Hello,
Can we please get this patch[0] reviewed and merged for the prod workers of the OCP cluster?
https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7
Thanks and regards, Akashdeep Dhar t0xic0der@fedoraproject.org
Hello,
A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" is to be the commit messages.
Mark and Kevin,
Could you please update the LetsEncrypt ACME challenge?
Thanks and regards, Akashdeep Dhar t0xic0der@fedoraproject.org
On Mon, Aug 30, 2021 at 7:31 AM Akashdeep Dhar akashdeep.dhar@gmail.com wrote:
Hello,
Can we please get this patch[0] reviewed and merged for the prod workers of the OCP cluster?
https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7
Thanks and regards, Akashdeep Dhar t0xic0der@fedoraproject.org
On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote:
Hello,
A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" is to be the commit messages.
Mark and Kevin,
Could you please update the LetsEncrypt ACME challenge?
Just leave those commented out. We get that when we ask for the cert(s).
Aside that, looks good to me. +1 to push anytime...
kevin
On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote:
On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote:
Hello,
A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" is to be the commit messages.
Mark and Kevin,
Could you please update the LetsEncrypt ACME challenge?
Just leave those commented out. We get that when we ask for the cert(s).
Aside that, looks good to me. +1 to push anytime...
Oh wait. There's another issue here.
Right now with the 3.11 cluster, we run a vpn connection on all the compute nodes. This allows non IAD2 proxies to reach them.
For theis 4 cluster are we going to:
1. Somehow run openvpn clients on the nodes
or
2. Not going to do that.
Of course not running vpn on them is easier configuration wise, but it means that we don't want to have dns resolve the cluster as 'wildcard' (all proxies), but instead just want to resolve to the IAD2 proxies directly. For example, koji is like this:
koji IN A 38.145.60.20 koji IN A 38.145.60.21
Sorry I didn't think of this, need more coffee. ;)
kevin
Thanks Kevin, we think we've addressed this in the latest version at https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7
Can you take another look please
On Mon, 30 Aug 2021 at 23:57, Kevin Fenzi kevin@scrye.com wrote:
On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote:
On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote:
Hello,
A small change - "metric-for-apps: DNS patch for prod nodes of OCP
cluster"
is to be the commit messages.
Mark and Kevin,
Could you please update the LetsEncrypt ACME challenge?
Just leave those commented out. We get that when we ask for the cert(s).
Aside that, looks good to me. +1 to push anytime...
Oh wait. There's another issue here.
Right now with the 3.11 cluster, we run a vpn connection on all the compute nodes. This allows non IAD2 proxies to reach them.
For theis 4 cluster are we going to:
- Somehow run openvpn clients on the nodes
or
- Not going to do that.
Of course not running vpn on them is easier configuration wise, but it means that we don't want to have dns resolve the cluster as 'wildcard' (all proxies), but instead just want to resolve to the IAD2 proxies directly. For example, koji is like this:
koji IN A 38.145.60.20 koji IN A 38.145.60.21
Sorry I didn't think of this, need more coffee. ;)
kevin _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
This patch should be probably marked as freeze break request.
Michal
On 31. 08. 21 12:18, David Kirwan wrote:
Thanks Kevin, we think we've addressed this in the latest version at https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7 https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7
Can you take another look please
On Mon, 30 Aug 2021 at 23:57, Kevin Fenzi <kevin@scrye.com mailto:kevin@scrye.com> wrote:
On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote: > On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote: > > Hello, > > > > A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" > > is to be the commit messages. > > > > Mark and Kevin, > > > > Could you please update the LetsEncrypt ACME challenge? > > Just leave those commented out. We get that when we ask for the cert(s). > > Aside that, looks good to me. +1 to push anytime... Oh wait. There's another issue here. Right now with the 3.11 cluster, we run a vpn connection on all the compute nodes. This allows non IAD2 proxies to reach them. For theis 4 cluster are we going to: 1. Somehow run openvpn clients on the nodes or 2. Not going to do that. Of course not running vpn on them is easier configuration wise, but it means that we don't want to have dns resolve the cluster as 'wildcard' (all proxies), but instead just want to resolve to the IAD2 proxies directly. For example, koji is like this: koji IN A 38.145.60.20 koji IN A 38.145.60.21 Sorry I didn't think of this, need more coffee. ;) kevin _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org <mailto:infrastructure@lists.fedoraproject.org> To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org <mailto:infrastructure-leave@lists.fedoraproject.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines <https://fedoraproject.org/wiki/Mailing_list_guidelines> List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org <https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure <https://pagure.io/fedora-infrastructure>-- David Kirwan Software Engineer
Community Platform Engineering @ Red Hat
T: +(353) 86-8624108 IM: @dkirwan
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On Tue, Aug 31, 2021 at 01:35:05PM +0200, Michal Konecny wrote:
This patch should be probably marked as freeze break request.
