Re: help wanted, standing up mirroring sync proxies on public cloud

To: Julien Cristau <jcristau@debian.org>
Cc: Ross Vandegrift <rvandegrift@debian.org>, Noah Meyerhans <noahm@debian.org>, dsa@debian.org, debian-cloud@lists.debian.org
Subject: Re: help wanted, standing up mirroring sync proxies on public cloud
From: Ross Vandegrift <rvandegrift@debian.org>
Date: Wed, 8 Feb 2023 21:26:55 -0800
Message-id: <[🔎] 20230209052655.lby6cy5r5sgeqgrc@vanvanmojo.kallisti.us>
In-reply-to: <Y86009aFAWZgdvr/@carotte>
References: <YjMVdv1ha2K698oI@chou.cristau.org> <YjOSTy1ncmH7s+UY@localhost.localdomain> <YjOhl2JVXvTUtdkU@jcristau-z4> <20230118062259.qwrvo6fgwjqpssn3@vanvanmojo.kallisti.us> <Y86009aFAWZgdvr/@carotte>

Hi Julien,

On Mon, Jan 23, 2023 at 05:24:51PM +0100, Julien Cristau wrote:
> On Tue, Jan 17, 2023 at 22:22:59 -0800, Ross Vandegrift wrote:
> > It probably makes sense for the cloud team to own the cloud
> > infrastructure, and DSA to own the OS config and ongoing operations.  Is
> > this what you were thinking?
> > 
> I'm not sure what that means to be honest.

I meant that the coud team can provide the VM (and other things the
cloud provider will require), but won't handle ongoing operations inside
of the VM.

> > You mentioned doing two hosts in North America, did you have specific
> > regions in mind?  The most natural choices are probably Virginia and
> > Oregon in the US, and Quebec in Canada.  Info on other choices at [1].
> > 
> I think Virginia and Oregon would work.  (The immediate need is to
> replace syncproxy2.wna.debian.org (currently in California) and
> syncproxy.cna.debian.org (in Minnesota).)

We'd like to start with one host.  We want to use your use-case to make
hosting project infrastructure easier for us.  We'll focus on getting
this case how we want it, so hopefully it's easier to add a second one
later.

> > Do you care about the architecture?  arm64 would be a bit cheaper.  But
> > not so much cheaper that it'd be worth any DSA time.
> > 
> I don't *think* this matters much to us.  We haven't run a mirror on
> arm64 yet, and syncs can be both cpu and io hungry, so we'll have to
> see, but I'm happy to try it out.

Okay, great.  We're going to go ahead and work on deploying this.
Here's what we're going to deploy, please let us know if anything sounds
wrong:

- 8 cpu arm64, 16G of RAM (in AWS-speak: c6g.2xlarge)
- two disks:
  - root volume for the OS
  - data volume that can persist the data if the VM needs to be replaced
- ssh public keys for DSA configured for root
- prometheus-node-exporter to expose system metrics
  - we want to be able to monitor performance of hosted VMs, and
    will do the install with cloud-init when it's launched.

Do you have a list of hosts that should be permitted ssh access?

Thanks,
Ross

Reply to:

Follow-Ups:
- Re: help wanted, standing up mirroring sync proxies on public cloud
  - From: Bastian Blank <waldi@debian.org>
- Re: help wanted, standing up mirroring sync proxies on public cloud
  - From: Julien Cristau <jcristau@debian.org>
- Re: help wanted, standing up mirroring sync proxies on public cloud
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Moving AWS auth from IAM users to salsa.debian.org
Next by Date: Re: Next team meeting: 2023-02-08 20:00 UTC
Previous by thread: Re: Moving AWS auth from IAM users to salsa.debian.org
Next by thread: Re: help wanted, standing up mirroring sync proxies on public cloud
Index(es):
- Date
- Thread