Closed Bug 977570 Opened 11 years ago Closed 7 years ago

Loaned AWS slaves should be accessible without VPN

Categories

(Infrastructure & Operations Graveyard :: CIDuty, task)

Product:
Infrastructure & Operations Graveyard
Component:
CIDuty
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: catlee, Unassigned)

Details

Many requests for slave loaners don't actually require the machine to be on the build network. We will make things easier for developers if we don't require them to set up VPN access to get to the loaned machines. Can we make AWS slaves public-by-default for loaners? Off the top of my head, this will require a few changes to our process: - The instance needs to be created outside of the VPC - It needs a different security group to allow ssh access in
+1
Component: Buildduty → Platform Support
QA Contact: armenzg → coop
Assignee: nobody → rail
(In reply to Chris AtLee [:catlee] from comment #0) > - The instance needs to be created outside of the VPC Hmm, this means that it can't talk to puppet. As a workaround (until we switch to golden AMIs) we can run everything inside VPC, then make a snapshot and create another instance based on the snapshot... Back to the pool for now...
Assignee: rail → nobody
(In reply to Rail Aliiev [:rail] (PTO Jul 25 - Aug 11) from comment #2) > Hmm, this means that it can't talk to puppet. As a workaround (until we > switch to golden AMIs) we can run everything inside VPC, then make a > snapshot and create another instance based on the snapshot... Since we don't talk to puppet any more, this should be doable now, correct?
(In reply to Chris Cooper [:coop] from comment #3) > Since we don't talk to puppet any more, this should be doable now, correct? This is valid for spot instances only for now (created in aws_watch_pending.py). On-demand and loaner instances are still handled by aws_create_instance.py and talk to puppet. Unifying the processes is TBD still.
(In reply to Rail Aliiev [:rail] from comment #4) > This is valid for spot instances only for now (created in > aws_watch_pending.py). On-demand and loaner instances are still handled by > aws_create_instance.py and talk to puppet. Unifying the processes is TBD > still. I know I've done this once myself, i.e. created a loaner instance for a trusted community member, wiped the secrets, removed the machine from the VPC by hand, and then provided the public IP for the instance from the AWS console. Do we need a better, more involved (read: automated) process than that?
I think it'd be possible to create instances with 2 network interfaces (vpc and not-vpc) and kill one of them depending on the needs.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Component: Platform Support → Buildduty
Product: Release Engineering → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.