Re: firewall blocking atomic01.qa access to RHN/registry.access.redhat.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 24 Apr 2015 11:26:57 -0400
Colin Walters <walters@xxxxxxxxxx> wrote:

> Hi,
> 
> I'm trying to set up a Docker/Kubernetes/Atomic cluster in VMs on
> atomic01.qa to prototype out some alt.fp.org rel-eng work - using
> RHEL7 Atomic, but not being able to access
> subscription.rhn.redhat.com or registry.access.redhat.com is a pain.
> 
> Is there a reason this is being blocked?

Yes. We ideally want Fedora internal infrastructure to be completely
seperate from Red Hat internal infrastructure. Right now there's some
few things we do have to have cross over that bridge (netapp storage
mostly), but ideally we will get to a world were there is 0 connection. 

So, can you try and get those things via external? ie, instead of using
an internal ip and trying to cross that great firewall, use external
IPs and access like any other customer?

> In the more medium term I'd like to use some of the resources from
> the new OpenStack cloud, potentially returning this machine to the
> pool for other work.

Cool. I really hope we have the new cloud done and ready to use soon. 

Msuchy was pulled away on other things this week, but should be working
on it next week again. 

Note that the fedora infra private cloud already is completely
disconnected from any RH internal net (and any Fedora Internal net
too). It's just it's own thing on it's own switch going directly to
external. 

> In general for Fedora infra machines, it looks like the RHEL
> installations are configured to use a local mirror, and aren't
> subscribed, right?  

Correct. We use the same internal repos we use for EPEL building. 

> If we go down that path, can we set up a mirror
> of the Docker registry and the Atomic Host ostree repo?  The former
> is a bit tricky, the latter is a two line shell script that would
> need to be cron job'd somewhere.

We could look at doing that if it's needed, sure. 

kevin

Attachment: pgpSz7gaoi3ll.pgp
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux