Hi,
I'm trying to set up a Docker/Kubernetes/Atomic cluster in VMs on atomic01.qa to prototype out some alt.fp.org rel-eng work - using RHEL7 Atomic, but not being able to access subscription.rhn.redhat.com or registry.access.redhat.com is a pain.
Is there a reason this is being blocked?
In the more medium term I'd like to use some of the resources from the new OpenStack cloud, potentially returning this machine to the pool for other work.
In general for Fedora infra machines, it looks like the RHEL installations are configured to use a local mirror, and aren't subscribed, right? If we go down that path, can we set up a mirror of the Docker registry and the Atomic Host ostree repo? The former is a bit tricky, the latter is a two line shell script that would need to be cron job'd somewhere.
On Fri, 24 Apr 2015 11:26:57 -0400 Colin Walters walters@verbum.org wrote:
Hi,
I'm trying to set up a Docker/Kubernetes/Atomic cluster in VMs on atomic01.qa to prototype out some alt.fp.org rel-eng work - using RHEL7 Atomic, but not being able to access subscription.rhn.redhat.com or registry.access.redhat.com is a pain.
Is there a reason this is being blocked?
Yes. We ideally want Fedora internal infrastructure to be completely seperate from Red Hat internal infrastructure. Right now there's some few things we do have to have cross over that bridge (netapp storage mostly), but ideally we will get to a world were there is 0 connection.
So, can you try and get those things via external? ie, instead of using an internal ip and trying to cross that great firewall, use external IPs and access like any other customer?
In the more medium term I'd like to use some of the resources from the new OpenStack cloud, potentially returning this machine to the pool for other work.
Cool. I really hope we have the new cloud done and ready to use soon.
Msuchy was pulled away on other things this week, but should be working on it next week again.
Note that the fedora infra private cloud already is completely disconnected from any RH internal net (and any Fedora Internal net too). It's just it's own thing on it's own switch going directly to external.
In general for Fedora infra machines, it looks like the RHEL installations are configured to use a local mirror, and aren't subscribed, right?
Correct. We use the same internal repos we use for EPEL building.
If we go down that path, can we set up a mirror of the Docker registry and the Atomic Host ostree repo? The former is a bit tricky, the latter is a two line shell script that would need to be cron job'd somewhere.
We could look at doing that if it's needed, sure.
kevin
On Fri, Apr 24, 2015, at 12:14 PM, Kevin Fenzi wrote:
So, can you try and get those things via external? ie, instead of using an internal ip and trying to cross that great firewall, use external IPs and access like any other customer?
Ah I see, the DNS is shared right now. I think I found this out before but the knowledge cycled out of my brain.
So...what you're suggesting is basically change /etc/hosts on each machine to have 209.132.182.63 registry.access.redhat.com etc?
Oooh wait...there's a far simpler solution - just use a public nameserver like 8.8.8.8 right? I see some references to that in the current Ansible playbooks.
Indeed that works. I'll get that into my Ansible code now.
We could look at doing that if it's needed, sure.
Medium term it'd certainly be nice if more of infrastructure starts to rely on Docker.
But short term I can do this myself now on this one machine now that I can reach the source.
Thanks for the reply!
infrastructure@lists.fedoraproject.org
-
Colin Walters -
Kevin Fenzi