Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ci.jenkins.io] Move controller (VM) to AWS #4315

Open
Tracked by #4313
dduportal opened this issue Sep 28, 2024 · 4 comments
Open
Tracked by #4313

[ci.jenkins.io] Move controller (VM) to AWS #4315

dduportal opened this issue Sep 28, 2024 · 4 comments

Comments

@dduportal
Copy link
Contributor

dduportal commented Sep 28, 2024

This issue tracks the work to migrate ci.jenkins.io controller to the AWS Sponsored.

Current resources:

Target for the new VM:

  • Same size (vCPUs and memory)
  • Same disk topology (rootfs and data with jenkins home in it)
  • For network: see [ci.jenkins.io] Define virtual networking for AWS #4320
    • We'll need a aws.ci.jenkins.io DNS A record (pointed by the CNAME ci.jenkins.io once migrated) to the public IPv4 of the controller, and a AAAA record with the public IPv6.
    • If need be, we'll define a private DNS A record aws.ci.jenkins.io so agents can reach the controller through private subnets
    • Inbound:
      • Anywhere HTTP + HTTPS on both IPv4 and IPv6
      • SSH from the (Azure private VPN) only. We'll set up the VPN routing of users to override routing like we did for the pkg.origin.jenkins.io, usage.jio and census.jio VMs.
      • Private subnets HTTP, HTTPS, JNLP
    • Outbound (IPv4 only):
      • HTTP+ HTTPS + HKP to everywhere
      • SSH to GitHub public IPs and to private subnets
@dduportal dduportal added triage Incoming issues that need review ci.jenkins.io aws labels Sep 28, 2024
@dduportal dduportal changed the title Move ci.jenkins.io controller (VM) to AWS [ci.jenkins.io] Move controller (VM) to AWS Sep 28, 2024
@dduportal dduportal added this to the infra-team-sync-2024-10-22 milestone Oct 15, 2024
@dduportal dduportal removed the triage Incoming issues that need review label Oct 15, 2024
@dduportal dduportal self-assigned this Oct 15, 2024
@dduportal
Copy link
Contributor Author

Discussed with @smerle33:

@dduportal
Copy link
Contributor Author

Update:

@dduportal
Copy link
Contributor Author

Update:

@dduportal
Copy link
Contributor Author

Update:

  • Initial Puppet provisioning was successful. VM rebooted and access with nominative account is ok
    • Container jenkins is up and running
  • Next steps:
    • Update LDAP allowed IPs to add the new CI IP
    • Update Network ACLs to allow inbound HTTP/HTTPS from internet
    • Update Puppet setup to support vhosts for both the internal hostname (aws.ci.jenkins.io) and the top-level CNAME (ci.jenkins.io)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant