Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P15709
cloudgw_before_checklist.yaml
Active
Public
Actions
Authored by
aborrero
on May 4 2021, 11:21 AM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
cloud-services-team (Kanban)
Referenced Files
F34440131: cloudgw_before_checklist.yaml
May 4 2021, 11:21 AM
2021-05-04 11:21:46 (UTC+0)
Subscribers
aborrero
---
-
envvars
:
-
FLOATING_IP_VM
:
"dev.toolforge.org"
TOOLFORGE_BASTION
:
"login.toolforge.org"
NO_FLOATING_VM
:
"tools-k8s-worker-30.tools.eqiad1.wikimedia.cloud"
TOOLS_PUPPETMASTER
:
"tools-puppetmaster-02.tools.eqiad1.wikimedia.cloud"
TOOLSBETA_PUPPETMASTER
:
"toolsbeta-puppetmaster-04.toolsbeta.eqiad1.wikimedia.cloud"
---
# cloudgw pre-migration checklist!
-
name
:
basic ping to neutron addresses (DNS name)
tests
:
-
cmd
:
timeout -k5s 10s ping -c1 cloudinstances2b-gw.openstack.eqiad1.wikimediacloud.org >/dev/null
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
basic ping to neutron addresses (raw address)
tests
:
-
cmd
:
timeout -k5s 10s ping -c1 185.15.56.244 >/dev/null
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
VM (no floating IP) contacting the internet gets NAT'd using routing_source_ip
tests
:
-
cmd
:
ssh $NO_FLOATING_VM "curl -s ifconfig.me ; echo "
# this is routing_source_ip
stdout
:
"185.15.56.1"
retcode
:
0
stderr
:
""
-
name
:
VM (no floating IP) contacting an address covered by dmz_cidr doesn't get NAT'd
tests
:
-
cmd
:
ssh $NO_FLOATING_VM "curl -Is https://es.wikipedia.org | grep x-client-ip"
# this is the internal VM address
stdout
:
"x-client-ip:
172.16.0.241"
retcode
:
0
stderr
:
""
-
name
:
VM (using floating IP) is properly affected by dmz_cidr
tests
:
-
cmd
:
ssh $FLOATING_IP_VM "curl -s ifconfig.me ; echo"
# this is the VM floating IP address
stdout
:
"185.15.56.50"
retcode
:
0
stderr
:
""
-
cmd
:
ssh $FLOATING_IP_VM "curl -Is https://es.wikipedia.org | grep x-client-ip"
# this is the VM private address
stdout
:
"x-client-ip:
172.16.3.190"
retcode
:
0
stderr
:
""
-
name
:
VM (no floating IP) can contact auth DNS server
tests
:
-
cmd
:
ssh $NO_FLOATING_VM "dig +short toolforge.org @208.80.154.11"
# this the A apex record in the toolforge.org DNS domain zone
stdout
:
"185.15.56.11"
retcode
:
0
stderr
:
""
-
name
:
VM (no floating IP) can contact recursor DNS server
tests
:
-
cmd
:
ssh $NO_FLOATING_VM "dig +short www.basket.com @208.80.154.143 | wc -l"
# this a somewhat random IPv4 on the internet, so only check that we get "something"
stdout
:
"1"
retcode
:
0
stderr
:
""
-
name
:
VM (using floating IP) can contact auth DNS server
tests
:
-
cmd
:
ssh $FLOATING_IP_VM "dig +short toolforge.org @208.80.154.11"
# this the A apex record in the toolforge.org DNS domain zone
stdout
:
"185.15.56.11"
retcode
:
0
stderr
:
""
-
name
:
VM (using floating IP) can contact recursor DNS server
tests
:
-
cmd
:
ssh $FLOATING_IP_VM "dig +short www.basket.com @208.80.154.143 | wc -l"
# this a somewhat random IPv4 on the internet, so only check that we get "something"
stdout
:
"1"
retcode
:
0
stderr
:
""
-
name
:
VM (using floating IP) can contact LDAP server
tests
:
-
cmd
:
ssh $FLOATING_IP_VM 'ldapsearch -x whatever | grep -q ^"# numResponses"'
# grep is happy, we are too
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
VM (not using floating IP) can contact LDAP server
tests
:
-
cmd
:
ssh $NO_FLOATING_VM 'ldapsearch -x whatever | grep -q ^"# numResponses"'
# grep is happy, we are too
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
VM (using floating IP) can connect to wikireplicas
tests
:
-
cmd
:
ssh $FLOATING_IP_VM 'sudo -iu tools.arturo-test-tool sql enwiki "select * from page limit 2;" | grep page_id | wc -l'
stdout
:
"1"
retcode
:
0
stderr
:
""
-
name
:
Toolforge webservice can be accessed from the internet
tests
:
-
cmd
:
curl -f --no-progress-meter https://network-tests.toolforge.org/files/1MB.bin --output - | file -
stdout
:
"/dev/stdin:
data"
retcode
:
0
stderr
:
""
-
name
:
Toolforge bastions see herald file on project NFS
tests
:
-
cmd
:
timeout -k5s 60s ssh $FLOATING_IP_VM "file /mnt/nfs/labstore-secondary-tools-project/herald"
stdout
:
"/mnt/nfs/labstore-secondary-tools-project/herald:
ASCII
text"
retcode
:
0
stderr
:
""
-
cmd
:
timeout -k5s 60s ssh $TOOLFORGE_BASTION "file /mnt/nfs/labstore-secondary-tools-project/herald"
stdout
:
"/mnt/nfs/labstore-secondary-tools-project/herald:
ASCII
text"
retcode
:
0
stderr
:
""
-
name
:
VM (using floating IP) can contact openstack API
tests
:
-
cmd
:
ssh $FLOATING_IP_VM 'curl -s http://openstack.eqiad1.wikimediacloud.org:5000/v3 | grep -qo identity'
# grep is happy, we are too
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
VM (no floating IP) can contact openstack API
tests
:
-
cmd
:
ssh $NO_FLOATING_VM 'curl -s http://openstack.eqiad1.wikimediacloud.org:5000/v3 | grep -qo identity'
# grep is happy, we are too
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
puppetmasters can sync git tree
tests
:
-
cmd
:
ssh $TOOLS_PUPPETMASTER 'sudo git-sync-upstream 2>&1 | grep -q Up-to-date'
# grep is happy, we are too
stdout
:
""
retcode
:
0
stderr
:
""
-
cmd
:
ssh $TOOLSBETA_PUPPETMASTER 'sudo git-sync-upstream 2>&1 | grep -q Up-to-date'
# grep is happy, we are too
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
VM (using floating IP) can read dumps NFS
tests
:
-
cmd
:
ssh $FLOATING_IP_VM 'file /mnt/nfs/dumps-labstore1006.wikimedia.org/index.html | grep -q HTML'
stdout
:
""
retcode
:
0
stderr
:
""
-
name
:
VM (no floating IP) can read dumps NFS
tests
:
-
cmd
:
ssh $NO_FLOATING_VM 'file /mnt/nfs/dumps-labstore1006.wikimedia.org/index.html | grep -q HTML'
stdout
:
""
retcode
:
0
stderr
:
""
Event Timeline
aborrero
created this paste.
May 4 2021, 11:21 AM
2021-05-04 11:21:46 (UTC+0)
aborrero
mentioned this in
T270704: cloud: introduce new edge network architecture for eqiad1 and codfw1dev
.
Log In to Comment