You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org
Portal:Cloud VPS/Admin/notes/Service predictions for cross realm situation: Difference between revisions
< Portal:Cloud VPS | Admin
Jump to navigation
Jump to search
imported>Arturo Borrero Gonzalez (mention nova-fullstack) |
imported>Arturo Borrero Gonzalez (add level of effort column) |
||
| Line 9: | Line 9: | ||
! Predicted future model | ! Predicted future model | ||
! Comments | ! Comments | ||
! Level of effort | |||
|- | |- | ||
! Cloud rec DNS | ! Cloud rec DNS | ||
| cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | | cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | ||
| case 4 | | case 4 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 18: | Line 20: | ||
| cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | | cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | ||
| case 4 | | case 4 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 23: | Line 26: | ||
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | ||
| case 4 | | case 4 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 28: | Line 32: | ||
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | ||
| case 4 | | case 4 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 33: | Line 38: | ||
| labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | ||
| case 4 | | case 4 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 39: | Line 45: | ||
| --- | | --- | ||
| Recently done, see https://phabricator.wikimedia.org/T272397 | | Recently done, see https://phabricator.wikimedia.org/T272397 | ||
| | |||
|- | |- | ||
! Metrics services | ! Metrics services | ||
| cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | | cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | ||
| case 1 | | case 1 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 49: | Line 57: | ||
| case 4 | | case 4 | ||
| Might move to case 4 in next iteration | | Might move to case 4 in next iteration | ||
| | |||
|- | |- | ||
! openstack APIs | ! openstack APIs | ||
| cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception. | | cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception. | ||
| case 4 | | case 4 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 59: | Line 69: | ||
| | | | ||
| cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: [[Help:CirrusSearch_elasticsearch_replicas]]. | | cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: [[Help:CirrusSearch_elasticsearch_replicas]]. | ||
| | |||
|- | |- | ||
! cloud hypervisors (cloudvirt servers) | ! cloud hypervisors (cloudvirt servers) | ||
| {{done}} case 4 compliant | | {{done}} case 4 compliant | ||
| --- | | --- | ||
| | |||
| | | | ||
|- | |- | ||
| Line 68: | Line 80: | ||
| {{done}} case 4 compliant | | {{done}} case 4 compliant | ||
| --- | | --- | ||
| | |||
| | | | ||
|- | |- | ||
| Line 73: | Line 86: | ||
| TODO | | TODO | ||
| TODO | | TODO | ||
| | |||
| | | | ||
|- | |- | ||
| Line 78: | Line 92: | ||
| labweb servers in production public VLAN with public IPv4. | | labweb servers in production public VLAN with public IPv4. | ||
| case 3 | | case 3 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 83: | Line 98: | ||
| LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception. | | LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception. | ||
| case 2 | | case 2 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 89: | Line 105: | ||
| TODO | | TODO | ||
| TODO | | TODO | ||
| | |||
|- | |- | ||
! Gerrit | ! Gerrit | ||
| gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception. | | gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception. | ||
| case 2 | | case 2 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 99: | Line 117: | ||
| case 2 | | case 2 | ||
| Potential low-hanging fruit. | | Potential low-hanging fruit. | ||
| | |||
|- | |- | ||
! kraz ([[IRCD]]) | ! kraz ([[IRCD]]) | ||
| Line 104: | Line 123: | ||
| | | | ||
| See https://phabricator.wikimedia.org/T280225 | | See https://phabricator.wikimedia.org/T280225 | ||
| | |||
|- | |- | ||
! Maps NFS | ! Maps NFS | ||
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | | cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | ||
| case 2 | | case 2 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 113: | Line 134: | ||
| cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | | cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | ||
| case 2 | | case 2 | ||
| | |||
| | | | ||
|- | |- | ||
| Line 119: | Line 141: | ||
|case 2 | |case 2 | ||
|Dropping the NAT exception is challenging, many moving parts. See [[News/CloudVPS NAT wikis]] and https://phabricator.wikimedia.org/T209011 | |Dropping the NAT exception is challenging, many moving parts. See [[News/CloudVPS NAT wikis]] and https://phabricator.wikimedia.org/T209011 | ||
| | |||
|- | |- | ||
!nova-fullstack | !nova-fullstack | ||
| Line 124: | Line 147: | ||
| --- | | --- | ||
|See https://phabricator.wikimedia.org/T272587 | |See https://phabricator.wikimedia.org/T272587 | ||
| | |||
|- | |- | ||
|- class="sortbottom" | |- class="sortbottom" | ||
| Line 130: | Line 154: | ||
! Predicted future model | ! Predicted future model | ||
! Comments | ! Comments | ||
! Level of effort | |||
|} | |} | ||
Revision as of 14:29, 20 May 2021
 | This page is currently a draft. More information and discussion about changes to this draft on the talk page. |
This page contains information and some predictions on how cloud-related services will go when we migrate them for compliance with the Cross-Realm_traffic_guidelines.
| What | Current model | Predicted future model | Comments | Level of effort |
|---|---|---|---|---|
| Cloud rec DNS | cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | case 4 | ||
| Cloud auth DNS | cloudservices servers in cloud-support production VLAN, with public IPv4. Cloud egress NAT exception. | case 4 | ||
| Toolforge project NFS | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 4 | ||
| Toolforge home NFS | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 4 | ||
| Misc project NFS | labstore servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 4 | ||
| Dumps NFS |  Done case 2 compliant
|
--- | Recently done, see https://phabricator.wikimedia.org/T272397 | |
| Metrics services | cloudmetrics servers in cloud-support production VLAN, with private IPv4. Cloud egress NAT exception. | case 1 | ||
| Wiki replicas | case 2 compliant | case 4 | Might move to case 4 in next iteration | |
| openstack APIs | cloudcontrol servers in production public VLAN, with public IPv4. Cloud egress NAT exception. | case 4 | ||
| cloudelastic cluster (elasticsearch) | Done case 2 compliant
|
cloudelastic servers in production public VLAN, with public IPv4. No cloud egress NAT exception. RO access from cloud using local firewalling in cloudelastic servers. More info: Help:CirrusSearch_elasticsearch_replicas. | ||
| cloud hypervisors (cloudvirt servers) | Done case 4 compliant
|
--- | ||
| cloud network (cloudnet & cloudgw servers) | Done case 4 compliant
|
--- | ||
| ceph storage farm | TODO | TODO | ||
| horizon | labweb servers in production public VLAN with public IPv4. | case 3 | ||
| LDAP | LDAP servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | ||
| NFS backups | cloudbackup servers in production private VLAN with private IPv4. | TODO | TODO | |
| Gerrit | gerrit.wikimedia.org & gerrit-replica.wikimedia.org servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | ||
| APT repositories | apt1001.wikimedia.org & apt1002.wikimedia.org & sodium.wikimedia.org, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | Potential low-hanging fruit. | |
| kraz (IRCD) | Done case 2 compliant
|
See https://phabricator.wikimedia.org/T280225 | ||
| Maps NFS | cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | ||
| Scratch NFS | cloudstore1008/cloudstore1009, servers in production public VLAN with public IPv4. Cloud egress NAT exception. | case 2 | ||
| main Wikis & API | servers in production public VLAN with pulic IPv4. Cloud egress NAT exception. | case 2 | Dropping the NAT exception is challenging, many moving parts. See News/CloudVPS NAT wikis and https://phabricator.wikimedia.org/T209011 | |
| nova-fullstack | Done case 3 compliant
|
--- | See https://phabricator.wikimedia.org/T272587 | |
| What | Current model | Predicted future model | Comments | Level of effort |