Hello, here are the minutes from today's heroes meeting: network setup in PRG2 datacenter - openSUSE will get independent hardware, SUSE is "just" the ISP - discussion about the network layout - summary will be posted on heroes mailinglist Layout proposals for access via VPN: management jumphost = allows access to physical machines if user has SSH access to it 1. https://paste.opensuse.org/pastes/e3baac534ebe -> two pools in OpenVPN separated by LDAP group, privileged users get network level access to admin network which contains the management jumphost 2. https://paste.opensuse.org/pastes/2d7d1d18fa9f -> single OpenVPN pool, all users get network level access to all virtual machines including the management jumphost 3. https://paste.opensuse.org/pastes/8efc7ef6e3d0 -> single OpenVPN pool, users get network level access to all machines with no jumphost Votes in meeting: - Proposal 1: ii - Proposal 2: iii - Proposal 3: - Network firewall/router - manageable but HA - OPN/PfSense poor 10G? - -> test openSUSE/NFTables based setup, accept short downtime from VRRP switching (three votes) - HAProxy behind for common services status reports - mailman VM updated, needed time to fix all the mailman packages -> waiting for arrival in Factory - redmine update WIP on https://progress-test.opensuse.org/ -> waiting for licensed plugins - cdn.o.o setup - cache invalidation triggers added in repopusher and via inotify watchrepodata.service - jekyll now only fails single broken pages instead of failing/not deploying all jekyll-based pages Regards, Christian Boltz -- Will ich mich demnaechst mal ranmachen, allerdings momentan zuviel extrem unwichtige Sachen zu tun. [Marcel Schmedes in suse-linux] ^^