Page MenuHomePhabricator

Backport etcd 2.2 to jessie
Closed, ResolvedPublic

Description

Etcd 2.2.x is packaged in debian unstable and should be backported to jessie for our internal use.

It will offer:

  • working intra-node encryption
  • ACLs

Event Timeline

Joe created this task.Nov 17 2015, 8:35 AM
Joe raised the priority of this task from to Normal.
Joe updated the task description. (Show Details)
Joe added subscribers: yuvipanda, Matanya, Aklapper and 4 others.
Joe claimed this task.Nov 23 2015, 3:26 PM
Joe set Security to None.
Joe added a comment.Nov 24 2015, 9:12 AM

The easiest way to do this is to just take the etcd package in stretch and include it in our repository as-is.

This will mean that we should, in order:

  1. remove etcdctl package declarations from puppet, substitute with the etcd package itself where appropriate
  2. apt-get remove etcdctl
  3. apt-get install the new etcd package.

While the majority of machines is on etcd 2.0, the newer servers will just not publish their url to the cluster; as soon as the proportion is reverted, the 2.2 ones will publish themselves and the 2.0 will fail.

I did test this in labs, what I didn't test is what happens if someone tries to write to the cluster while we're upgrading. I'm going to test that as well to make sure no harm is done.

Change 255088 had a related patch set uploaded (by Giuseppe Lavagetto):
etcd: remove package etcdctl

https://gerrit.wikimedia.org/r/255088

Change 255088 merged by Giuseppe Lavagetto:
etcd: remove package etcdctl

https://gerrit.wikimedia.org/r/255088

Joe closed this task as Resolved.Jan 12 2016, 2:54 PM
BBlack moved this task from Triage to Done on the Traffic board.Jan 13 2016, 3:00 PM