Per internal discussion with @bstinson , we'll probably have to move vault.centos.org behind cloudfront setup. While discussion is happening internally, I just create a ticket here for infra and releng team and so for team awareness
Metadata Update from @zlopez: - Issue tagged with: medium-gain, medium-trouble
It would need some managers approval due to potential high impact on budget and relation with AWS so closing as invalid for now and to be reopen by requestor with managers approval for risk mitigation
Metadata Update from @arrfab: - Issue close_status updated to: Insufficient Data - Issue status updated to: Closed (was: Open)
Metadata Update from @arrfab: - Issue status updated to: Open (was: Closed)
Metadata Update from @arrfab: - Issue assigned to arrfab
Metadata Update from @arrfab: - Issue tagged with: centos-common-infra
Hi. My name is Anna. I am the manager of the Convert2RHEL team. I will collaborate with my director to procure the required budget. Currently trying to estimate the required budget so that we can correctly formulate the request. Just wanted to let you know that I know you need managerial approval and that I am working on it.
Metadata Update from @arrfab: - Issue private status set to: True
Thanks it was discussed internally and we'll see how to work on it in the next days, with a potential plan to mitigate the bandwidth consumption, as last month it (with restrictions in place) sent out ~600TiB of data.
Metadata Update from @arrfab: - Issue private status set to: False (was: True)
I have a plan, and started to work on it in parallel of the existing (and now working fine since last wednesday evening, since we mitigated the DDoS/attack on it) vault.centos.org setup, and we should be able to redirect to cloudfront setup next week (as kind of quick update)
vault.centos.org should currently be working as expected as there was a firewall update to block the IP range that was ddosing us.
We will now implement a cloudfront solution to avoid this issue in future cases. This should be in place on Monday
current status :
vault.centos.org
https://vault.centos.org is so still "live" on existing infra but will be switched to cloudfront next monday, and the rest of the nodes being reconfigured by ansible as additional origin nodes in a new cloudfront origin group (to ensure redundancy)
https://vault.centos.org is now live on cloudfront/AWS and with now 3 origin nodes used in an origin group (redudancy)
Metadata Update from @arrfab: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.