Page MenuHomePhabricator
Create Task
Maniphest T331706

Migrate Mailman/lists to Bullseye/Bookworm
Open, MediumPublic
Actions

Description

lists1001 is still on Buster. Many of the components comprising the Mailman setup are actually as recent as Bullseye (or even more recent/patched), so these need a closer look if we carry local patches etc. But in general from the Mailman perspective we're already quite close to Bullseye:

PackageVersion on lists1001Version in Bullseye
django-mailman31.3.5-2~bpo10+11.3.5-2
mailman-hyperkitty1.1.0-10~bpo10+11.1.0-10
mailman-suite0+20200530-2~bpo10+10+20200530-2
mailman33.3.3-1~bpo10+63.3.3-1
mailmanclient3.3.2-1~bpo10+23.3.2-1

There are various older considerations on use of public IPs covered at (https://phabricator.wikimedia.org/T278495), but it's probably useful to first upgrade lists1001 in place before moving to a new setup.

Details

Other Assignee
Arnoldokoth
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 10 2023, 9:35 AM
MoritzMuehlenhoff triaged this task as Medium priority.Mar 10 2023, 9:35 AM
Legoktm subscribed.Mar 11 2023, 2:55 AM

The packages were initially backports of the bullseye versions, but we have a bunch of random patches on top. On T286217#8572913 I wrote/suggested:

Our current Mailman deployment is a bunch of backported and forked debs with random patches thrown on top based on what we managed to fix upstream. It's not sustainable (as hopefully T286217#7406437 shows). Given that we need to get off buster anyways, I would suggest that we wait until the bookworm freeze gets more frozen and set up some lists1003 with normal Debian packages, and after some level of testing switch lists.wm.o over to the new host. The new version will have a new set of bugs, we either learn to live with them or patch via puppet.

Peachey88 subscribed.Mar 11 2023, 5:02 AM
MoritzMuehlenhoff renamed this task from Migrate Mailman/lists to Bullseye to Migrate Mailman/lists to Bullseye/Bookworm.Mar 15 2023, 9:29 AM
In T331706#8684669, @Legoktm wrote:

The packages were initially backports of the bullseye versions, but we have a bunch of random patches on top. On T286217#8572913 I wrote/suggested:

Our current Mailman deployment is a bunch of backported and forked debs with random patches thrown on top based on what we managed to fix upstream. It's not sustainable (as hopefully T286217#7406437 shows). Given that we need to get off buster anyways, I would suggest that we wait until the bookworm freeze gets more frozen and set up some lists1003 with normal Debian packages, and after some level of testing switch lists.wm.o over to the new host. The new version will have a new set of bugs, we either learn to live with them or patch via puppet.

That's a great idea. Work on getting the bookworm installer is ongoing ATM (T330495)

Peachey88 moved this task from Backlog to Shell/site on the Wikimedia-Mailing-lists board.Mar 18 2023, 5:39 AM
gerritbot added a comment.Mar 22 2023, 8:03 PM

Change 902182 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] lists: new server to test bookworm functionality

https://gerrit.wikimedia.org/r/902182

gerritbot added a project: Patch-For-Review.Mar 22 2023, 8:03 PM
gerritbot added a comment.Mar 22 2023, 8:05 PM

Change 902182 merged by JHathaway:

[operations/puppet@production] lists: new server to test bookworm functionality

https://gerrit.wikimedia.org/r/902182

Maintenance_bot removed a project: Patch-For-Review.Mar 22 2023, 8:11 PM
ops-monitoring-bot added a comment.Mar 23 2023, 2:29 PM

Cookbook cookbooks.sre.ganeti.reimage was started by jhathaway@cumin1001 for host lists1003.wikimedia.org with OS bullseye

ops-monitoring-bot added a comment.Mar 23 2023, 2:56 PM

Cookbook cookbooks.sre.ganeti.reimage started by jhathaway@cumin1001 for host lists1003.wikimedia.org with OS bullseye completed:

  • lists1003 (PASS)
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Set boot to disk
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/ganeti/reimage/202303231429_jhathaway_3111141_lists1003.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
jhathaway claimed this task.Mar 23 2023, 4:06 PM
gerritbot added a comment.Mar 23 2023, 8:16 PM

Change 902472 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] lists: Change role of lists1003

https://gerrit.wikimedia.org/r/902472

gerritbot added a project: Patch-For-Review.Mar 23 2023, 8:16 PM
gerritbot added a comment.Mar 23 2023, 8:21 PM

Change 902472 merged by JHathaway:

[operations/puppet@production] lists: Change role of lists1003

https://gerrit.wikimedia.org/r/902472

Maintenance_bot removed a project: Patch-For-Review.Mar 23 2023, 8:30 PM
gerritbot added a comment.Mar 23 2023, 8:47 PM

Change 902479 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] bookworm: use default mtail pkg

https://gerrit.wikimedia.org/r/902479

gerritbot added a project: Patch-For-Review.Mar 23 2023, 8:48 PM
gerritbot added a comment.Mar 23 2023, 8:50 PM

Change 902481 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] lists: allow lists1003 to grab a cert

https://gerrit.wikimedia.org/r/902481

gerritbot added a comment.Mar 23 2023, 8:52 PM

Change 902481 merged by JHathaway:

[operations/puppet@production] lists: allow lists1003 to grab a cert

https://gerrit.wikimedia.org/r/902481

gerritbot added a comment.Mar 23 2023, 9:35 PM

Change 902496 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] bookworm: Update spamassassin daemon name

https://gerrit.wikimedia.org/r/902496

gerritbot added a comment.Mar 23 2023, 9:54 PM

Change 902501 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] apache2: Use systemd provider

https://gerrit.wikimedia.org/r/902501

gerritbot added a comment.Mar 24 2023, 2:10 PM

Change 902479 merged by JHathaway:

[operations/puppet@production] bookworm: use default mtail pkg

https://gerrit.wikimedia.org/r/902479

gerritbot added a comment.Mar 24 2023, 2:42 PM

Change 902496 merged by JHathaway:

[operations/puppet@production] bookworm: Update spamassassin daemon name

https://gerrit.wikimedia.org/r/902496

gerritbot added a comment.Mar 24 2023, 6:55 PM

Change 902501 merged by JHathaway:

[operations/puppet@production] apache2: Use systemd provider

https://gerrit.wikimedia.org/r/902501

Maintenance_bot removed a project: Patch-For-Review.Mar 24 2023, 7:10 PM
gerritbot added a comment.Mar 24 2023, 7:30 PM

Change 902782 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] mtail: Update defaults for bookworm

https://gerrit.wikimedia.org/r/902782

gerritbot added a project: Patch-For-Review.Mar 24 2023, 7:30 PM
gerritbot added a comment.Mar 24 2023, 7:37 PM

Change 902782 merged by JHathaway:

[operations/puppet@production] mtail: Update defaults for bookworm

https://gerrit.wikimedia.org/r/902782

jhathaway added a subscriber: Ladsgroup.Mar 24 2023, 7:48 PM

@Legoktm and @Ladsgroup I have setup a new host, lists1003.wikimedia.org, on bookworm. All the software is installed and most of the bookworm issues have been sorted out. However, mailman3 is not starting, since as of yet it has no db grants. My thought was to grant readonly rights and see if that is sufficient?

Maintenance_bot removed a project: Patch-For-Review.Mar 24 2023, 8:11 PM
gerritbot added a comment.Mar 24 2023, 9:22 PM

Change 902808 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] Add an in place Debian upgrade script

https://gerrit.wikimedia.org/r/902808

gerritbot added a project: Patch-For-Review.Mar 24 2023, 9:22 PM
Ladsgroup added a comment.Apr 4 2023, 6:59 AM

I'll try to take a look at the grants (it's a bit unusual for me given that's behind haproxy) but while we are at it, can you increase number of CPUs? two CPUs is way too few and that has been biting us in certain parts of our back multiple times.

jhathaway added a comment.Apr 4 2023, 3:12 PM
In T331706#8753210, @Ladsgroup wrote:

I'll try to take a look at the grants (it's a bit unusual for me given that's behind haproxy) but while we are at it, can you increase number of CPUs? two CPUs is way too few and that has been biting us in certain parts of our back multiple times.

thanks @Ladsgroup, happy to increase the cpu count, any sense of what a good number would be?

