Re: metrics-for-apps: DNS patch for two prod workers of OCP cluster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 31, 2021 at 01:35:05PM +0200, Michal Konecny wrote:
> This patch should be probably marked as freeze break request.

Well, it's content, not configuration, so usually we allow dns changes. 

But I agree it's good to review. 

> On 31. 08. 21 12:18, David Kirwan wrote:
> > Thanks Kevin, we think we've addressed this in the latest version at
> > https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7
> > <https://gist.github.com/davidkirwan/bd2b84f05a67123a9254e055d336f1e7>
> > 
> > Can you take another look please

So, it looks mostly good, but not sure about lines 48-51. 
You shouldn't need to change that there? Leave the stg one pointing to
stg wildcard and don't add another copy pointing to prod wildcard?

ie, I think that change doesn't need to be in there. ;) 

Otherwise looks good. 

kevin
--
> > 
> > On Mon, 30 Aug 2021 at 23:57, Kevin Fenzi <kevin@xxxxxxxxx
> > <mailto:kevin@xxxxxxxxx>> wrote:
> > 
> >     On Mon, Aug 30, 2021 at 07:49:54AM -0700, Kevin Fenzi wrote:
> >     > On Mon, Aug 30, 2021 at 07:38:04AM +0530, Akashdeep Dhar wrote:
> >     > > Hello,
> >     > >
> >     > > A small change - "metric-for-apps: DNS patch for prod nodes of
> >     OCP cluster"
> >     > > is to be the commit messages.
> >     > >
> >     > > Mark and Kevin,
> >     > >
> >     > > Could you please update the LetsEncrypt ACME challenge?
> >     >
> >     > Just leave those commented out. We get that when we ask for the
> >     cert(s).
> >     >
> >     > Aside that, looks good to me. +1 to push anytime...
> > 
> >     Oh wait. There's another issue here.
> > 
> >     Right now with the 3.11 cluster, we run a vpn connection on all the
> >     compute nodes. This allows non IAD2 proxies to reach them.
> > 
> >     For theis 4 cluster are we going to:
> > 
> >     1. Somehow run openvpn clients on the nodes
> > 
> >     or
> > 
> >     2. Not going to do that.
> > 
> >     Of course not running vpn on them is easier configuration wise, but it
> >     means that we don't want to have dns resolve the cluster as 'wildcard'
> >     (all proxies), but instead just want to resolve to the IAD2 proxies
> >     directly. For example, koji is like this:
> > 
> >     koji            IN    A     38.145.60.20
> >     koji            IN    A     38.145.60.21
> > 
> >     Sorry I didn't think of this, need more coffee. ;)
> > 
> >     kevin
> >     _______________________________________________
> >     infrastructure mailing list --
> >     infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> >     <mailto:infrastructure@xxxxxxxxxxxxxxxxxxxxxxx>
> >     To unsubscribe send an email to
> >     infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
> >     <mailto:infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx>
> >     Fedora Code of Conduct:
> >     https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >     <https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
> >     List Guidelines:
> >     https://fedoraproject.org/wiki/Mailing_list_guidelines
> >     <https://fedoraproject.org/wiki/Mailing_list_guidelines>
> >     List Archives:
> >     https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> >     <https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx>
> >     Do not reply to spam on the list, report it:
> >     https://pagure.io/fedora-infrastructure
> >     <https://pagure.io/fedora-infrastructure>
> > 
> > 
> > 
> > -- 
> > David Kirwan
> > Software Engineer
> > 
> > Community Platform Engineering @ Red Hat
> > 
> > T: +(353) 86-8624108 IM: @dkirwan
> > 
> > 
> > _______________________________________________
> > infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
> 

> _______________________________________________
> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux