Page MenuHomePhabricator
Create Task
Maniphest T124261

move releases.wm.org to bromine (was: request VM for releases.wm.org)
Closed, ResolvedPublic
Actions

Description

requesting a VM to replace physical server caesium.eqiad.wmnet

it currently hosts nothing except releases.wikimedia.org ..all it needs is an Apache

i would like to keep it a separate VM though and not put it on other existing VMs. one reason being different admin groups who have access

Labs Project Tested: caesium.eqiad.wmnet
Site/Location: eqiad (both?)
Number of systems: 1
Service: releases.wikimedia.org
Networking Requirements: internal (misc-web backend)
Processor Requirements: 1
Memory: 1GB
Disks: 20GB
Other Requirements: jessie

Details

SubjectRepoBranchLines +/-
admin: replace caesium with bromine in enforce-users-groups.shoperations/puppetproduction+1 -1
releases: switch reprepro upload server to bromineoperations/puppetproduction+1 -1
varnish/misc-web: switch releases to bromine backendoperations/puppetproduction+1 -1
releases: make Apache config work with 2.4operations/puppetproduction+5 -0
releases: also rsync /home dirs with user toolsoperations/puppetproduction+6 -0
releases: add ferm rule to allow rsync to bromineoperations/puppetproduction+6 -0
releases: setup rsyncd to copy release filesoperations/puppetproduction+14 -14
releases: add role on bromineoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Dzahn created this task.Jan 21 2016, 1:23 AM
Dzahn claimed this task.
Dzahn raised the priority of this task from to Needs Triage.
Dzahn updated the task description. (Show Details)
Dzahn added a project: SRE.
Dzahn added a project: vm-requests.
Dzahn set Security to None.
Dzahn added subscribers: Aklapper, StudiesWorld, MoritzMuehlenhoff, Dzahn.
Dzahn removed Dzahn as the assignee of this task.Jan 21 2016, 1:27 AM
Dzahn updated the task description. (Show Details)
Dzahn added a subscriber: mark.

@mark should we have a second one of this in codfw as well? so we can switch over DCs and still have releases.wm.org up ?

akosiaris subscribed.Jan 22 2016, 5:20 PM

@Dzahn, since we will be doing this anyway, doing it twice for codfw as well, doesn't seem to be that much extra trouble so I say we do it. Correct me if I am wrong though.

I am a bit hazy though on the

i would like to keep it a separate VM though and not put it on other existing VMs. one reason being different admin groups who have access

care to elaborate ?

Dzahn added a comment.EditedJan 22 2016, 10:11 PM

@akosiaris I just wanted to avoid putting multiple "misc" sites/apps on the same server with the official releases. It would mean if one of them has an (security) issue the others might be affected too and the release packages seemed quite critical. And because releasers are a different set of shell users that need access but not necessarily to all the other sites.

Do you think it should go on an existing VM? Then i'd say at least bromine (it's for static sites) i guess that's fine, let's not use krypton though.

re: setting up another machine in codfw: ok, yep, i'd suggest we set up equivalents of bromine and krypton in codfw and apply the same roles.. it wouldn't take that much effort and we could still have all those misc. services too when we switch over

akosiaris added a comment.Jan 25 2016, 2:59 PM
In T124261#1957401, @Dzahn wrote:

@akosiaris I just wanted to avoid putting multiple "misc" sites/apps on the same server with the official releases. It would mean if one of them has an (security) issue the others might be affected too and the release packages seemed quite critical. And because releasers are a different set of shell users that need access but not necessarily to all the other sites.

Do you think it should go on an existing VM? Then i'd say at least bromine (it's for static sites) i guess that's fine, let's not use krypton though.

Yes, I am thinking that releases does not at this point in time warrant a separate VM, let's reuse bromine. I agree though with you krypton is not suitable.

re: setting up another machine in codfw: ok, yep, i'd suggest we set up equivalents of bromine and krypton in codfw and apply the same roles.. it wouldn't take that much effort and we could still have all those misc. services too when we switch over

I agree.

Dzahn claimed this task.Jan 26 2016, 5:23 PM
gerritbot subscribed.Jan 26 2016, 5:26 PM

Change 266531 had a related patch set uploaded (by Dzahn):
releases: add role on bromine

https://gerrit.wikimedia.org/r/266531

gerritbot added a project: Patch-For-Review.Jan 26 2016, 5:26 PM
gerritbot added a comment.Jan 26 2016, 5:30 PM

Change 266531 merged by Dzahn:
releases: add role on bromine

https://gerrit.wikimedia.org/r/266531

Dzahn added a comment.Jan 26 2016, 8:37 PM

had to adjust roles a bit so they dont conflict when applied on the same server, but now it's fine

https://gerrit.wikimedia.org/r/#/c/266546/
https://gerrit.wikimedia.org/r/#/c/266581/

Dzahn renamed this task from request VM for releases.wm.org to move releases.wm.org to bromine (was: request VM for releases.wm.org).Jan 26 2016, 10:12 PM
Dzahn added a comment.Jan 26 2016, 10:26 PM

@akosiaris It does mean that all shell users who are in "releasers-mediawiki" or "releasers-mobile" now get access to a machine with other misc. static services that they did not have before. I do not see this as a problem, but i wanted to mention it anyways to clarify.

gerritbot added a comment.Jan 26 2016, 10:37 PM

Change 266608 had a related patch set uploaded (by Dzahn):
releases: setup rsyncd to copy release files

https://gerrit.wikimedia.org/r/266608

gerritbot added a comment.Jan 26 2016, 10:40 PM

Change 266608 merged by Dzahn:
releases: setup rsyncd to copy release files

https://gerrit.wikimedia.org/r/266608

gerritbot added a comment.Jan 26 2016, 10:49 PM

Change 266613 had a related patch set uploaded (by Dzahn):
releases: add ferm rule to allow rsync to bromine

https://gerrit.wikimedia.org/r/266613

gerritbot added a comment.Jan 26 2016, 10:53 PM

Change 266613 merged by Dzahn:
releases: add ferm rule to allow rsync to bromine

https://gerrit.wikimedia.org/r/266613

Dzahn added a comment.Jan 26 2016, 10:56 PM

setup rsync, copying the release files over to bromine now ... running in screen ..

gerritbot added a comment.Jan 26 2016, 11:28 PM

Change 266616 had a related patch set uploaded (by Dzahn):
releases: also rsync /home dirs with user tools

https://gerrit.wikimedia.org/r/266616

gerritbot added a comment.Jan 26 2016, 11:38 PM

Change 266616 merged by Dzahn:
releases: also rsync /home dirs with user tools

https://gerrit.wikimedia.org/r/266616

Dzahn added subscribers: csteipp, demon.Jan 26 2016, 11:55 PM

@csteipp @demon This is the ticket re: moving the releases server. The purpose is to replace another Ubuntu system (caesium). The role for releases.wm.org is applied on bromine.eqiad.wmnet now, which is Debian jessie. (but it's also still on the existing server)

I have applied the puppet stuff so the Apache config etc has been created, had to make some minimal puppet fixes, now It has the releases.wm.org vhost. I used rsync to copy the entire /srv/org/wikimedia and also your /home dirs , so you have "releasetools" and all the tarballs etc like before.

I have _not_ switched the varnish config yet to give you some time to confirm it looks ok and nothing is missing.

So currently the status is: caesium is exactly like before but please feel free to login on bromine.eqiad.wmnet and confirm it works for you and looks like we could switch over and decom caesium some time soon.

