On Mon, Jul 03, 2017 at 06:54:17PM +0200, Lars Vogdt wrote:
Hi @ll
Hello,
At the moment, most machines hosting the openSUSE infrastructure in Nuremberg are running in a co-location network together with other services from other teams/companies (like SUSE, openAttic, KDE, ...)
With the new openSUSE Heroes team, SUSE-IT wants to split up the network into pieces to allow the heroes to get access to nearly everything they need for their work. It might be also used to clarify the responsibility for some services and make the openSUSE setup a bit more easy and clear.
There are a bunch of opensuse machines that the heroes team has access, and there are others where the heroes don't have access (they are managed by SUSE-IT or buildops). According to the saltmaster, these machines are: - the atreju and cirrus hypervisors - all the OBS related machines - login.o.o - the mysql and postgresql database clusters (as there are databases for SUSE related services, like fate.suse.com or hackweek.suse.com) - smt-internal. Apart from SMT server, it is also backup server, and there is also something else running there that I don't recall atm. - the NTP servers - pontifex3 for mirrors So my suggestion would be to take the above case by case. Eg the db clusters shouldn't be migrated, but I would suggest to create a new cluster at the opensuse network, and migrate only the relevant dbs.
But this network split comes with some migration downtime. For most of the machines, a simple "shutdown", "put into the other network", "boot" should be enough (so something around max. 5-10 Minutes per machine). But some machines - especially those that are providing their service to others in this network - are a bit trickier...
I started http://etherpad.opensuse.org/p/Server_migration to collect the affected machines together with some nodes and want to ask you:
I added some more info there already
1) Can someone from the SUSE-IT Heroes join the work? => All machines need a DNS change (new external IP) during the time, so we should minimize the refresh time, if not already done. => the haproxy setup on the old and new instances needs to be adapted during the migration. => we need to clarify the database usage and split up new DB servers, if needed
Count me in
2) When will be the best time when we can start with the migration ?
3) What did I miss?
At the moment, my plan number #1 is to do the following on this Thursday: * migrate freeIPA, chip, mickey and minnie to the new network * follow with other, easier to migrate machines like keyserver, icc, hackweek, ... as time permits
Hackweek is a SUSE service, I don't see a reason to put it in the opensuse network.
* check the mysql and postgresql servers for their running databases and plan the split
Minnie (saltmaster) depends on mickey (gitlab), which in turn depends on
postgresql. So, as mentioned before, I would suggest first to start by creating
a new set of db clusters at the new network.
--
Theo Chatzimichos