#9037 Make additional aws proxies in various regions
Closed: Fixed 3 months ago by kevin. Opened 7 months ago by smooge.

Describe what you would like us to do:

Currently Fedora has 2 proxies in APAC (proxy30/31) but i would like to get an additional setup in for some in Southern Asian, Europe, South America and Africa. Each server is currently setup like any other proxy with it being built from scratch from kickstarts and copied data. This was done as a 'aaaaah no time aaaaah' fix and probably needs to be relooked at. The goal is to allow good proxy coverage and possibly cdn front end coverage of specific downloads in each region to allow easier use by people.

When do you need this to be done by? (YYYY/MM/DD)

Metadata Update from @kevin:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: aws, groomed, medium-gain, medium-trouble

7 months ago

I am currently writing some ansible to spin up instances in a number of regions for this. I should hopefully have the PR in later today or tomorrow. Then we can run the already established playbooks you have mentioned against each of the new instances.

Managing the instances from ansible will mean we have to use a token/infra user, but we can do that I suppose.

I can do manually if you like. I just thought it may be easier for future maintenance?

I have manually created a server in frankfurt. What is the process here with running playbooks?

Do I add the IP temporarily in the hosts file or do I create a ticket for the DNS first and then wait for that to be set up before running them?


Wait for dns... or we can add you to do dns as well if you like.

We do not want ip's in our ansible repo... they are confusing. :)

[smooge@batcave01 fi-repo][PROD-IAD2]$ host proxy31.fedoraproject.org
proxy31.fedoraproject.org has address
proxy31.fedoraproject.org has IPv6 address 2406:da12:0:c10:92a3:5a6e:221b:f9eb
[smooge@batcave01 fi-repo][PROD-IAD2]$ host proxy32.fedoraproject.org
proxy32.fedoraproject.org has address
[smooge@batcave01 fi-repo][PROD-IAD2]$ host proxy32.aws.fedoraproject.org
proxy32.aws.fedoraproject.org has address

Thanks smooge. I don't appear to have permissions to run the proxies ansiible playbook to provision the server

Proxy32 has been created in Europe(Frankfurt)

I will do multiple in one go on the next run to speed things up a bit. Do we just want 1 per region? Or is 2 the goal?

I tried to create an instance is South America for this and got refused with the below error

You are not authorized to perform this operation. Encoded authorization failure message: JMBrN_B6AmBLmuWXN-bAtfG3rT_O4kK7W09BlYhdAOGF6veXqSA_81GQf6JPuMU3P1JlMq7DBNJrwLDI3brs69zQqzpzM5cWsGnLDHZ30u0Pr47__9VjwUf-EBq5gPLuICkXLi33LXqW0PbxbMdtPMgUvxOvm9cemaSdqOO0LV_L7uR7E0gbnHoU9aCW2CnfSR-E1hwRXNiF-MU5qsP5S597iuwBMmYCM5Ju48a3r66UbVpcI82Z-_eGzmzwdU10XtzGirax4GKoS1HWhOw01H1lfqWzNZSRfskqG6MbYhQ5_ZoHCoxTGBSthUYtgVhMYOEKjN8Z3beYvUbhxWJvqJxhjo_DcSP7znXChLOq-jyjbij2VHhh9QS21XMipcYW5_I0OKmaegUoXYgs3ZJAeAIHHjWVJHoetu2lGHwyYabDUa8CacXyiIP5Jr9wSAWkenafKHfrYAvrIv2d3ugLmiunZVPWSKgl2b_Wp3ISncQ_wWyES1Al63S3P-w8rcDR3bvMIqxwIDIA1zeI_H8cfrYIvfnj8SwajTLqqOTitRwdTG79cMVx3RZYgtPozAbGN1J6tKQpFx7UD5CrweKRS0l94xidGIR-SuEG3c-T

Metadata Update from @mobrien:
- Issue assigned to mobrien

5 months ago

@smooge recommends to set up 2 more proxies in amazon for EU and 2 more in APAC as well as one more each in SA and AFR.

The SA zone is going to need a bunch of NA links and the AFR one will need to go to EU to provide resilience. This will be covered in #9256

Metadata Update from @mobrien:
- Issue tagged with: ops

4 months ago

In AWS there are now 11 proxies as listed below, all the boxes are up and running and passing nagios checks. Some are not in use yet and just needed to be added to dns which will be done tomorrow.

There also needs to be a South America proxy region added which I will also do tomorrow


  • sinagpore x2
  • seoul
  • mumbai


  • frankfurt x2
  • london


  • capetown x2


  • sao paulo x2

So I think this is done now?

@smooge anything else to do here?

I'm gonna close it, reopen if I missed that we still have things to do.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 months ago

Login to comment on this ticket.

Boards 1
ops Status: Done