rarias/jungle
rarias/jungle
2
0
Fork 2
Code Issues 52 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

Lobotomize fox #105

Manually merged
rarias merged 10 commits from lobotomize-fox into master 2025-06-02 11:28:55 +02:00
Conversation 5 Commits 10 Files Changed 14 +57 -71
rarias commented 2025-05-26 14:46:53 +02:00
Owner
Copy Link

Closes #104

Prepare fox to be moved to the UPC. The objective is to be able to connect to the machine via SSH, so we can continue to adjust things remotely. We won't have access to the BMC via IPMI for a while (potentially never), so we need to make sure it at least works via SSH.

We no longer trust this machine for secrets, so the fox host SSH key has been destroyed and secrets rekeyed without it. The network configuration still has the BSC IP so we can communicate until we disconnect it. It should be able to work once plugged in the destination with the new IP.

Closes https://jungle.bsc.es/git/rarias/jungle/issues/104 Prepare fox to be moved to the UPC. The objective is to be able to connect to the machine via SSH, so we can continue to adjust things remotely. We won't have access to the BMC via IPMI for a while (potentially never), so we need to make sure it at least works via SSH. We no longer trust this machine for secrets, so the fox host SSH key has been destroyed and secrets rekeyed without it. The network configuration still has the BSC IP so we can communicate until we disconnect it. It should be able to work once plugged in the destination with the new IP.
rarias added 8 commits 2025-05-26 14:46:54 +02:00 
We no longer will be able to use SLURM from jungle.
It will no longer be accesible from the UPC.
We no longer will share secrets with fox until we can regain our trust.
Prevent decrypting old secrets by reading the git history.
Fox is no longer able to use munge or ceph, so we remove the key and
rekey them.
It won't be accesible anymore as we won't be in the same LAN.
For now we keep the two IP addresses for BSC and UPC networks, so we
don't lose connectivity.
rarias changed title from WIP: Lobotomize fox to Lobotomize fox 2025-05-26 14:59:35 +02:00
rarias requested review from arocanon 2025-05-26 14:59:39 +02:00
rarias requested review from abonerib 2025-05-26 14:59:39 +02:00
rarias commented 2025-05-26 15:00:54 +02:00
Author
Owner
Copy Link

@abonerib @arocanon can you see something that could potentially prevent us from accessing it via SSH? (Provided that the network IP and gateway are correctly configured on UPC side).

I will move the machine tomorrow, so I would need to be sure.

@abonerib @arocanon can you see something that could potentially prevent us from accessing it via SSH? (Provided that the network IP and gateway are correctly configured on UPC side). I will move the machine tomorrow, so I would need to be sure.
abonerib commented 2025-05-26 15:41:00 +02:00
Collaborator
Copy Link

Nothing stands out to me. (I assume that all snippets with # to be removed will be removed)

Nothing stands out to me. (I assume that all snippets with `# to be removed` will be removed)
rarias commented 2025-05-26 15:56:25 +02:00
Author
Owner
Copy Link

Nothing stands out to me. (I assume that all snippets with # to be removed will be removed)

Yes, I plan to remove them once installed in the new location. I don't think they can cause any problem for SSH. Right now we have the current configuration applied and it works fine with the two IP addresses. The proxy won't work, but that is fine.

> Nothing stands out to me. (I assume that all snippets with `# to be removed` will be removed) Yes, I plan to remove them once installed in the new location. I don't think they can cause any problem for SSH. Right now we have the current configuration applied and it works fine with the two IP addresses. The proxy won't work, but that is fine.
👍 1
rarias force-pushed lobotomize-fox from 212f405848 to 4a79f92c9b 2025-05-29 13:13:10 +02:00 Compare
rarias force-pushed lobotomize-fox from 4a79f92c9b to 677dc27c47 2025-05-29 13:44:14 +02:00 Compare
rarias force-pushed lobotomize-fox from 677dc27c47 to 14f3150721 2025-06-02 08:04:24 +02:00 Compare
rarias commented 2025-06-02 08:13:36 +02:00
Author
Owner
Copy Link

I have removed the old BSC configuration sections as well as the monitoring. Until we have a way to reach the BMC in the new location it doesn't make much sense to have the monitoring constantly failing to reach fox.

The machine is still not reachable via the UPC public IP despite the UPC sysadmin team claiming it would take "a couple of days" to be connected.

@abonerib let me know if there is anything else to change otherwise I think we can merge it.

I have removed the old BSC configuration sections as well as the monitoring. Until we have a way to reach the BMC in the new location it doesn't make much sense to have the monitoring constantly failing to reach fox. The machine is still not reachable via the UPC public IP despite the UPC sysadmin team claiming it would take "a couple of days" to be connected. @abonerib let me know if there is anything else to change otherwise I think we can merge it.
abonerib approved these changes 2025-06-02 10:01:06 +02:00
rarias force-pushed lobotomize-fox from 14f3150721 to 9f43a0e13b 2025-06-02 11:27:14 +02:00 Compare
rarias manually merged commit 9f43a0e13b into master 2025-06-02 11:28:55 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
arocanon
abonerib
Labels
Clear labels
ceph
ci
config
hw
io
kernel
mpi
net
nix
ops
repair
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
abonerib arocanon varcila rarias
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: rarias/jungle#105
No description provided.
Delete Branch "lobotomize-fox"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?