[Ci-users] Access to ci.centos.org/artifacts from the new OpenStack subnet

Wed Aug 3 07:54:40 UTC 2016
Fabian Arrotin <arrfab at centos.org>

On 03/08/16 07:36, Karanbir Singh wrote:
> On 02/08/16 16:31, David Moreau Simard wrote:
>> Hi,
>>
>> Right now it is my understanding that access to the artifacts rsync
>> server is restricted to the subnet 172.19.0.0/22.
>> The virtual machines in the new OpenStack cloud are located in
>> 172.19.4.0/22 and are therefore getting permission denied errors.
> 
> we need to have the cloud instances be able to get to all ci infra,
> including the artifacts nodes.
> 
>>
>> This is a problem if we want to be uploading artifacts from a virtual machine.
>> The vast majority of our artifacts are uploaded from the Duffy bare
>> metal node (logs and so on) and it was our expectation that we could
>> continue with this workflow with the OpenStack cloud.
>> It sounds rather inefficient (but doable nonetheless) to first pull
>> the logs from the node (baremetal or VM) to the slave and then
>> re-upload it to the artifacts server but we'd rather avoid that.
>>
>> Is there anything we can do ?
> 
> you should not need to do any workarounds like this, the cloud instances
> are meant to be setup to access all ci infra, this artifacts thing just
> looks like something we forgot to look at when setting up the network.

Network/routing is fine between the two locations/subnets :  it's at the
rsyncd configuration that there is a limitation (through host allow = )
that was configured when the artifacts node was installed/configured. We
can add the remote 172.19.4.0/22 subnet too, but worth knowing that it
will go through the vpn tunnel, so slower and hopefully people will not
send multiple gigabytes of data through it

> 
> Fabian, is this something you can look into ? is there anything else
> that the cico nodes can get to that cloud.cico cant ?
> 

We can have a look at that.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160803/07aa9f8e/attachment-0005.sig>