[tor-bugs] #33914 [Internal Services/Tor Sysadmin Team]: migrate weissii to the ganeti cluster
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 19 07:56:40 UTC 2020
#33914: migrate weissii to the ganeti cluster
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: anarcat
Type: task | Status: closed
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution: fixed
Keywords: tpa-roadmap-may | Actual Points:
Parent ID: #32802 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by weasel):
* status: assigned => closed
* resolution: => fixed
Comment:
I have migrated weissii to the ganeti cluster.
As weissii should not be on the public internet, this involved a few
network related things.
* We have a new (hetzner) vswitch, exposed as vlan 4002. This is a
private/internal network that carries rfc1918 traffic between instances,
also accross nodes. It is known to ganeti as `gnt-fsn-int30-137`.
* Weissii is exclusively on that network.
* Rouyi is on that network on a secondary network interface (eth1).
* weissii needs to access the internet, both for security updates and git
fetch git etc. For thus purpose I set up a tiny VM, `nat-
fsn-01.torproject.org`, that serves as a nat gw between `gnt-fsn-
int30-137` and the internet. It is fully configured via puppet, no manual
local configuration. It also does DNS for hosts on the internal network.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33914#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list