Infrastructure

This document details the source, staging, and production environments involved in the migration.

MUSIT Source Infrastructure (Oracle)

Database Environments

Production

  • Hostname: dbora-musit-prod03.uio.no
  • IP Address: 129.240.118.168
  • Port: 1553 (Custom Oracle port)
  • Service Name: Environment-driven (ORACLE_PROD_SERVICE) and must match the listener registration.

Test / Development

  • Hostname: dbora-musit-utv03.uio.no
  • IP Address: 129.240.118.167
  • Service Name (SID): MUSTST
  • Port: 1553

Connection Pattern

Runtime connectivity checks in this repository use:

<host>:<port>/<service_name>

where values are read from:

  • ORACLE_TEST_HOST, ORACLE_TEST_PORT, ORACLE_TEST_SERVICE
  • ORACLE_PROD_HOST, ORACLE_PROD_PORT, ORACLE_PROD_SERVICE

Network & Access

  • Subnet: The MUSIT database cluster resides on the 129.240.118.x subnet.
  • Access Control:
    • Direct access to this subnet is restricted.
    • Machine-specific firewall whitelisting or a privileged admin VPN profile is required for connectivity.
    • DNS Resolution is available internally on the UiO network.

Connectivity Verification (Current Runbook Signals)

Recent in-cluster Prefect connectivity checks show:

  • TEST: connection attempts can fail with Connection refused (DPY-6005), indicating network path/listener availability issues.
  • PROD: host/port are reachable, but connection behavior depends on Oracle listener service configuration and server-side policies.
  • Encryption Policy: production-side native network encryption/integrity requirements require python-oracledb thick mode in the runtime image.

These checks are runtime-dependent and should be revalidated through the current Prefect flow logs.

Sigma2 Resources (Staging)

We plan to use Sigma2 for the staging environment and computation.

Application Details

  • Architecture: Kubernetes cluster hosting Dockerized microservices. (See Kubernetes Deployment for details).
  • Components:
    • Specify 7: Live web application instance for validation and user acceptance testing.
    • MariaDB: Database container acting as the staging storage.
    • Migration Runners: Python workers executing the ETL pipeline.
    • Nginx/Ingress: For routing traffic to the Specify interface.
  • Target Resources: Storage (NIRD) and Compute (NIRD Service Platform).

Network Configuration (Firewall Whitelisting)

To allow migration scripts running on Sigma2 to connect to the MUSIT Oracle database, the following Sigma2 IP ranges must be whitelisted in the USIT/MUSIT firewall.

Source: Sigma2 License and Access Policies

SAGA Cluster

  • IPv4:
    • 158.36.42.32/28
    • 158.36.42.48/28
  • IPv6:
    • 2001:700:4a01:10::/64
    • 2001:700:4a01:21::/64

BETZY Cluster

  • IPv4:
    • 158.36.154.0/28
    • 158.36.154.16/28
  • IPv6:
    • 2001:700:4a01:23::/64
    • 2001:700:4a01:24::/64

NIRD Service Platform (NIRD-SP)

  • Confirmed Range: 158.36.102.139 - 158.36.102.150
  • Confirmed By: Sigma2 Support

IP List for Firewall Whitelisting:

158.36.102.139
158.36.102.140
158.36.102.141
158.36.102.142
158.36.102.143
158.36.102.144
158.36.102.145
158.36.102.146
158.36.102.147
158.36.102.148
158.36.102.149
158.36.102.150

Note: This is a dynamic pool of 12 IP addresses. All addresses above must be whitelisted to ensure the migration runner can always connect to the MUSIT Oracle database.

AWS Production

The final destination for the data is a Specify instance hosted on AWS.

  • Region: France (EU West / Paris likely).
  • Role: Production Specify instance.
  • Synchronization: Automated sync from the Sigma2 staging environment.
This site uses Just the Docs, a documentation theme for Jekyll.