Dumps NFS | ! Dumps NFS | ||
| Line 39: | Line 43: | ||
| --- | | --- | ||
| Recently done, see https://phabricator.wikimedia.org/T272397 | | Recently done, see https://phabricator.wikimedia.org/T272397 | ||
| --- | |||
|- | |- | ||
! Metrics services | ! Metrics services | ||
| Line 44: | Line 49: | ||
| case 1 | | case 1 | ||
| | | | ||
|Medium | |||
|- | |- | ||
! Wiki replicas | ! Wiki replicas | ||
| case 2 compliant | | {{done}} case 2 compliant | ||
| case 4 | | case 4 | ||
| Might move to case 4 in next iteration | | Might move to case 4 in next iteration | ||
| --- | |||
|- | |- | ||
! openstack APIs | ! openstack APIs | ||
| Line 54: | Line 61: | ||
| case 4 | | case 4 | ||
| | | | ||
|Medium | |||
|- | |- | ||
! | ! cloudelastic cluster (elasticsearch) | ||
| | | {{done}} case 2 compliant | ||
| | | | ||
| | | cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: [[Help:CirrusSearch_elasticsearch_replicas]]. | ||
| --- | |||
|- | |- | ||
! cloud hypervisors (cloudvirt servers) | ! cloud hypervisors (cloudvirt servers) | ||
| Line 64: | Line 73: | ||
| --- | | --- | ||
| | | | ||
| --- | |||
|- | |- | ||
! cloud network (cloudnet & cloudgw servers) | ! cloud network (cloudnet & cloudgw servers) | ||
| Line 69: | Line 79: | ||
| --- | | --- | ||
| | | | ||
| --- | |||
|- | |- | ||
! ceph storage farm | ! ceph storage farm | ||
| Line 74: | Line 85: | ||
| TODO | | TODO | ||
| | | | ||
|TODO | |||
|- | |- | ||
! horizon | ! horizon | ||
| Line 79: | Line 91: | ||
| case 3 | | case 3 | ||
| | | | ||
|Low | |||
|- | |- | ||
! LDAP | ! LDAP | ||
| Line 84: | Line 97: | ||
| case 2 | | case 2 | ||
| | | | ||
|Low | |||
|- | |||
! NFS backups | |||
| cloudbackup servers in production private VLAN with private IPv4. | |||
| TODO | |||
| TODO | |||
|High | |||
|- | |||
! Gerrit | |||
| gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception. | |||
| case 2 | |||
|Leave until deprecation by Gitlab? | |||
|Low | |||
|- | |||
! APT repositories | |||
| apt1001.wikimedia.org & apt1002.wikimedia.org & sodium.wikimedia.org, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | |||
| case 2 | |||
| Potential low-hanging fruit. See https://phabricator.wikimedia.org/T298042 | |||
|Low | |||
|- | |||
! kraz ([[IRCD]]) | |||
| {{done}} case 2 compliant | |||
| | |||
| See https://phabricator.wikimedia.org/T280225 | |||
| --- | |||
|- | |||
! Maps NFS | |||
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | |||
| case 1 | |||
| See [[phab:T291405]] | |||
|Medium | |||
|- | |||
! Scratch NFS | |||
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | |||
| case 1 | |||
| See [[phab:T291405]] | |||
|Medium | |||
|- | |||
!main Wikis & API | |||
|servers in production public VLAN with pulic IPv4. Cloud egress NAT exception. | |||
|case 2 | |||
|Dropping the NAT exception is challenging, many moving parts. See [[News/CloudVPS NAT wikis]] and https://phabricator.wikimedia.org/T209011 | |||
|High | |||
|- | |||
!nova-fullstack | |||
|{{Done}} case 3 compliant | |||
| --- | |||
|See https://phabricator.wikimedia.org/T272587 | |||
| --- | |||
|- | |- | ||
|- class="sortbottom" | |- class="sortbottom" | ||
| Line 90: | Line 152: | ||
! Predicted future model | ! Predicted future model | ||
! Comments | ! Comments | ||
! Level of effort | |||
|} | |} | ||
Latest revision as of 17:55, 20 December 2021
This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the Cross-Realm_traffic_guidelines.
| What | Current model | Predicted future model | Comments | Level of effort |
|---|---|---|---|---|
| Cloud rec DNS | cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | case 4 | Medium | |
| Cloud auth DNS | cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | case 4 | Medium | |
| Toolforge project NFS | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 1 | See phab:T291405 | High |
| Toolforge home NFS | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 1 | See phab:T291405 | High |
| Misc project NFS | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 1 | See phab:T291405 | High |
| Dumps NFS |  Done case 2 compliant
|
--- | Recently done, see https://phabricator.wikimedia.org/T272397 | --- |
| Metrics services | cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 1 | Medium | |
| Wiki replicas | Done case 2 compliant
|
case 4 | Might move to case 4 in next iteration | --- |
| openstack APIs | cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception. | case 4 | Medium | |
| cloudelastic cluster (elasticsearch) | Done case 2 compliant
|
cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: Help:CirrusSearch_elasticsearch_replicas. | --- | |
| cloud hypervisors (cloudvirt servers) | Done case 4 compliant
|
--- | --- | |
| cloud network (cloudnet & cloudgw servers) | Done case 4 compliant
|
--- | --- | |
| ceph storage farm | TODO | TODO | TODO | |
| horizon | labweb servers in production public VLAN with public IPv4. | case 3 | Low | |
| LDAP | LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | Low | |
| NFS backups | cloudbackup servers in production private VLAN with private IPv4. | TODO | TODO | High |
| Gerrit | gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | Leave until deprecation by Gitlab? | Low |
| APT repositories | apt1001.wikimedia.org & apt1002.wikimedia.org & sodium.wikimedia.org, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | Potential low-hanging fruit. See https://phabricator.wikimedia.org/T298042 | Low |
| kraz (IRCD) | Done case 2 compliant
|
See https://phabricator.wikimedia.org/T280225 | --- | |
| Maps NFS | cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 1 | See phab:T291405 | Medium |
| Scratch NFS | cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 1 | See phab:T291405 | Medium |
| main Wikis & API | servers in production public VLAN with pulic IPv4. Cloud egress NAT exception. | case 2 | Dropping the NAT exception is challenging, many moving parts. See News/CloudVPS NAT wikis and https://phabricator.wikimedia.org/T209011 | High |
| nova-fullstack | Done case 3 compliant
|
--- | See https://phabricator.wikimedia.org/T272587 | --- |
| What | Current model | Predicted future model | Comments | Level of effort |