MoritzMuehlenhoff added a comment.Apr 5 2023, 9:19 AM
In T331706#8755038, @jhathaway wrote:
In T331706#8753210, @Ladsgroup wrote:

I'll try to take a look at the grants (it's a bit unusual for me given that's behind haproxy) but while we are at it, can you increase number of CPUs? two CPUs is way too few and that has been biting us in certain parts of our back multiple times.

thanks @Ladsgroup, happy to increase the cpu count, any sense of what a good number would be?

I'd say let's double to four (current prod VMs have two) and we can easily increase further as needed.

Ladsgroup added a comment.Apr 5 2023, 10:44 AM

Yeah, I was about to say from the application point of view, the more the better, like why not 400? But I don't know the limitations the infra so I can't say where to stop. We probably should eventually move it to bare metal but before that someone needs to actually take ownership of it.

jhathaway added a comment.Apr 5 2023, 5:00 PM

I bumped the CPU count to four and as @MoritzMuehlenhoff mentioned we can always bump higher if the need arises.

gerritbot added a comment.Apr 17 2023, 1:46 PM

Change 902808 merged by JHathaway:

[operations/puppet@production] Add an in place Debian upgrade script

https://gerrit.wikimedia.org/r/902808

Maintenance_bot removed a project: Patch-For-Review.Apr 17 2023, 2:11 PM
gerritbot added a comment.Apr 20 2023, 9:11 PM

Change 910598 had a related patch set uploaded (by Ladsgroup; author: Amir Sarabadani):

[operations/puppet@production] mariadb: Add lists1003 grants for mailman dbs

https://gerrit.wikimedia.org/r/910598

gerritbot added a project: Patch-For-Review.Apr 20 2023, 9:11 PM
gerritbot added a comment.Apr 25 2023, 11:30 AM

Change 911847 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] httpd: always use systemd

https://gerrit.wikimedia.org/r/911847

gerritbot added a comment.Apr 27 2023, 12:28 PM

Change 911847 merged by Jbond:

[operations/puppet@production] httpd: always use systemd

https://gerrit.wikimedia.org/r/911847

Dzahn mentioned this in T336555: mailman3 discard_held_messages systemd script apparently failing since 2023-03-26.May 12 2023, 4:16 PM
Dzahn subscribed.

T336555 has been opened about alerts related to lists1003. Seems like expected though since this is still WIP.

Dzahn unsubscribed.May 12 2023, 4:20 PM
gerritbot added a comment.Jun 6 2023, 1:57 PM

Change 927684 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] lists: Use stock mailman3 on bookworm

https://gerrit.wikimedia.org/r/927684

gerritbot added a comment.Jun 6 2023, 6:11 PM

Change 927684 merged by JHathaway:

[operations/puppet@production] lists: Use stock mailman3 on bookworm

https://gerrit.wikimedia.org/r/927684

gerritbot added a comment.Dec 11 2023, 11:36 AM

Change 910598 abandoned by Ladsgroup:

[operations/puppet@production] mariadb: Add lists1003 grants for mailman dbs

Reason:

https://gerrit.wikimedia.org/r/910598

Maintenance_bot removed a project: Patch-For-Review.Dec 11 2023, 12:10 PM
eoghan added a project: collaboration-services.Apr 25 2024, 10:22 AM
eoghan moved this task from Incoming to Work in Progress (Tracking tasks) on the collaboration-services board.
LSobanski subscribed.Apr 25 2024, 3:59 PM

Updating the host ownership in the Puppet role should also be part of this task.

gerritbot added a comment.Apr 26 2024, 12:45 PM

Change #1024655 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] mailman: Take ownership of lists hosts

https://gerrit.wikimedia.org/r/1024655

gerritbot added a project: Patch-For-Review.Apr 26 2024, 12:45 PM
eoghan claimed this task.Apr 26 2024, 2:44 PM
eoghan updated Other Assignee, added: Arnoldokoth.
eoghan added a subscriber: jhathaway.
gerritbot added a comment.Apr 26 2024, 3:32 PM

