cloudgw improvements
Open, LowPublic
Actions

Assigned To

Authored By

	aborrero
	Sep 27 2023, 10:22 AM

Description

This task collects some ideas to improve the cloudgw implementation. Mostly in the shape of cleanups and puppet code refactor.

use a general puppet namespace wmcs rather than openstack. The cloudgw deployment is not tied to a specific openstack deployment. And we can reuse it for other projects, similar to cloudlb. This is https://gerrit.wikimedia.org/r/961363
adopt general nftables base firewall profile (already happening via T336497: Add support for nftables in profile::firewall)
renumber cloudgw <-> neutron subnet from /30 to /29 so each cloudgw node can have their own IP address (see T348140: Change cloud-instance-transport vlan subnets from /30 to /29)
adopt cloud-private (see T338334: cloudgw: add cloud-private subnet support)
replace keepalived with BGP (see T347687: cloudgw: replace keepalived with BGP)

Details

Subject	Repo	Branch	Lines +/-
cloudgw: don't declare the vrf-interface	operations/puppet	production	+0 -9
cloudgw: reorder post-up commands and other fixes	operations/puppet	production	+23 -25
cloudgw: create the vrf-cloudgw device via static file	operations/puppet	production	+7 -2
wmcs: cloudgw: rename resource to avoid clash	operations/puppet	production	+1 -1
cloudgw: move routes out of keepalived into interfaces	operations/puppet	production	+19 -17
cloudgw: add an IPv4 address for each node in the cloudgw <-> neutron subnet	operations/puppet	production	+27 -10
cloudgw: load nf_conntrack sysctl settings later	operations/puppet	production	+2 -1
cloudgw: refresh puppet namespace	operations/puppet	production	+254 -335

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	cmooney	T347469 cloudgw improvements
Stalled	None	T338334 cloudgw: add cloud-private subnet support
Open	cmooney	T347687 cloudgw: replace keepalived with BGP
Resolved	dcaro	T348140 Change cloud-instance-transport vlan subnets from /30 to /29

Event Timeline

aborrero created this task.Sep 27 2023, 10:22 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 27 2023, 10:23 AM

aborrero moved this task from Backlog to Next on the User-aborrero board.Sep 27 2023, 10:23 AM

aborrero added a subtask: T338334: cloudgw: add cloud-private subnet support.

aborrero updated the task description. (Show Details)Sep 27 2023, 10:30 AM

Change 961363 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: refresh puppet namespace

https://gerrit.wikimedia.org/r/961363

gerritbot added a project: Patch-For-Review.Sep 27 2023, 11:10 AM

aborrero updated the task description. (Show Details)Sep 27 2023, 12:33 PM

Change 961363 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: refresh puppet namespace

https://gerrit.wikimedia.org/r/961363

aborrero updated the task description. (Show Details)Sep 27 2023, 12:40 PM

Change 961376 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: load nf_conntrack sysctl settings later

https://gerrit.wikimedia.org/r/961376

Change 961376 abandoned by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: load nf_conntrack sysctl settings later

Reason:

merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/961377/ instead

https://gerrit.wikimedia.org/r/961376

Maintenance_bot removed a project: Patch-For-Review.Sep 28 2023, 10:10 AM

aborrero updated the task description. (Show Details)Sep 29 2023, 12:30 PM

aborrero updated the task description. (Show Details)Sep 29 2023, 12:42 PM

aborrero moved this task from Next to Doing on the User-aborrero board.Oct 2 2023, 10:05 AM

aborrero triaged this task as High priority.Oct 4 2023, 12:55 PM

aborrero updated the task description. (Show Details)

Change 963298 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: add an IPv4 address for each node in the cloudgw <-> neutron subnet

https://gerrit.wikimedia.org/r/963298

gerritbot added a project: Patch-For-Review.Oct 4 2023, 1:08 PM

cmooney added a subtask: T348140: Change cloud-instance-transport vlan subnets from /30 to /29.Oct 4 2023, 1:08 PM

aborrero updated the task description. (Show Details)Oct 4 2023, 1:09 PM

Change 963311 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: move routes out of keepalived into interfaces

https://gerrit.wikimedia.org/r/963311

Mentioned in SAL (#wikimedia-cloud) [2023-10-05T12:55:42Z] <arturo> doing cloudgw maintenance operations T347469

Change 963298 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: add an IPv4 address for each node in the cloudgw <-> neutron subnet

https://gerrit.wikimedia.org/r/963298

Change 963311 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: move routes out of keepalived into interfaces

https://gerrit.wikimedia.org/r/963311

Change 963723 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] wmcs: cloudgw: rename resource to avoid clash

https://gerrit.wikimedia.org/r/963723

Change 963723 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] wmcs: cloudgw: rename resource to avoid clash

https://gerrit.wikimedia.org/r/963723

Maintenance_bot removed a project: Patch-For-Review.Oct 5 2023, 1:10 PM

Change 963727 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: create the vrf-cloudgw device via static file

https://gerrit.wikimedia.org/r/963727

gerritbot added a project: Patch-For-Review.Oct 5 2023, 1:27 PM

Change 963727 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: create the vrf-cloudgw device via static file

https://gerrit.wikimedia.org/r/963727

Change 963734 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: reorder post-up commands and other fixes

https://gerrit.wikimedia.org/r/963734

Change 963734 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: reorder post-up commands and other fixes

https://gerrit.wikimedia.org/r/963734

Change 963736 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: don't declare the vrf-interface

https://gerrit.wikimedia.org/r/963736

Change 963736 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: don't declare the vrf-interface

https://gerrit.wikimedia.org/r/963736

Maintenance_bot removed a project: Patch-For-Review.Oct 5 2023, 2:11 PM

Mentioned in SAL (#wikimedia-cloud) [2023-10-05T15:30:44Z] <arturo> operating on cloudgw @ eqiad1 (T347469)

I guess @cmooney can drive the future work to complete the remaining bits in this task.

aborrero moved this task from Doing to Radar on the User-aborrero board.Oct 11 2023, 9:12 AM

dcaro changed the status of subtask T348140: Change cloud-instance-transport vlan subnets from /30 to /29 from Open to In Progress.Oct 20 2023, 8:11 AM

Changed this to low priority for now. While in general BGP would be an improvement to VRRP on the cloudgw, the current setup in Eqiad is ok for now. There are no massive wins in moving to BGP, although it is a neater solution.

Let's consider it as part of the work on the new K8s-driven OpenStack POC and make a decision once we've a better view on the long-term requirements for cloudgw.

dcaro closed subtask T348140: Change cloud-instance-transport vlan subnets from /30 to /29 as Resolved.Oct 23 2023, 1:33 PM

cloudgw improvementsOpen, LowPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

cloudgw improvements
Open, LowPublic
Actions

Related Objects
Search...