feat: remove public ip for app and db servers #4402
Conversation
Codecov Report❌ Patch coverage is ❌ Your patch check has failed because the patch coverage (33.33%) is below the target coverage (75.00%). You can increase the patch coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## develop #4402 +/- ##
===========================================
- Coverage 50.81% 50.74% -0.07%
===========================================
Files 846 848 +2
Lines 67670 67842 +172
Branches 284 284
===========================================
+ Hits 34387 34428 +41
- Misses 33255 33386 +131
Partials 28 28
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
bruh - prolly in tests we dont set public ips? will have to have a proper look |
phot0n
force-pushed
the
remove-pub-ip
branch
2 times, most recently
from
f157290 to
17100b6
Compare
phot0n
changed the title
phot0n
force-pushed
the
remove-pub-ip
branch
4 times, most recently
from
e5e848a to
ab948ca
Compare
|
wth did i break lol |
* also consider the end server's private ip
…le in get_jobs_id
* also enable the field if no other proxy in the cluster has it enabled
…trollers * also add method for provisioning secondary private ip (for nat server)
* also cleanup the bastion logic by using any proxy server in the cluster
* also consider app and db servers with only private ip for monitoring using proxy server
* chore(agent): adding check for in_test in _get_request_url
* use proxy server which is active as bastion/jump for ansible
| ids = ",".join(agent_job_ids) if isinstance(agent_job_ids, (list, tuple)) else agent_job_ids | ||
| return self.get(f"agent-jobs/{ids}") |
There was a problem hiding this comment.
dunno why this started failing just now
| "Type": "A", | ||
| "TTL": 3600 if self.doctype == "Proxy Server" else 300, | ||
| "ResourceRecords": [{"Value": self.ip}], | ||
| "ResourceRecords": [{"Value": self.ip or self.private_ip}], |
| "Proxy Server", | ||
| {"status": "Active", "cluster": cluster, "use_as_proxy_for_agent_and_metrics": 1}, | ||
| ) | ||
|
|
There was a problem hiding this comment.
should we error out here if we dont get a proxy?
…ve halt agent jobs checked
| server_ip, server_private_ip = frappe.db.get_value( | ||
| self.server_type, self.server, ("ip", "private_ip") | ||
| ) | ||
| if not server_ip and server_private_ip and not frappe.flags.in_test: |
There was a problem hiding this comment.
i dont like that i have to resort to in_test flag for the tests to pass
but in our tests i think we by default dont set any public ip
There was a problem hiding this comment.
should i fix the tests? or should i rely on this flag?
There was a problem hiding this comment.
maybe i should have another flag?
…ary if set on primary * also fix security group port opening logic only if the provider is AWS
| - name: Create Netplan configuration for secondary IP | ||
| copy: | ||
| dest: /etc/netplan/60-secondary-ip.yaml | ||
| mode: '0644' | ||
| content: | | ||
| network: | ||
| dhcp4: true | ||
| ethernets: | ||
| {{ network_interface.stdout }}: | ||
| dhcp4: true | ||
| addresses: | ||
| - {{ primary_ip }}/16 | ||
| - {{ secondary_ip }}/16 | ||
| when: secondary_ip is defined and secondary_ip | ||
|
|
||
| - name: Apply Netplan | ||
| command: netplan apply | ||
| when: secondary_ip is defined and secondary_ip |
There was a problem hiding this comment.
There was a problem hiding this comment.
we can also do sudo ip addr add {{secondary_ip}}/16 dev eth0
1 participant
addresses: #4386
agent: frappe/agent#412
need to implement the nat failover (maybe automatic?) - will do it in a separate pr - have the base for it by using a secondary private ip in this pr itself