Setup new gpu01.rdu3.fedoraproject.org machine #13124

New issue

Closed

opened 2026-02-06 19:37:26 +00:00 by kevin · 9 comments

kevin commented 2026-02-06 19:37:26 +00:00

Owner

Copy link

Description of request

This is a new machine in the fedora-isolated vlan (10.16.179.x) with some gpus to be used for testing/building/etc things that require gpus.

We need to:

• Sort out it's drac license (I am working with IT on this now)
• Sort out what install is on the machine now and determine if it needs reprovisioning or not.
• Assign it a 10.16.179.x ip address in dns
• Get it an external ip and nat in ssh to it
• Add external ip to dns
• Setup a group to allow ssh/sudo access to the machine.

Coordinate with Gordon Messmer on the os/provisioning, etc.

### Description of request This is a new machine in the fedora-isolated vlan (10.16.179.x) with some gpus to be used for testing/building/etc things that require gpus. We need to: * Sort out it's drac license (I am working with IT on this now) * Sort out what install is on the machine now and determine if it needs reprovisioning or not. * Assign it a 10.16.179.x ip address in dns * Get it an external ip and nat in ssh to it * Add external ip to dns * Setup a group to allow ssh/sudo access to the machine. Coordinate with Gordon Messmer on the os/provisioning, etc.

kevin added the

points

03

Priority

Medium

labels 2026-02-06 19:40:24 +00:00

kevin added this to the Sprint ( 2026-02-09 to 2026-02-22 ) project 2026-02-06 19:40:29 +00:00

kevin modified the project from Sprint ( 2026-02-09 to 2026-02-22 ) to Sprint ( 2026-02-23 to 2026-03-08 ) 2026-02-22 22:37:13 +00:00

zlopez added

Priority

High

and removed

Priority

Medium

labels 2026-02-23 15:43:11 +00:00

kevin self-assigned this 2026-02-26 22:52:03 +00:00

kevin commented 2026-03-03 22:12:08 +00:00

Author

Owner

Copy link

ok. Finally we have the drac license sorted out. :)

Next we need to see how we want to move forward... The machine has a fedora 43 install on it right now, but of course we would prefer installing from a known kickstart and then configure with ansible.

However, we may need to sort out if all the hardware is working and how we might want to configure it.

ok. Finally we have the drac license sorted out. :) Next we need to see how we want to move forward... The machine has a fedora 43 install on it right now, but of course we would prefer installing from a known kickstart and then configure with ansible. However, we may need to sort out if all the hardware is working and how we might want to configure it.

kevin commented 2026-03-04 00:42:31 +00:00

Author

Owner

Copy link

infra/ansible#3189 is a first cut at configuration for this machine.

https://forge.fedoraproject.org/infra/ansible/pulls/3189 is a first cut at configuration for this machine.

kevin commented 2026-03-06 00:55:51 +00:00

Author

Owner

Copy link

ok, got the firmware on the machine mostly updated (but oddly it errors trying to automatically get the updates). I got the machine installed and ansiblized. I setup a sysadmin-gpu group with @gordonmessmer in it with access. You should be able to setup ssh per https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/sshaccess/ and then ssh gpu01.rdu3.fedoraproject.org (which will jump via bastion server) to the machine...

@gordonmessmer can you confirm you can get in and have at least for now what you need on the machine?

ok, got the firmware on the machine mostly updated (but oddly it errors trying to automatically get the updates). I got the machine installed and ansiblized. I setup a sysadmin-gpu group with @gordonmessmer in it with access. You should be able to setup ssh per https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/sshaccess/ and then ssh gpu01.rdu3.fedoraproject.org (which will jump via bastion server) to the machine... @gordonmessmer can you confirm you can get in and have at least for now what you need on the machine?

gordonmessmer commented 2026-03-06 05:43:26 +00:00

Copy link

Either my local configuration is incorrect, or I do not have access. I've reviewed the ssh setup instructions and I think it's correct. I have an appropriate ssh config, known_hosts, and my key is present in my fas profile.