Dzahn added a parent task: T123525: reduce amount of remaining Ubuntu 12.04 (precise) systems in production.Jan 27 2016, 12:25 AM
Dzahn mentioned this in T123714: Reinstall caesium (releases.wm.org) with jessie (and convert to VM).Jan 27 2016, 12:27 AM
Dzahn removed a project: Patch-For-Review.Jan 27 2016, 12:30 AM
Dzahn added subscribers: Catrope, hashar, Reedy and 6 others.
Dzahn added a comment.Jan 27 2016, 12:35 AM

Hi, if you have been subscribed to this ticket it's because you are a member in one of the "releasers-" admin groups and have shell access. This is fyi that the service releases.wikimedia.org is soon going to move from caesium.eqiad.wmnet over to bromine.eqiad.wmnet. You should already be able to login on the new server now but we have not made the switch yet. Please let me know if you see any issues with access or the new server. The change is that it used to be Ubuntu precise and is going to be Debian jessie. I have copied all release files from /srv/org and your /home's with rsync today and will run it one more time before we switch over the varnish config that actually changes which server is the backend of releases.wm.org.

akosiaris added a comment.Jan 27 2016, 11:16 AM
In T124261#1967740, @Dzahn wrote:

@akosiaris It does mean that all shell users who are in "releasers-mediawiki" or "releasers-mobile" now get access to a machine with other misc. static services that they did not have before. I do not see this as a problem, but i wanted to mention it anyways to clarify.

I don't either see a problem either in this specific situation. Thanks for clarifying it!

akosiaris removed a project: vm-requests.Jan 27 2016, 11:16 AM
Niedzielski added a comment.Jan 27 2016, 4:29 PM

@Dzahn, thanks for the heads up and quick summary. bromine works fine for me.

gerritbot added a comment.Jan 28 2016, 9:35 PM

Change 267148 had a related patch set uploaded (by Dzahn):
releases: make Apache config work with 2.4

https://gerrit.wikimedia.org/r/267148

gerritbot added a project: Patch-For-Review.Jan 28 2016, 9:35 PM
gerritbot added a comment.Jan 28 2016, 9:39 PM

Change 267148 merged by Dzahn:
releases: make Apache config work with 2.4

https://gerrit.wikimedia.org/r/267148

gerritbot added a comment.Jan 28 2016, 9:47 PM

Change 267151 had a related patch set uploaded (by Dzahn):
varnish/misc-web: switch releases to bromine backend

https://gerrit.wikimedia.org/r/267151

gerritbot added a comment.Jan 28 2016, 9:49 PM

Change 267151 merged by Dzahn:
varnish/misc-web: switch releases to bromine backend

https://gerrit.wikimedia.org/r/267151

gerritbot added a comment.Jan 28 2016, 11:09 PM

Change 267175 had a related patch set uploaded (by Dzahn):
releases: beautify directory index page

https://gerrit.wikimedia.org/r/267175

Dzahn added a comment.Jan 28 2016, 11:33 PM

the backend for this service has been switched over to bromine now.

in addition to subscriptions on this ticket i will send a mail to all "releasers" to let them know

Dzahn closed this task as Resolved.Jan 28 2016, 11:33 PM
Dzahn removed a project: Patch-For-Review.
Dzahn added a parent task: T125165: decom caesium.Jan 28 2016, 11:42 PM
Dzahn closed subtask T125164: make the releases.wm.org index page look nicer as Resolved.Jan 29 2016, 12:04 AM
gerritbot added a comment.Jan 29 2016, 10:56 PM

Change 267385 had a related patch set uploaded (by Dzahn):
releases: switch reprepro upload server to bromine

https://gerrit.wikimedia.org/r/267385

gerritbot added a project: Patch-For-Review.Jan 29 2016, 10:56 PM
gerritbot added a comment.Jan 29 2016, 10:59 PM

Change 267385 merged by Dzahn:
releases: switch reprepro upload server to bromine

https://gerrit.wikimedia.org/r/267385

gerritbot added a comment.Jan 29 2016, 11:13 PM

Change 267377 had a related patch set uploaded (by Dzahn):
admin: replace caesium with bromine in enforce-users-groups.sh

https://gerrit.wikimedia.org/r/267377

gerritbot added a comment.Jan 29 2016, 11:17 PM

Change 267377 merged by Dzahn:
admin: replace caesium with bromine in enforce-users-groups.sh

https://gerrit.wikimedia.org/r/267377

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL