Page MenuHomePhabricator
Create Task
Maniphest T338334

cloudgw: add cloud-private subnet support
Open, Stalled, LowPublic
Actions

Description

Similar to other sibling tasks related to the same parent task T324992: cloudlb: create PoC on codfw, we need add cloud-private support in cloudgw servers.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
cloudgw: add cloud-privateoperations/puppetproduction+1 -0
cloudgw: refactor interfaces setting to use the base moduleoperations/puppetproduction+53 -40
cloudgw: refactor to set up routes independently from keepalivedoperations/puppetproduction+24 -30
cloudgw: codfw: add cloud-private subnet supportoperations/puppetproduction+15 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpencmooneyT347469 cloudgw improvements
 StalledNoneT338334 cloudgw: add cloud-private subnet support

Event Timeline

aborrero created this task.Jun 7 2023, 3:21 PM
aborrero changed the task status from Open to In Progress.
aborrero mentioned this in T336963: cloudcontrol2001-dev can't reach cloud-vps public IPs.
aborrero added a parent task: T336963: cloudcontrol2001-dev can't reach cloud-vps public IPs.
aborrero moved this task from Backlog to Next on the User-aborrero board.
aborrero changed the task status from In Progress to Stalled.Jun 20 2023, 4:27 PM
aborrero triaged this task as Low priority.

Not a strong requirement for the cloudlb project.

aborrero moved this task from Next to Backlog on the User-aborrero board.Jun 20 2023, 4:27 PM
Aklapper added a comment.Jun 20 2023, 7:59 PM

@aborrero: What exactly is this stalled on, as this has no subtasks?

aborrero added a comment.Jun 21 2023, 8:35 AM

We need to decide where does this work fit within all the network reshuffling going on.

Task is waiting for further input and can currently not be acted on.

aborrero moved this task from Backlog to Next on the User-aborrero board.Jul 4 2023, 10:33 AM
aborrero moved this task from Next to Backlog on the User-aborrero board.Jul 4 2023, 3:57 PM
aborrero added a comment.EditedJul 11 2023, 10:58 AM

I'm definitely still interested in this patch stack:

cmooney added a comment.Jul 11 2023, 11:29 AM

We definitely should do this work, but I think better to not start making any changes until the current cloudlb/cloud-private work in eqiad is all complete and stable.

fnegri moved this task from FY2022/2023-Q4 to FY2023/2024-Q1-Q2 on the cloud-services-team board.Jul 26 2023, 5:49 PM
fnegri edited projects, added cloud-services-team (FY2023/2024-Q1-Q2); removed cloud-services-team (FY2022/2023-Q4).
fnegri moved this task from Backlog to Blocked on the cloud-services-team (FY2023/2024-Q1-Q2) board.
aborrero moved this task from Backlog to Next on the User-aborrero board.Sep 27 2023, 8:55 AM
aborrero edited parent tasks, added: T347469: cloudgw improvements; removed: T336963: cloudcontrol2001-dev can't reach cloud-vps public IPs, T324992: cloudlb: create PoC on codfw.Sep 27 2023, 10:23 AM
aborrero mentioned this in T347469: cloudgw improvements.Sep 27 2023, 10:30 AM
cmooney added a comment.EditedSep 28 2023, 4:58 PM

FWIW the cloudgw is connected to the cloud realm, just on a different vlan/subnet to the other hosts.

cmooney@cloudgw1001:~$ sudo ip vrf exec vrf-cloudgw ping -c 4 172.20.255.1
PING 172.20.255.1 (172.20.255.1) 56(84) bytes of data.
64 bytes from 172.20.255.1: icmp_seq=1 ttl=63 time=0.169 ms
64 bytes from 172.20.255.1: icmp_seq=2 ttl=63 time=0.230 ms
64 bytes from 172.20.255.1: icmp_seq=3 ttl=63 time=0.226 ms
64 bytes from 172.20.255.1: icmp_seq=4 ttl=63 time=0.186 ms

--- 172.20.255.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3063ms
rtt min/avg/max/mdev = 0.169/0.202/0.230/0.026 ms

This is currently on vlan1120 ( cloud-instance-transport1-b-eqiad) in eqiad for example.