ssh gordonmessmer@gpu01.rdu3.fedoraproject.org -v does not successfully connect. I can see ssh reach the bastion, which has a matching ED25519-CERT host cert. ssh attempts key auth, and the server accepts the key, but the connection immediately drops.

debug1: Offering public key: /home/gmessmer/.ssh/id_ed25519 ED25519 SHA256:4S5gjIIunWkOjFKuNQAAYpU7UlnaKVuzJ1QAY8enlFU agent
debug1: Server accepts key: /home/gmessmer/.ssh/id_ed25519 ED25519 SHA256:4S5gjIIunWkOjFKuNQAAYpU7UlnaKVuzJ1QAY8enlFU agent
Connection closed by 2620:52:6:1121:bead:cafe:feed:fed1 port 22
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

I've also tried manually running ssh -v gordonmessmer@bastion.fedoraproject.org exec nc gpu01.rdu3.fedoraproject.org 22 which exits immediately with error code 255.

I think I probably don't have access to the bastion.

Either my local configuration is incorrect, or I do not have access. I've reviewed the ssh setup instructions and I think it's correct. I have an appropriate ssh config, known_hosts, and my key is present in my fas profile. `ssh gordonmessmer@gpu01.rdu3.fedoraproject.org -v` does not successfully connect. I can see ssh reach the bastion, which has a matching ED25519-CERT host cert. ssh attempts key auth, and the server accepts the key, but the connection immediately drops. ``` debug1: Offering public key: /home/gmessmer/.ssh/id_ed25519 ED25519 SHA256:4S5gjIIunWkOjFKuNQAAYpU7UlnaKVuzJ1QAY8enlFU agent debug1: Server accepts key: /home/gmessmer/.ssh/id_ed25519 ED25519 SHA256:4S5gjIIunWkOjFKuNQAAYpU7UlnaKVuzJ1QAY8enlFU agent Connection closed by 2620:52:6:1121:bead:cafe:feed:fed1 port 22 kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535 ``` I've also tried manually running `ssh -v gordonmessmer@bastion.fedoraproject.org exec nc gpu01.rdu3.fedoraproject.org 22` which exits immediately with error code 255. I think I probably don't have access to the bastion.

kevin commented 2026-03-06 17:41:13 +00:00

Author

Owner

Copy link

Ah, I think I see whats going on. I didn't add the new group to fedora-contributor...

Can you try again now?

Ah, I think I see whats going on. I didn't add the new group to fedora-contributor... Can you try again now?

kevin commented 2026-03-06 17:44:17 +00:00

Author

Owner

Copy link

Or wait, no, that wasn't it. New theory... I needed to run the playbook on bastion to pick up the new group.
Anyhow, try now?

Or wait, no, that wasn't it. New theory... I needed to run the playbook on bastion to pick up the new group. Anyhow, try now?

gordonmessmer commented 2026-03-06 17:56:09 +00:00

Copy link

Yes, I have a shell open now!

Do I have access to the ansible playbooks that manage the system? Can I open PRs to suggest changes?

Yes, I have a shell open now! Do I have access to the ansible playbooks that manage the system? Can I open PRs to suggest changes?

kevin commented 2026-03-06 18:09:40 +00:00

Author

Owner

Copy link

great!

yes, they are in our ansible repo, you can submit pr's. https://forge.fedoraproject.org/infra/ansible/src/branch/main/playbooks/groups/gpu.yml for the playbook. You can make a roles/gpu/ role for specific items for the host.

Also, if you like we can set it up so you can run that playbook yourself after changes. (but doing so right now requires me to change batcave01, which is frozen).

great! yes, they are in our ansible repo, you can submit pr's. https://forge.fedoraproject.org/infra/ansible/src/branch/main/playbooks/groups/gpu.yml for the playbook. You can make a roles/gpu/ role for specific items for the host. Also, if you like we can set it up so you can run that playbook yourself after changes. (but doing so right now requires me to change batcave01, which is frozen).

kevin commented 2026-03-06 18:26:31 +00:00

Author

Owner

Copy link

I guess we can close this now? Feel free to open a new ticket if there's any further adjustments to make...

Thanks again for your patience. It's been a long road on this peksy machine. :)

I guess we can close this now? Feel free to open a new ticket if there's any further adjustments to make... Thanks again for your patience. It's been a long road on this peksy machine. :)

kevin closed this issue 2026-03-06 18:26:31 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels   

announcement

  

anubis

Issues related to anubis

  

authentication

Authentication related issues

  

aws

Issues related to Amazon Web Services

  

backlog

Tasks that will take longer then ~4 hours to do

  

blocked

Issue is blocked

  

bodhi

Issues with Bodhi

  

ci

Continuous Integration

  

cloud

Items in FedoraInfraCloud or COmmunishift

  

communishift

issues/questions about os.edorainfracloud.org ( Community OpenShift)

  

copr

COPR system (run by other team)

  

database

Issues related to databases

  

day-to-day

These are small self contained tasks that are part of normal operations, but are async from sprint planning.

  

dc-move

Items related to datacenter move

  

deprecated

Tools which Infrastructure may not be able to fix

  

dev

Tasks requiring some dev work

  

discourse

outsourced tool

  

dns

Changes or problems with DNS

  

downloads

rsync,dl.fp.o,AWS,torrents

  

easyfix

  

epel

Issues relating to epel

  

firmitas

  

forgejo_migration

Request migration to the new forge

  

Gain

High

task that gets us a lot / is important / makes many people happy

  

Gain

Low

tasks that gets us little / isn't very important / makes only 1 person or few happy

  

Gain

Medium

task that gets us some / is somewhat important / makes some people happy

  

gitlab

  

greenwave

Issues with greenwave

  

hardware

Problem is with Fedora Infrastructure Owned/Leased Hardware

  

help wanted

  

high-trouble

task that is complex/long/difficult

  

koji

Issues with the build system

  

koschei

Items needing Koschei team

  

lists

issues with lists

  

low-trouble

task that is easy/short

  

medium-trouble

task that is medium complex / difficult

  

mirrorlists

Way to tell systems where downloads are

  

monitoring

  

Needs investigation

  

odcs

On Demand Compose Service issues

  

OpenShift

Issues with OpenShift

  

ops

ops problem now...

  

outage

  

packager_workflow_blocker

Blocks the packager workflow

  

pagure

Issues with pagure.io

  

permissions

Items which need permissions set in outside tools

  

Priority

Needs Review

Priority of Needs Review

  

Priority

Next Meeting

Priority of Next Meeting

  

Priority

🔥 URGENT 🔥

Priority of 🔥 URGENT 🔥

  

Priority

Waiting on Assignee

Priority of Waiting on Assignee

  

Priority

Waiting on External

Priority of Waiting on External

  

Priority

Waiting on Reporter

Priority of Waiting on Reporter

  

rabbitmq

issues with the message broker

  

release-monitoring

release-monitoring.org (Anitya)

  

releng

For problems which should be in the releng ticket system

  

request-for-resources

  

s390x

The secondary architecture hardware and problems related with it

  

security

  

SMTP

Email issues outside of lists (DMARC, SPF, aliases)

  

sprint-0

  

sprint-1

  

src.fp.o

Issues related to src.fedoraproject.org

  

staging

Issues in staging

  

unfreeze

Patches to be applied after freeze is lifted

  

waiverdb

Issues with waiverdb

  

websites-general

General items with a website focus

  

wiki

Issues with the Wiki

  

Backlog Status

Needs Review

Work items that have been created or updated but need review, refinement, or approval before they can be considered ready for sprint planning.

  

Backlog Status

Ready

Work items that have been reviewed, refined, and are ready to be committed to a sprint. These items have clear requirements and can be worked on immediately when capacity is available.

  

chore

Work that needs to be done but doesn't add new functionality or fix bugs. Maintenance tasks that keep the system running smoothly and the codebase clean.

  

documentation

Work focused on creating, updating, or improving documentation for users, developers, or system administrators.

  

points

01

A task that is simple, small, and has very little uncertainty. It should be easy enough for any team member to pick up and complete quickly, without a lot of discussion or research.

  

points

02

This is a task that is slightly more complex or larger than a "1." It might involve two or three simple steps, but the outcome is still very clear and there's little uncertainty.

  

points

03

Medium-sized task with some noticeable complexity. It might require a bit more thought or collaboration. The steps are well-defined, but it's not a trivial change.

  

points

05

A significant piece of work. It has more complexity and a higher degree of uncertainty than smaller tasks. It might require some research, a design discussion, or collaboration across multiple teams.

  

points

08

Complex task with a lot of uncertainty. It's often the largest size that a team will consider for a single sprint. It likely requires a detailed breakdown and multiple team members to complete.

  

points

13

Any task that feels like it's a "13" or more is considered an Epic. These are too large and uncertain to be worked on in a single sprint and should be broken down.

  

Priority

High

This is for work that is critical and needs to be addressed in the next sprint. It's often for urgent bugs, important features, or a major piece of technical debt that is blocking other work.

  

Priority

Low

This is for work that is good to do but not urgent. It's a candidate for being worked on when there's extra time or when it rises in importance. It can stay in the backlog for a longer period.

  

Priority

Medium

This is for important work that should be done soon, but isn't as urgent as a high-priority item. It will likely be considered for the next 1-2 sprints.

  

Sprint Status

Blocked

Work items that cannot progress due to external dependencies, blockers, or issues that need resolution.

  

Sprint Status

Done

Work items that have been completed, reviewed, and integrated. No further work is needed within the current sprint.

  

Sprint Status

In Progress

Work items currently being worked on by a team member. Active development, research, or implementation is happening.

  

Sprint Status

Review

Work items that are complete but need review, testing, or approval before being marked as done.

  

Sprint Status

To Do

Work items that are committed to the sprint but haven't been started yet. These items are ready to be picked up by team members.

  

Technical Debt

Work that addresses shortcuts, workarounds, or suboptimal implementations that were done previously to meet deadlines. These items improve code quality, maintainability, or performance without adding new features.

  

Work Item

Bug

Issues where the system is not working as intended or designed. Bugs represent deviations from expected behavior.

  

Work Item

Epic

Large initiatives that are broken down into multiple smaller work items (user stories, tasks, bugs). Epics represent significant features or projects that span multiple sprints.

  

Work Item

Spike

Time-boxed research, investigation, or proof-of-concept work to reduce uncertainty or explore solutions. Spikes help inform future development decisions.

  

Work Item

Task

Used to break down larger user stories into smaller, manageable implementation pieces. They focus on the specific technical steps needed to deliver the user story's value.

  

Work Item

User Story

User-facing features or functionality that can be framed from a user perspective, describing what someone wants to accomplish and why.

No labels

announcement

anubis

authentication

aws

backlog

blocked

bodhi

ci

cloud

communishift

copr

database

day-to-day

dc-move

deprecated

dev

discourse

dns

downloads

easyfix

epel

firmitas

forgejo_migration

Gain

High

Gain

Low

Gain

Medium

gitlab

greenwave

hardware

help wanted

high-trouble

koji

koschei

lists

low-trouble

medium-trouble

mirrorlists

monitoring

Needs investigation

odcs

OpenShift

ops

outage

packager_workflow_blocker

pagure

permissions

Priority

Needs Review

Priority

Next Meeting

Priority

🔥 URGENT 🔥

Priority

Waiting on Assignee

Priority

Waiting on External

Priority

Waiting on Reporter

rabbitmq

release-monitoring

releng

request-for-resources

s390x

security

SMTP

sprint-0

sprint-1

src.fp.o

staging

unfreeze

waiverdb

websites-general

wiki

Backlog Status

Needs Review

Backlog Status

Ready

chore

documentation

points

01

points

02

points

03

points

05

points

08

points

13

Priority

High

Priority

Low

Priority

Medium

Sprint Status

Blocked

Sprint Status

Done

Sprint Status

In Progress

Sprint Status

Review

Sprint Status

To Do

Technical Debt

Work Item

Bug

Work Item

Epic

Work Item

Spike

Work Item

Task

Work Item

User Story

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Sprint ( 2026-02-23 to 2026-03-08 )

Assignees

Clear assignees

No assignees

kevin

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

infra/tickets#13124

No description provided.