You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Portal:Cloud VPS/Admin/notes/Service predictions for cross realm situation: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Arturo Borrero Gonzalez
(refresh kraz entry again)
imported>Arturo Borrero Gonzalez
(add phab ticket for APT repositories)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{draft}}
This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the [[Cross-Realm_traffic_guidelines]].
This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the [[Cross-Realm_traffic_guidelines]].


Line 9: Line 7:
! Predicted future model
! Predicted future model
! Comments
! Comments
! Level of effort
|-
|-
! Cloud rec DNS
! Cloud rec DNS
Line 14: Line 13:
| case 4
| case 4
|
|
|Medium
|-
|-
! Cloud auth DNS
! Cloud auth DNS
Line 19: Line 19:
| case 4
| case 4
|
|
|Medium
|-
|-
! Toolforge project NFS
! Toolforge project NFS
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| case 4
| case 1
|
| See [[phab:T291405]]
|High
|-
|-
! Toolforge home NFS
! Toolforge home NFS
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| case 4
| case 1
|
| See [[phab:T291405]]
|High
|-
|-
! Misc project NFS
! Misc project NFS
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception.
| case 4
| case 1
|
| See [[phab:T291405]]
|High
|-
|-
! Dumps NFS
! Dumps NFS
Line 39: Line 43:
| ---
| ---
| Recently done, see https://phabricator.wikimedia.org/T272397
| Recently done, see https://phabricator.wikimedia.org/T272397
| ---
|-
|-
! Metrics services
! Metrics services
Line 44: Line 49:
| case 1
| case 1
|
|
|Medium
|-
|-
! Wiki replicas
! Wiki replicas
| case 2 compliant
| {{done}} case 2 compliant
| case 4
| case 4
| Might move to case 4 in next iteration
| Might move to case 4 in next iteration
| ---
|-
|-
! openstack APIs
! openstack APIs
Line 54: Line 61:
| case 4
| case 4
|
|
|Medium
|-
|-
! cloudelastic cluster (elasticsearch)
! cloudelastic cluster (elasticsearch)
Line 59: Line 67:
|  
|  
| cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: [[Help:CirrusSearch_elasticsearch_replicas]].
| cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: [[Help:CirrusSearch_elasticsearch_replicas]].
| ---
|-
|-
! cloud hypervisors (cloudvirt servers)
! cloud hypervisors (cloudvirt servers)
Line 64: Line 73:
| ---
| ---
|
|
| ---
|-
|-
! cloud network (cloudnet & cloudgw servers)
! cloud network (cloudnet & cloudgw servers)
Line 69: Line 79:
| ---
| ---
|
|
| ---
|-
|-
! ceph storage farm
! ceph storage farm
Line 74: Line 85:
| TODO
| TODO
|
|
|TODO
|-
|-
! horizon
! horizon
Line 79: Line 91:
| case 3
| case 3
|
|
|Low
|-
|-
! LDAP
! LDAP
Line 84: Line 97:
| case 2
| case 2
|
|
|Low
|-
|-
! NFS backups
! NFS backups
Line 89: Line 103:
| TODO
| TODO
| TODO
| TODO
|High
|-
|-
! Gerrit
! Gerrit
| gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 2
|
|Leave until deprecation by Gitlab?
|Low
|-
|-
! APT repositories
! APT repositories
| apt1001.wikimedia.org & apt1002.wikimedia.org & sodium.wikimedia.org, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| apt1001.wikimedia.org & apt1002.wikimedia.org & sodium.wikimedia.org, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 2
| Potential low-hanging fruit.
| Potential low-hanging fruit. See https://phabricator.wikimedia.org/T298042
|Low
|-
|-
! kraz ([[IRCD]])
! kraz ([[IRCD]])
Line 104: Line 121:
|
|
| See https://phabricator.wikimedia.org/T280225
| See https://phabricator.wikimedia.org/T280225
| ---
|-
|-
! Maps NFS
! Maps NFS
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 1
|
| See [[phab:T291405]]
|Medium
|-
|-
! Scratch NFS
! Scratch NFS
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception.
| case 2
| case 1
|
| See [[phab:T291405]]
|Medium
|-
|-
!main Wikis & API
!main Wikis & API
Line 119: Line 139:
|case 2
|case 2
|Dropping the NAT exception is challenging, many moving parts. See [[News/CloudVPS NAT wikis]] and https://phabricator.wikimedia.org/T209011
|Dropping the NAT exception is challenging, many moving parts. See [[News/CloudVPS NAT wikis]] and https://phabricator.wikimedia.org/T209011
|High
|-
!nova-fullstack
|{{Done}} case 3 compliant
| ---
|See https://phabricator.wikimedia.org/T272587
| ---
|-
|-
|- class="sortbottom"
|- class="sortbottom"
Line 125: Line 152:
! Predicted future model
! Predicted future model
! Comments
! Comments
! Level of effort
|}
|}



Latest revision as of 17:55, 20 December 2021

This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the Cross-Realm_traffic_guidelines.

What Current model Predicted future model Comments Level of effort
Cloud rec DNS cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. case 4 Medium
Cloud auth DNS cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. case 4 Medium
Toolforge project NFS labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 1 See phab:T291405 High
Toolforge home NFS labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 1 See phab:T291405 High
Misc project NFS labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 1 See phab:T291405 High
Dumps NFS Yes Done case 2 compliant --- Recently done, see https://phabricator.wikimedia.org/T272397 ---
Metrics services cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. case 1 Medium
Wiki replicas Yes Done case 2 compliant case 4 Might move to case 4 in next iteration ---
openstack APIs cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception. case 4 Medium
cloudelastic cluster (elasticsearch) Yes Done case 2 compliant cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: Help:CirrusSearch_elasticsearch_replicas. ---
cloud hypervisors (cloudvirt servers) Yes Done case 4 compliant --- ---
cloud network (cloudnet & cloudgw servers) Yes Done case 4 compliant --- ---
ceph storage farm TODO TODO TODO
horizon labweb servers in production public VLAN with public IPv4. case 3 Low
LDAP LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2 Low
NFS backups cloudbackup servers in production private VLAN with private IPv4. TODO TODO High
Gerrit gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2 Leave until deprecation by Gitlab? Low
APT repositories apt1001.wikimedia.org & apt1002.wikimedia.org & sodium.wikimedia.org, servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 2 Potential low-hanging fruit. See https://phabricator.wikimedia.org/T298042 Low
kraz (IRCD) Yes Done case 2 compliant See https://phabricator.wikimedia.org/T280225 ---
Maps NFS cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 1 See phab:T291405 Medium
Scratch NFS cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. case 1 See phab:T291405 Medium
main Wikis & API servers in production public VLAN with pulic IPv4. Cloud egress NAT exception. case 2 Dropping the NAT exception is challenging, many moving parts. See News/CloudVPS NAT wikis and https://phabricator.wikimedia.org/T209011 High
nova-fullstack Yes Done case 3 compliant --- See https://phabricator.wikimedia.org/T272587 ---
What Current model Predicted future model Comments Level of effort

See also

Phabricator ticket T207536: Move various support services for Cloud VPS currently in prod into their own instances