infrastructure icon indicating copy to clipboard operation
infrastructure copied to clipboard
verified publisher icon adoptium

Dockerhost setup of dockerhost-osuosl-ubuntu2204-aarch64-1

Open Haroon-Khel opened this issue 3 years ago • 10 comments

The dockerhost dockerhost-osuosl-ubuntu2204-aarch64-1 is setup (with Ansible), but has only 1 centos8 container running.

Its container setup needs to be completed

Haroon-Khel avatar Mar 13 '23 11:03 Haroon-Khel

ref https://github.com/adoptium/infrastructure/issues/2975#issuecomment-1452097293

Haroon-Khel avatar Mar 13 '23 11:03 Haroon-Khel

(Noting also that CentOS8 is unsupported so we should even ditch the one that's currently on there :-) )

sxa avatar Mar 14 '23 14:03 sxa

This machine is mostly unused at present but is likely a good choice of test system for the work under #3368

sxa avatar Feb 13 '24 09:02 sxa

Just had a look at this machine. It has 8 cpus and a 80g disk. Seems a bit low to be used as a dockerhost machine no?

Haroon-Khel avatar Feb 14 '24 15:02 Haroon-Khel

Just had a look at this machine. It has 8 cpus and a 80g disk. Seems a bit low to be used as a dockerhost machine no?

It should be ok for hosting 2-4 containers - mostly as a backup in case of a problem with equinix. I think 80Gb is probably ok if we're not running builds on it sine the dockerstatic containers are pretty small.

sxa avatar Feb 15 '24 14:02 sxa

https://ci.adoptium.net/computer/test-docker-centos8-armv8-1/log and https://ci.adoptium.net/computer/test-docker-ubuntu2204-armv8-4/log, both of which are hosted on dockerhost-osuosl-ubuntu2204-aarch64-1, cannot connect. Connection times out

Haroon-Khel avatar Feb 23 '24 15:02 Haroon-Khel

I assume this isn't specific to jenkins and you can't establish a connection to that port from the comment line either? In which case it'll be a firewall issue - likely at the provider. If you got to the OSUOSL arm-openstack UI (Ping me via DM if you can't access it) then we'll need to either:

  1. adjust the default "security group" (see below) or define a new one with a suitable set of inbound (ingress) firewall holes - the screenshot below shows what it looks like currently):
  2. Create a new security group with a suitable set of holes and apply that to the dockerhost systems

image

sxa avatar Feb 27 '24 10:02 sxa

Im not sure if im reading it wrong, but the 3rd security rule suggests the firewall allows all inbound ipv4 to any port?

Either way, I added a specific rule to allow ipv4 traffic to port 2226 specifically (a port on which a docker container is running), and still no luck.

In the mean time I have changed the jenkins config of the 2 nodes to connect to the controller so we can have them running as nodes

https://ci.adoptium.net/computer/test-docker-centos8-armv8-1/ https://ci.adoptium.net/computer/test-docker-ubuntu2204-armv8-4/

Haroon-Khel avatar Mar 12 '24 17:03 Haroon-Khel

Remote IP Prefix in the 3rd security rule and your new one was blank, so it presumably wasn't accepting connections from any IP address. The test sxa rule in the screen shot below seems to allow 2226 to work (See ssh attempt below - feel free to delete that rule and adjust to add a small range in instead): image

sxa@fedora:~$ ssh 140.211.167.67 -l ubuntu -p 2226
The authenticity of host '[140.211.167.67]:2226 ([140.211.167.67]:2226)' can't be established.
ED25519 key fingerprint is SHA256:...

sxa avatar Mar 13 '24 09:03 sxa

Ah ok thanks. Ive now added a suitable rule which works. image

The 2 nodes are now able to connect properly

Haroon-Khel avatar Mar 13 '24 12:03 Haroon-Khel

Closing this as the dockerhost is completely setup

Haroon-Khel avatar Apr 24 '24 10:04 Haroon-Khel