#5305 Move s390 koji/DB to new secondary vlan
Closed: Fixed 6 years ago Opened 7 years ago by pbrobinson.

This will take quite a bit of coordination due to firewall changes so there's no rush but filing this ticket so we can track it.

{{{
s390-koji01 IN A 10.5.129.244
db-s390-koji01 IN A 10.5.129.245
}}}

So for internal firewall changes I'd like the s390 IP range to have the following:
{{{
lockbox -> builders (port 22) for ansible (not sure if any other ports needed
builders -> s390-koji01 (port 80/443) for koji building
builders -> primary koji01 (port 80/443) for potential s390 builders on primary
FAS and 2FA ports
(other ports I might have missed)
}}}

Basically I'd like the same functionality we have for the other builders.

Then once we have that in place to move the koji instance over.


I expect we will need to have an openvpn connection also to the hosts involved.

Well, the hub/db/lockbox are all local in phx2, so no vpn is needed.

We will need to sort out what things are in place to make the builders reachable from phx2 and migrate that from the old ip to the new ips... or figure out a better way to do things.

I'm working on the very first part of this: moving the hub/db to the s390 vlan.

Once thats done we will work on the rest to prep for moving to primary koji.

:clock830:

This should actually finally be all done.

:space_invader:

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Login to comment on this ticket.

Metadata