Opened 6 months ago

Closed 4 months ago

#33914 closed task (fixed)

migrate weissii to the ganeti cluster

Reported by: anarcat Owned by: weasel
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords: tpa-roadmap-may
Cc: Actual Points:
Parent ID: #32802 Points:
Reviewer: Sponsor:

Description

this is going to be fun. no idea if we can run a windows build box under Ganeti/KVM/DRBD. but we need to migrate this off of kvm4 to retire it, so let's try.

Child Tickets

Change History (7)

comment:1 Changed 5 months ago by anarcat

some details on the windows stuff:

08:08:51 <weasel> anarcat: I don't think I have ever tried windows on ganeti.  It ought to work, I guess.  We may want to make sure we get some graphical console stuff working for it.
08:09:24 <weasel> anarcat: also, rouyi has some private address that it uses to talk to the windows VM which also only is on a private (rfc1918) address.
08:12:00 <weasel> anarcat: we might want to give windows a public IP address, or we get a new vswitch with 1918 address space and we NAT on one of the metals (or even a VM if we think it is sufficiently important)

TL;DR:

  • needs VNC
  • needs to talk with rouyi in a RFC1918 VLAN somehow

comment:2 Changed 5 months ago by anarcat

Keywords: tpa-roadmap-may added; tpa-roadmap-april removed

comment:3 Changed 5 months ago by anarcat

Owner: changed from tpa to anarcat
Status: newassigned

comment:4 Changed 4 months ago by weasel

Resolution: fixed
Status: assignedclosed

I have migrated weissii to the ganeti cluster.

As weissii should not be on the public internet, this involved a few network related things.

  • We have a new (hetzner) vswitch, exposed as vlan 4002. This is a private/internal network that carries rfc1918 traffic between instances, also accross nodes. It is known to ganeti as gnt-fsn-int30-137.
  • Weissii is exclusively on that network.
  • Rouyi is on that network on a secondary network interface (eth1).
  • weissii needs to access the internet, both for security updates and git fetch git etc. For thus purpose I set up a tiny VM, nat-fsn-01.torproject.org, that serves as a nat gw between gnt-fsn-int30-137 and the internet. It is fully configured via puppet, no manual local configuration. It also does DNS for hosts on the internal network.

comment:5 Changed 4 months ago by anarcat

Resolution: fixed
Status: closedreopened

reassigning to weasel, who did all that work

comment:6 Changed 4 months ago by anarcat

Owner: changed from anarcat to weasel
Status: reopenedassigned

comment:7 Changed 4 months ago by anarcat

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.