Well, it's content, not configuration, so usually we allow dns changes.
But I agree it's good to review.
On 31. 08. 21 12:18, David Kirwan wrote:
Thanks Kevin, we think we've addressed this in the latest version at https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7 https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7
Can you take another look please
So, it looks mostly good, but not sure about lines 48-51. You shouldn't need to change that there? Leave the stg one pointing to stg wildcard and don't add another copy pointing to prod wildcard?
ie, I think that change doesn't need to be in there. ;)
Otherwise looks good.
kevin --
On Mon, 30 Aug 2021 at 23:57, Kevin Fenzi <kevin@scrye.com mailto:kevin@scrye.com> wrote:
On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote: > On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote: > > Hello, > > > > A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" > > is to be the commit messages. > > > > Mark and Kevin, > > > > Could you please update the LetsEncrypt ACME challenge? > > Just leave those commented out. We get that when we ask for the cert(s). > > Aside that, looks good to me. +1 to push anytime... Oh wait. There's another issue here. Right now with the 3.11 cluster, we run a vpn connection on all the compute nodes. This allows non IAD2 proxies to reach them. For theis 4 cluster are we going to: 1. Somehow run openvpn clients on the nodes or 2. Not going to do that. Of course not running vpn on them is easier configuration wise, but it means that we don't want to have dns resolve the cluster as 'wildcard' (all proxies), but instead just want to resolve to the IAD2 proxies directly. For example, koji is like this: koji IN A 38.145.60.20 koji IN A 38.145.60.21 Sorry I didn't think of this, need more coffee. ;) kevin _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org <mailto:infrastructure@lists.fedoraproject.org> To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org <mailto:infrastructure-leave@lists.fedoraproject.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines <https://fedoraproject.org/wiki/Mailing_list_guidelines> List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org <https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure <https://pagure.io/fedora-infrastructure>-- David Kirwan Software Engineer
Community Platform Engineering @ Red Hat
T: +(353) 86-8624108 IM: @dkirwan
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Oops, fixed that error on lines 48-51 now.
On Wed, 1 Sept 2021 at 02:25, kevin kevin@scrye.com wrote:
On Tue, Aug 31, 2021 at 01:35:05PM +0200, Michal Konecny wrote:
This patch should be probably marked as freeze break request.
Well, it's content, not configuration, so usually we allow dns changes.
But I agree it's good to review.
On 31. 08. 21 12:18, David Kirwan wrote:
Thanks Kevin, we think we've addressed this in the latest version at https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7 https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7
Can you take another look please
So, it looks mostly good, but not sure about lines 48-51. You shouldn't need to change that there? Leave the stg one pointing to stg wildcard and don't add another copy pointing to prod wildcard?
ie, I think that change doesn't need to be in there. ;)
Otherwise looks good.
kevin
On Mon, 30 Aug 2021 at 23:57, Kevin Fenzi <kevin@scrye.com mailto:kevin@scrye.com> wrote:
On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote: > On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote: > > Hello, > > > > A small change - "metric-for-apps: DNS patch for prod nodes of OCP cluster" > > is to be the commit messages. > > > > Mark and Kevin, > > > > Could you please update the LetsEncrypt ACME challenge? > > Just leave those commented out. We get that when we ask for the cert(s). > > Aside that, looks good to me. +1 to push anytime... Oh wait. There's another issue here. Right now with the 3.11 cluster, we run a vpn connection on all the compute nodes. This allows non IAD2 proxies to reach them. For theis 4 cluster are we going to: 1. Somehow run openvpn clients on the nodes or 2. Not going to do that. Of course not running vpn on them is easier configuration wise,but it
means that we don't want to have dns resolve the cluster as'wildcard'
(all proxies), but instead just want to resolve to the IAD2 proxies directly. For example, koji is like this: koji IN A 38.145.60.20 koji IN A 38.145.60.21 Sorry I didn't think of this, need more coffee. ;) kevin _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org <mailto:infrastructure@lists.fedoraproject.org> To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org <mailto:infrastructure-leave@lists.fedoraproject.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines <https://fedoraproject.org/wiki/Mailing_list_guidelines> List Archives:https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
<https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure <https://pagure.io/fedora-infrastructure>-- David Kirwan Software Engineer
Community Platform Engineering @ Red Hat
T: +(353) 86-8624108 IM: @dkirwan
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to
infrastructure-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to
infrastructure-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
infrastructure@lists.fedoraproject.org
-
Akashdeep Dhar -
David Kirwan -
kevin -
Kevin Fenzi
-
Michal Konecny