Change #1024655 merged by EoghanGaffney:

[operations/puppet@production] mailman: Change ownership of lists hosts to sre-collab and rename

https://gerrit.wikimedia.org/r/1024655

Maintenance_bot removed a project: Patch-For-Review.Apr 26 2024, 7:04 PM
gerritbot added a comment.Apr 30 2024, 12:18 PM

Change #1025741 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] WIP: lists: Add lists role and public IPs to list2001

https://gerrit.wikimedia.org/r/1025741

gerritbot added a project: Patch-For-Review.Apr 30 2024, 12:18 PM
eoghan closed subtask T363572: Reimage physical lists hosts to have public IPs as Resolved.May 1 2024, 8:46 AM
gerritbot added a comment.May 1 2024, 2:58 PM

Change #1026157 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] lists: Add collaboration services as owner

https://gerrit.wikimedia.org/r/1026157

gerritbot added a comment.May 2 2024, 10:17 AM

Change #1026157 merged by EoghanGaffney:

[operations/puppet@production] lists: Add collaboration services as owner

https://gerrit.wikimedia.org/r/1026157

Dzahn mentioned this in T327068: Bullseye upgrade for remaining Collab hosts.Thu, May 16, 8:40 PM
gerritbot added a comment.Thu, May 23, 12:12 PM

Change #1025741 merged by EoghanGaffney:

[operations/puppet@production] lists: Add lists role to list2001

https://gerrit.wikimedia.org/r/1025741

Maintenance_bot removed a project: Patch-For-Review.Thu, May 23, 12:30 PM
Dzahn added a subtask: T283615: Make mailman3 work in the standby host (lists2001.wikimedia.org).Thu, May 23, 6:13 PM
Dzahn reopened subtask T283615: Make mailman3 work in the standby host (lists2001.wikimedia.org) as Open.
Dzahn changed the status of subtask T283615: Make mailman3 work in the standby host (lists2001.wikimedia.org) from Open to In Progress.
Jelto added a subtask: T365781: SystemdUnitFailed - gitlab1003, gitlab1004, lists2001.Fri, May 24, 7:31 AM
Jelto removed a subtask: T365781: SystemdUnitFailed - gitlab1003, gitlab1004, lists2001.
gerritbot added a comment.Fri, May 24, 1:21 PM

Change #1035777 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] lists: Don't try to remove the mtail user when monitoring is absent

https://gerrit.wikimedia.org/r/1035777

gerritbot added a project: Patch-For-Review.Fri, May 24, 1:21 PM
gerritbot added a comment.Fri, May 24, 1:35 PM

Change #1035777 merged by EoghanGaffney:

[operations/puppet@production] lists: Don't try to remove the mtail user when monitoring is absent

https://gerrit.wikimedia.org/r/1035777

gerritbot added a comment.Fri, May 24, 2:14 PM

Change #1035785 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] lists: Add lists2001/lists1004 as allowed hosts for acmechief

https://gerrit.wikimedia.org/r/1035785

gerritbot added a comment.Fri, May 24, 2:18 PM

Change #1035785 merged by EoghanGaffney:

[operations/puppet@production] lists: Add lists2001/lists1004 as allowed hosts for acmechief

https://gerrit.wikimedia.org/r/1035785

Maintenance_bot removed a project: Patch-For-Review.Fri, May 24, 2:31 PM
gerritbot added a comment.Tue, May 28, 10:06 AM

Change #1036610 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] lists: Migrate mailman VIPs from lists1001 -> lists1004

https://gerrit.wikimedia.org/r/1036610

gerritbot added a project: Patch-For-Review.Tue, May 28, 10:06 AM
gerritbot added a comment.Tue, May 28, 2:54 PM

Change #1036686 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] lists: Update the quickdatacopy to use /var/lib/mailman3

https://gerrit.wikimedia.org/r/1036686

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL