Adding to this, you can add votes or share other input by replying here for another week. Thanks everyone for the productive discussion. Cheers, Georg On 8/3/23 23:46, Christian Boltz wrote:
Hello,
here are the minutes from today's heroes meeting:
network setup in PRG2 datacenter - openSUSE will get independent hardware, SUSE is "just" the ISP - discussion about the network layout - summary will be posted on heroes mailinglist
Layout proposals for access via VPN: management jumphost = allows access to physical machines if user has SSH access to it 1. https://paste.opensuse.org/pastes/e3baac534ebe -> two pools in OpenVPN separated by LDAP group, privileged users get network level access to admin network which contains the management jumphost 2. https://paste.opensuse.org/pastes/2d7d1d18fa9f -> single OpenVPN pool, all users get network level access to all virtual machines including the management jumphost 3. https://paste.opensuse.org/pastes/8efc7ef6e3d0 -> single OpenVPN pool, users get network level access to all machines with no jumphost
Votes in meeting: - Proposal 1: ii - Proposal 2: iii - Proposal 3:
- Network firewall/router - manageable but HA - OPN/PfSense poor 10G? - -> test openSUSE/NFTables based setup, accept short downtime from VRRP switching (three votes) - HAProxy behind for common services
status reports - mailman VM updated, needed time to fix all the mailman packages -> waiting for arrival in Factory - redmine update WIP on https://progress-test.opensuse.org/ -> waiting for licensed plugins - cdn.o.o setup - cache invalidation triggers added in repopusher and via inotify watchrepodata.service - jekyll now only fails single broken pages instead of failing/not deploying all jekyll-based pages
Regards,
Christian Boltz