As long as the two cloudgw's are doing VRRP over this vlan it's probably best to keep it this way rather than add cloud-private.

An improvement would be to replace the current vlan with cloud-private, and replace the VRRP VIP / HA with BGP-based announcement of the ranges we currently statically route to the VIP from the cloudsw's.

gerritbot added a comment.Sep 29 2023, 4:01 PM

Change 922104 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: refactor to set up routes independently from keepalived

https://gerrit.wikimedia.org/r/922104

gerritbot added a project: Patch-For-Review.Sep 29 2023, 4:01 PM

Change 922105 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: refactor vlan interfaces to use interface::tagged

https://gerrit.wikimedia.org/r/922105

gerritbot added a comment.Sep 29 2023, 4:01 PM

Change 922106 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: codfw: add cloud-private subnet support

https://gerrit.wikimedia.org/r/922106

aborrero added a comment.Sep 29 2023, 4:04 PM
In T338334#9207934, @cmooney wrote:

An improvement would be to replace the current vlan with cloud-private, and replace the VRRP VIP / HA with BGP-based announcement of the ranges we currently statically route to the VIP from the cloudsw's.

I'm very much interested in this. Do you think we can do this before my departure in 2 weeks?

aborrero added a comment.Sep 29 2023, 4:05 PM

I created in netbox:

gerritbot added a comment.Oct 4 2023, 9:35 AM

Change 922104 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: refactor to set up routes independently from keepalived

https://gerrit.wikimedia.org/r/922104

gerritbot added a comment.Oct 5 2023, 12:58 PM

Change 922105 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: refactor interfaces setting to use the base module

https://gerrit.wikimedia.org/r/922105

aborrero reassigned this task from aborrero to taavi.Oct 10 2023, 3:53 PM
aborrero added a subscriber: taavi.

I guess @cmooney and/or @taavi can follow up on this.

gerritbot added a comment.Oct 10 2023, 3:55 PM

Change 964941 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: add cloud-private

https://gerrit.wikimedia.org/r/964941

fnegri edited projects, added cloud-services-team (FY2023/2024-Q3-Q4); removed cloud-services-team (FY2023/2024-Q1-Q2).Feb 1 2024, 11:12 AM
fnegri moved this task from Backlog to Blocked on the cloud-services-team (FY2023/2024-Q3-Q4) board.
aborrero moved this task from Next to Backlog on the User-aborrero board.Feb 2 2024, 5:07 PM
aborrero moved this task from Backlog to Radar/observer on the User-aborrero board.Feb 8 2024, 10:08 AM
taavi removed taavi as the assignee of this task.Feb 9 2024, 2:32 PM
fnegri edited projects, added cloud-services-team (FY2024/2025-Q1-Q2); removed cloud-services-team (FY2023/2024-Q3-Q4).Aug 19 2024, 9:15 AM
fnegri moved this task from Backlog to Blocked on the cloud-services-team (FY2024/2025-Q1-Q2) board.
taavi added a project: Cloud-VPS.Sep 28 2024, 12:21 PM
fnegri edited projects, added cloud-services-team (FY2024/2025-Q3-Q4); removed cloud-services-team (FY2024/2025-Q1-Q2).Jan 14 2025, 3:20 PM
fnegri moved this task from Backlog to Blocked on the cloud-services-team (FY2024/2025-Q3-Q4) board.
taavi moved this task from Unsorted to Network on the Cloud-VPS board.Feb 8 2025, 9:38 AM
fnegri removed a project: cloud-services-team (FY2024/2025-Q3-Q4).Jul 15 2025, 1:14 PM
Restricted Application added a project: cloud-services-team. · View Herald TranscriptJul 15 2025, 1:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits