Page MenuHomePhabricator
Create Task
Maniphest T340739

Create cookbook to migrate servers from the puppetmasters to puppetservers
Closed, ResolvedPublic
Actions

Description

i think we will at least need to do the following

  • clean the host from the old system
  • install new puppet agent
  • update config with relevant puppt7 config
  • run puppet
  • test

Details

SubjectRepoBranchLines +/-
sre.puppet.migrate-role: add new cookbook to migrate roles to puppet7operations/cookbooksmaster+115 -0
sre.ganeti.makevm: Add puppet-version arguments to makevmoperations/cookbooksmaster+3 -1
idp_test: migrate to puppet7operations/puppetproduction+1 -0
sre.puppet.migrate_host: migrate hosts from puppet5 to puppet7operations/cookbooksmaster+109 -0
stie.pp: move server to puppetserver roleoperations/puppetproduction+1 -2
stie.pp: move server back to insetupoperations/puppetproduction+2 -1
cluster::managment: add ssh fingerprints for new puppetserversoperations/puppetproduction+11 -0
puppetserver: prepare to migrate to new infrastructreoperations/puppetproduction+1 -0
puppetboard::bookworm: switch server to new puppet infrastructreoperations/puppetproduction+3 -1
puppetboard::bookworm: migrate to puppet7operations/puppetproduction+1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

jbond created this task.Jun 29 2023, 12:33 PM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptJun 29 2023, 12:33 PM
SLyngshede-WMF renamed this task from Creat cookbook to migrate serveres from the puppetmnasters to puppetservers to Creat cookbook to migrate serveres from the puppetmasters to puppetservers .Jul 3 2023, 1:59 PM
jbond triaged this task as Medium priority.Jul 4 2023, 1:03 PM
jbond edited projects, added Puppet-Core, SRE-tools; removed Puppet-Infrastructure.
gerritbot added a comment.Jul 4 2023, 1:15 PM

Change 935424 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetboard::bookworm: migrate to puppet7

https://gerrit.wikimedia.org/r/935424

gerritbot added a project: Patch-For-Review.Jul 4 2023, 1:15 PM

Change 935424 merged by Jbond:

[operations/puppet@production] puppetboard::bookworm: migrate to puppet7

https://gerrit.wikimedia.org/r/935424

gerritbot added a comment.Jul 4 2023, 1:22 PM

Change 935429 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetboard::bookworm: switch server to new puppet infrastructre

https://gerrit.wikimedia.org/r/935429

gerritbot added a comment.Jul 4 2023, 1:24 PM

Change 935429 merged by Jbond:

[operations/puppet@production] puppetboard::bookworm: switch server to new puppet infrastructre

https://gerrit.wikimedia.org/r/935429

jbond added a comment.Jul 4 2023, 1:29 PM

Theses are the manual steps i made to migrate puppetboard1003

  • Agent: update hiera to force puppet7
  • Agent: run puppet agent
  • Agent: upgrade puppet
  • Agent: update config to use new puppetserver and ca (in future this may be replaced by setting use_srv_records, we can probably do this when we set force_puppet7 as well)
  • Agent: run puppet
  • Agent: delete the ssl folder on the client sudo rm -rf /var/lib/puppet/ssl
  • Agent: run puppet with wait e.g. puppet agent -t -w 1 (this should generate a certificate on the ca server to sign)
  • puppet CA server: sign the new certtificate sudo puppetserver ca sign --certname $agent_fdqn
Volans subscribed.Jul 4 2023, 1:59 PM
In T340739#8988130, @jbond wrote:

Theses are the manual steps i made to migrate puppetboard1003

Evaluate calling before:
https://doc.wikimedia.org/spicerack/master/api/spicerack.puppet.html#spicerack.puppet.PuppetMaster.delete
https://doc.wikimedia.org/spicerack/master/api/spicerack.puppet.html#spicerack.puppet.PuppetMaster.destroy

manual

  • Agent: run puppet agent

https://doc.wikimedia.org/spicerack/master/api/spicerack.puppet.html#spicerack.puppet.PuppetHosts.run

  • Agent: upgrade puppet

https://doc.wikimedia.org/spicerack/master/api/spicerack.apt.html#spicerack.apt.AptGetHosts.install

manual

  • Agent: run puppet

https://doc.wikimedia.org/spicerack/master/api/spicerack.puppet.html#spicerack.puppet.PuppetHosts.run

  • Agent: delete the ssl folder on the client sudo rm -rf /var/lib/puppet/ssl
  • Agent: run puppet with wait e.g. puppet agent -t -w 1 (this should generate a certificate on the ca server to sign)

https://doc.wikimedia.org/spicerack/master/api/spicerack.puppet.html#spicerack.puppet.PuppetHosts.regenerate_certificate (for both)

  • puppet CA server: sign the new certtificate sudo puppetserver ca sign --certname $agent_fdqn

This might need some tweaking on the spicerack side, check spicerack.puppet.get_puppet_ca_hostname()
https://doc.wikimedia.org/spicerack/master/api/spicerack.puppet.html#spicerack.puppet.PuppetMaster.wait_for_csr
https://doc.wikimedia.org/spicerack/master/api/spicerack.puppet.html#spicerack.puppet.PuppetMaster.sign

Aklapper renamed this task from Creat cookbook to migrate serveres from the puppetmasters to puppetservers to Create cookbook to migrate servers from the puppetmasters to puppetservers.Jul 4 2023, 2:08 PM
gerritbot added a comment.Aug 29 2023, 2:03 PM

Change 953262 had a related patch set uploaded (by Jbond; author: jbond):

[operations/cookbooks@master] sre.puppet.migrate_host: migrate hosts from puppet5 to puppet7

https://gerrit.wikimedia.org/r/953262

gerritbot added a comment.Aug 30 2023, 2:07 PM

Change 953640 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver: prepare to migrate to new infrastructre

https://gerrit.wikimedia.org/r/953640

gerritbot added a comment.Aug 30 2023, 2:21 PM

Change 953640 merged by Jbond:

[operations/puppet@production] puppetserver: prepare to migrate to new infrastructre

https://gerrit.wikimedia.org/r/953640

gerritbot added a comment.Aug 30 2023, 2:25 PM

Change 953645 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] stie.pp: move server back to insetup

https://gerrit.wikimedia.org/r/953645

gerritbot added a comment.Aug 30 2023, 2:27 PM

Change 953645 merged by Jbond:

[operations/puppet@production] stie.pp: move server back to insetup

https://gerrit.wikimedia.org/r/953645

gerritbot added a comment.Aug 30 2023, 3:29 PM

Change 953683 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] cluster::managment: add ssh fingerprints for new puppetservers

https://gerrit.wikimedia.org/r/953683

gerritbot added a comment.Aug 30 2023, 3:43 PM

Change 953683 merged by Jbond:

[operations/puppet@production] cluster::managment: add ssh fingerprints for new puppetservers

https://gerrit.wikimedia.org/r/953683

gerritbot added a comment.Sep 7 2023, 12:00 PM

Change 955063 had a related patch set uploaded (by Jbond; author: Jbond):

[operations/puppet@production] stie.pp: move server to puppetserver role

https://gerrit.wikimedia.org/r/955063

gerritbot added a comment.Sep 7 2023, 12:03 PM

Change 955063 merged by Jbond:

[operations/puppet@production] stie.pp: move server to puppetserver role

https://gerrit.wikimedia.org/r/955063

gerritbot added a comment.Oct 9 2023, 12:42 PM

Change 953262 merged by jenkins-bot:

[operations/cookbooks@master] sre.puppet.migrate_host: migrate hosts from puppet5 to puppet7

https://gerrit.wikimedia.org/r/953262

gerritbot added a comment.Oct 24 2023, 12:44 PM

Change 967935 had a related patch set uploaded (by Jbond; author: jbond):

[operations/cookbooks@master] sre.puppet.migrate-role: add new cookbook to migrate roles to puppet7

https://gerrit.wikimedia.org/r/967935

gerritbot added a comment.Oct 24 2023, 12:44 PM

Change 968258 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] idp_test: migrate to puppet7

https://gerrit.wikimedia.org/r/968258

gerritbot added a comment.Oct 24 2023, 12:48 PM

Change 968258 merged by Jbond:

[operations/puppet@production] idp_test: migrate to puppet7

https://gerrit.wikimedia.org/r/968258

jbond changed the status of subtask T349619: Migrate roles to puppet7 from Open to In Progress.Oct 30 2023, 1:48 PM
gerritbot added a comment.Oct 30 2023, 2:29 PM

Change 969760 had a related patch set uploaded (by Jbond; author: jbond):

[operations/cookbooks@master] sre.ganeti.makevm: Add pppet-version arguments to makevm

https://gerrit.wikimedia.org/r/969760

gerritbot added a comment.Oct 30 2023, 3:25 PM

Change 969760 merged by jenkins-bot:

[operations/cookbooks@master] sre.ganeti.makevm: Add puppet-version arguments to makevm

https://gerrit.wikimedia.org/r/969760

gerritbot added a comment.Nov 2 2023, 11:02 AM

Change 967935 merged by jenkins-bot:

[operations/cookbooks@master] sre.puppet.migrate-role: add new cookbook to migrate roles to puppet7

https://gerrit.wikimedia.org/r/967935

jbond closed this task as Resolved.Nov 13 2023, 4:13 PM
jbond claimed this task.

this is complete

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL