#10159 Need to re-ip Fedora systems at ibiblio
Closed: Fixed 2 years ago by kevin. Opened 2 years ago by smooge.

Describe what you would like us to do:

From the Ibiblio netadmins:

We have documented a subset of what we call VLAN 322 for fedora use, and on the IPv6 side of things for that VLAN, we've been allocated a new permanent range to use. The VLAN has both the old IPv6 range and the new IPv6 range usable now, so there should be no impediment on the UNC-CH/ibiblio side to your moving at your pace from old to new.

OLD range
2610:28:3090:3001:dead:beef:ca::/104 NEW range
2600:2701:4000:5211:dead:beef:ca::/104 Notes
reserved for RH/fedoraproject

In an ideal world, we'd have a time estimate from you to effect the change and free up the old range to release it back. We don't have a specific timeline on our end, so please be generous with yourselves.
=== end of ticket

Systems affected:

ibiblio01.fedoraproject.org:download-ib01.fedoraproject.org:running:1
ibiblio01.fedoraproject.org:noc02.fedoraproject.org:running:1
ibiblio01.fedoraproject.org:proxy04.fedoraproject.org:running:1
ibiblio05.fedoraproject.org:ns02.fedoraproject.org:running:1
ibiblio05.fedoraproject.org:people02.fedoraproject.org:running:1
ibiblio05.fedoraproject.org:proxy12.fedoraproject.org:running:1
ibiblio05.fedoraproject.org:smtp-mm-ib01.fedoraproject.org:running:1
ibiblio05.fedoraproject.org:torrent02.fedoraproject.org:running:1
ibiblio05.fedoraproject.org:unbound-ib01.fedoraproject.org:running:1


When do you need this to be done by? (YYYY/MM/DD)

2021-10-31?



Metadata Update from @mohanboddu:
- Issue tagged with: medium-gain, medium-trouble, ops

2 years ago

Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)

2 years ago

I have a question about the range listed.
The new range listed is 2600:2701:4000:5211:dead:beef:ca::/104

However, from what I've gathered + subnet calculator, the actual range would be 2600:2701:4000:5211:dead:beef:0:0 to 2600:2701:4000:5211:dead:beef:00ff:ffff.

2600:2701:4000:5211:dead:beef:ca::/104 would be a node's address within the 2600:2701:4000:5211:dead:beef::/104 subnet.

Is 2600:2701:4000:5211:dead:beef::/104 the correct subnet?

per Kevin the "ca" is insignificant, so the subnet is 2600:2701:4000:5211:dead:beef::/104

One other question I forgot to ask: Is the gateway for that subnet 2600:2701:4000:5211:dead:beef::1?

per Kevin the "ca" is insignificant, so the subnet is 2600:2701:4000:5211:dead:beef::/104

One other question I forgot to ask: Is the gateway for that subnet 2600:2701:4000:5211:dead:beef::1?

@kevin
Here's what I propose for IP assignments. We still need to learn the gateway address.

Pinging each of these addresses from proxy04.fedoraproject.org received no replies, and grepping all of the files within /srv/git/dns on batcave01 for the string 2600:2701:4000:5211:dead:beef yielded no results. I think it's a reasonable assumption that these IPs are available.

download-ib01.fedoraproject.org
Current IPv6: 2610:28:3090:3001:dead:beef:cafe:fed6
New IPv6: 2600:2701:4000:5211:dead:beef:00fe:fed6

noc02.fedoraproject.org
Current IPv6: 2610:28:3090:3001:dead:beef:cafe:fed9
New IPv6: 2600:2701:4000:5211:dead:beef:00fe:fed9

proxy04.fedoraproject.org
Current IPv6: 2610:28:3090:3001:dead:beef:cafe:fed3
New IPv6: 2600:2701:4000:5211:dead:beef:00fe:fed3

ns02.fedoraproject.org
Current IPv6: 2610:28:3090:3001:dead:beef:cafe:fed5
New IPv6: 2600:2701:4000:5211:dead:beef:00fe:fed7

people02.fedoraproject.org
Current IPv6: 2610:28:3090:3001:5054:ff:fea7:9474
New IP v6: 2600:2701:4000:5211:dead:beef:00a7:9474

proxy12.fedoraproject.org
Current IPv6: 2610:28:3090:3001:5054:ff:feda:bbd8
New IPv6: 2600:2701:4000:5211:dead:beef:00da:bbd8

smtp-mm-ib01.fedoraproject.org
Current IPv6: 2610:28:3090:3001:5054:ff:fe58:5c17
New IPv6: 2600:2701:4000:5211:dead:beef:0058:5c17

torrent02.fedoraproject.org
Current IPv6: 2610:28:3090:3001:dead:beef:cafe:fed7
New IPv6: 2600:2701:4000:5211:dead:beef:00fe:fed7

unbound-ib01.fedoraproject.org
Current IPv6: none
New IPv6: 2600:2701:4000:5211:dead:beef:00fe:fed1

If this is acceptable, I'll start looking at everything that needs to be altered.

They didn't tell us anything about gateway. I've emailed asking.

Those assignments look good to me. :) We just need to sort out gateway and then hopefully you have what you need for a PR

New gateway confirmed to be: 2600:2701:4000:5211::1

Part of this task would include updating AAAA records for these hosts. Since unbound-ib01.fedoraproject.org does not already have an IPv6 configuration in Ansible, i would be creating an AAAA record for it.

These hosts currently have IPv6 configurations that need to be updated, but do not have existing AAAA records, so I shall create records for

people02.fedoraproject.org
proxy12.fedoraproject.org
smtp-mm-ib01.fedoraproject.org

Yeah, we should go ahead and add AAAA records/settings for those as well.

DNS changes needed to completement PR 816.

Changes to fedoraproject.org.template

Line 425:
download-ib01 IN AAAA 2600:2701:4000:5211:dead:beef:00fe:fed6

Line 543:
noc02 IN AAAA 2600:2701:4000:5211:dead:beef:00fe:fed9

Line 549:
ns02 IN AAAA 2600:2701:4000:5211:dead:beef:00fe:fed7

Line 551:
ns2 IN AAAA 2600:2701:4000:5211:dead:beef:00fe:fed7

Line 619:
proxy04 IN AAAA 2600:2701:4000:5211:dead:beef:00fe:fed3

Line 783:
torrent02 IN AAAA 2600:2701:4000:5211:dead:beef:00fe:fed7

Insert after Line 597:
people02 IN AAAA 2600:2701:4000:5211:dead:beef:00a7:9474

Insert after Line 633:
proxy12 IN AAAA 2600:2701:4000:5211:dead:beef:00da:bbd8

Insert after Line 751:
smtp-mm-ib01 IN AAAA 2600:2701:4000:5211:dead:beef:0058:5c17

Insert after Line 788:
unbound-ib01 IN AAAA 2600:2701:4000:5211:dead:beef:00fe:fed1

While researching another ticket, I noticed that some of the contents of fedoraproject.org.cfg may need updating for proxy04. I did not see IPv6 configurations for proxy12 in the document.

Adding unfreeze here.

Metadata Update from @kevin:
- Issue tagged with: unfreeze

2 years ago

ok, this should now be done.

Might take a bit for dns to filter out, but everything should be on the new ips now.

Thanks for the PR and dns patch!

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog