I'm fairly certain that this will be the first scap3 deployment into the labs support vlan. We need to investigate what network changes will be needed to allow the ssh command-and-control connection from tin to californium and the subsequent http(s?) git fetch to californium from tin.
|Resolved||yuvipanda||T111885 Initial Deployment of Kubernetes to Tool Labs|
|Open||None||T194332 [Epic] Make Toolforge a proper platform as a service with push-to-deploy and build packs|
|Open||None||T117071 Figure out a git hosting solution for tools/kubernetes|
|Resolved||bd808||T102066 Make sure tools can be taken over after they are abandoned|
|Resolved||bd808||T102081 Provide an easy way for Tool Labs tools to expose their source code|
|Open||None||T128158 Tools web interface for tool authors (Brainstorming ticket)|
|Resolved||bd808||T133252 Create application "Striker" to manage Diffusion repositories for a Tool Labs project|
|Resolved||bd808||T136256 Deploy "Striker" Tool Labs console to WMF production|
|Resolved||bd808||T143253 Ensure that scap3 from tin can access californium|
It looks like this should "just work" once all of the puppet rules are in place. service::uwsgi includes scap::target which in turn includes scap::ferm. scap::ferm opens up ssh from $DEPLOYMENT_SERVERS.
With some help from @yuvipanda I verified that ssh gets from tin to californium once californium accepts the connection.