[OOTB-infra] misdirecting honeycomb instance (@heiko)

[Heiko Robert]

Martin,

I requested for info to be able to help you to solve _your network / 
redirect problem. Please don't overload this actual thread with generic 
discussions. This costs time and energy we could spend in other stuff.
I'm totally fine to discuss VM concepts and products but let's do this 
in a separate thread to get things done. We need requirements if we have 
to make decisions. I still don't understand what you're trying to 
archive with the infrastructure. How should others? It would be much 
easier to provide you what you need and maybe expect if you describe the 
requirements.

For now please
* name the VM which needs to be bridged to the new virtual IP and 
provide login details
* name which VMs should be up and running and which could be deleted
* document as I requested for since this is independant from the 
hipervisor discussion but necessary to maintain this environment.

Thanks
Heiko



Am 12.06.2015 um 12:25 schrieb Martin Cosgrave:
> No those VMs are not all necessary, what you can see there are multiple
> attempts to try to use ESXi for something useful.
>
> Unfortunately:
> * foreman cannot control ESXi VMs, only full vsphere ones
> * jenkins can neither use ESXi slaves due to missing libraries in the
> free version
> * showcase was an early attempt to have a showcase server managed by
> foreman
> * qadci was supposed to be a 'quick and dirty CI' to try to use the
> resources for testing and CI, abandoned in favour of getting the release
> out in time. I don't think it has a running jenkins but whichever does
> have jenkins has multiple other services too
>
> I have said from the start that ESXi was a bad choice and we should have
> chosen an open virtualisation platform. In use it has been a horrible
> experience trying to get anything done at all with it. The restrictions
> on the product which led to this horribly contorted network topology we
> have now have made it all but impossible to actually do any work on the
> infrastructure unless you use Windows, which I do not. And having a
> windows vm *inside* the ESXi does not actually help much unless you can
> get in to it easily, which I could not until I set up my own vpn and a
> guacamole server to redirect the windows vm to my web browser.
>
> Daren mentioned that Honeycomb needs 'hardening', this is only due to
> the fact that the iptables script we used has a 'default open' policy
> for ports rather than 'default closed', which will be rectified as soon
> as I get the chance to work on it, but until that point it is handy for
> it to be behind the firewall. The machine in question is 'beehive'.
> Obviously 80 and 443 need to be open, and we also expose the various
> other ports like SMTP, FTP. Perhaps Daren can check out the full list of
> ports we expose, as I said I'm rather ill at the moment and I don't
> quite have the energy to track it down myself. (Nor do I have the energy
> for this conversation to be honest).
>
> Before we do this though we should stop as a group as a whole and think,
> since there is nothing of use on this infrastructure at the moment (and
> I have wasted upwards of a hundred hours trying to get it to be useful)
> maybe we should reconsider tearing it down and replacing it with a KVM
> setup instead.
>
> Martin
>
> PS please don't divert the conversation into redmine, if you feel the
> need to raise issues the agreed way is to use the github issues page for
> the ootb-infra project.