Hello, Can we please get this patch[0] reviewed and merged for the prod workers of the OCP cluster? https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7 Thanks and regards, Akashdeep Dhar t0xic0der(a)fedoraproject.org

On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote: > Hello, > > A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" > is to be the commit messages. > > Mark and Kevin, > > Could you please update the LetsEncrypt ACME challenge? Just leave those commented out. We get that when we ask for the cert(s). Aside that, looks good to me. +1 to push anytime...

Thanks Kevin, we think we've addressed this in the latest version at https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7 <https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7> Can you take another look please On Mon, 30 Aug 2021 at 23:57, Kevin Fenzi <kevin(a)scrye.com <mailto:kevin@scrye.com>> wrote: On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote: > On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote: > > Hello, > > > > A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" > > is to be the commit messages. > > > > Mark and Kevin, > > > > Could you please update the LetsEncrypt ACME challenge? > > Just leave those commented out. We get that when we ask for the cert(s). > > Aside that, looks good to me. +1 to push anytime... Oh wait. There's another issue here. Right now with the 3.11 cluster, we run a vpn connection on all the compute nodes. This allows non IAD2 proxies to reach them. For theis 4 cluster are we going to: 1. Somehow run openvpn clients on the nodes or 2. Not going to do that. Of course not running vpn on them is easier configuration wise, but it means that we don't want to have dns resolve the cluster as 'wildcard' (all proxies), but instead just want to resolve to the IAD2 proxies directly. For example, koji is like this: koji            IN    A     38.145.60.20 koji            IN    A     38.145.60.21 Sorry I didn't think of this, need more coffee. ;) kevin _______________________________________________ infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org <mailto:infrastructure@lists.fedoraproject.org> To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org <mailto:infrastructure-leave@lists.fedoraproject.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines <https://fedoraproject.org/wiki/Mailing_list_guidelines> List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... <https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure <https://pagure.io/fedora-infrastructure> -- David Kirwan Software Engineer Community Platform Engineering @ Red Hat T: +(353) 86-8624108 IM: @dkirwan _______________________________________________ infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

On Tue, Aug 31, 2021 at 01:35:05PM +0200, Michal Konecny wrote: > This patch should be probably marked as freeze break request. Well, it's content, not configuration, so usually we allow dns changes. But I agree it's good to review. > On 31. 08. 21 12:18, David Kirwan wrote: > > Thanks Kevin, we think we've addressed this in the latest version at > > https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7 > > <https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7> > > > > Can you take another look please So, it looks mostly good, but not sure about lines 48-51. You shouldn't need to change that there? Leave the stg one pointing to stg wildcard and don't add another copy pointing to prod wildcard? ie, I think that change doesn't need to be in there. ;) Otherwise looks good. kevin -- > > > > On Mon, 30 Aug 2021 at 23:57, Kevin Fenzi <kevin(a)scrye.com > > <mailto:kevin@scrye.com>> wrote: > > > > On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote: > > > On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote: > > > > Hello, > > > > > > > > A small change - "metric-for-apps: DNS patch for prod nodes of > > OCP cluster" > > > > is to be the commit messages. > > > > > > > > Mark and Kevin, > > > > > > > > Could you please update the LetsEncrypt ACME challenge? > > > > > > Just leave those commented out. We get that when we ask for the > > cert(s). > > > > > > Aside that, looks good to me. +1 to push anytime... > > > > Oh wait. There's another issue here. > > > > Right now with the 3.11 cluster, we run a vpn connection on all the > > compute nodes. This allows non IAD2 proxies to reach them. > > > > For theis 4 cluster are we going to: > > > > 1. Somehow run openvpn clients on the nodes > > > > or > > > > 2. Not going to do that. > > > > Of course not running vpn on them is easier configuration wise, but it > > means that we don't want to have dns resolve the cluster as 'wildcard' > > (all proxies), but instead just want to resolve to the IAD2 proxies > > directly. For example, koji is like this: > > > > koji IN A 38.145.60.20 > > koji IN A 38.145.60.21 > > > > Sorry I didn't think of this, need more coffee. ;) > > > > kevin > > _______________________________________________ > > infrastructure mailing list -- > > infrastructure(a)lists.fedoraproject.org > > <mailto:infrastructure@lists.fedoraproject.org> > > To unsubscribe send an email to > > infrastructure-leave(a)lists.fedoraproject.org > > <mailto:infrastructure-leave@lists.fedoraproject.org> > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > <https://fedoraproject.org/wiki/Mailing_list_guidelines> > > List Archives: > > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... > > < https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... > > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > <https://pagure.io/fedora-infrastructure> > > > > > > > > -- > > David Kirwan > > Software Engineer > > > > Community Platform Engineering @ Red Hat > > > > T: +(353) 86-8624108 IM: @dkirwan > > > > > > _______________________________________________ > > infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org > > To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... > > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure > > _______________________________________________ > infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org > To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure _______________________________________________ infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure