Page MenuHomePhabricator
Create Task
Maniphest T361591

Update pki project puppetmaster
Closed, ResolvedPublic
Actions

Description

All of cloud vps is being upgraded to puppet7 with new puppet infra. Each puppetmaster needs to be replaced with a version 7 puppetmaster, and then VMs upgraded to puppet7.

Your project contains the following v5 puppetmaster:

pki-pm.pki.eqiad1.wikimedia.cloud

Please take a moment to consider whether or not you stlil need this project puppetmaster. If you do, migrate with the following steps. Do not hesitate to ask for help from @Andrew or @taavi on IRC if you run into trouble.

In order to migrate:

  1. Make sure you have available quota to create a new g3.cores1.ram2.disk20 VM. If you need more space please open a quota ticket.
  1. Create a 5GB cinder volume (named <projectname>-puppetserver or similar) and mount it as /srv on the existing puppetmaster. Them on the existing puppetmaster:
$ sudo cp -a /var/lib/git /srv
$ mkdir /srv/puppet
$ sudo cp -a /var/lib/puppet/server /srv/puppet
  1. Unmount and detach the cinder volume
  2. Create a new VM for the v7 puppet server, using a flavor with at least 2GB of RAM and Debian Bookworm and a name with 'puppetserver' in it (rather than the deprecated 'puppetmaster'
  3. Mount the previously-created cinder volume at /srv on the new server
  4. Make the new VM a puppetserver by following directions at https://wikitech.wikimedia.org/wiki/Help:Project_puppetserver#Step_1:_Setup_a_puppetserver.

Puppet classes:

role::puppetserver::cloud_vps_project

hiera:

profile::puppet::agent::force_puppet7: true
puppetmaster: puppet
  1. Adjust ownership on the new puppetserver:
$ sudo chown -R gitpuppet /srv/git; chgrp -R gitpuppet /srv/git
$ sudo chown -R puppet /srv/puppet; chgrp -R puppet /srv/puppet
$ sudo run-puppet-agent; sudo run-puppet-agent
$ sudo systemctl restart puppetserver
$ sudo puppetserver-deploy-code
  1. Assuming that puppet is now running cleanly on the new puppetserver, move existing VMs to the new host with the hiera setting
puppetmaster: <new puppetserver fqdn>
  1. Finally, update clients of the new puppetserver with the hiera setting
profile::puppet::agent::force_puppet7: true

Debian Buster hosts will complain about not being able to install puppet7 but the warning is harmless for now.

Related Objects
Search...

Event Timeline

Andrew created this task.Apr 2 2024, 1:49 PM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptApr 2 2024, 1:49 PM
Andrew mentioned this in T351452: Migrate per-project Puppet servers to Puppet 7.Apr 2 2024, 1:50 PM
Andrew added subscribers: elukey, Volans, MoritzMuehlenhoff, Ladsgroup.Apr 2 2024, 1:56 PM
Andrew claimed this task.Tue, Apr 16, 4:02 PM

This project was managed by jbond -- for now I will do this upgrade.

Andrew closed this task as Resolved.Tue, Apr 16, 4:57 PM

puppetserver is upgraded but everything in this project is Buster so puppet 7 will be unhappy until that's fixed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL