Page MenuHomePhabricator
Create Task
Maniphest T136168

Switch toollabs-webservice to be deployed with an actual deployment mechanism
Closed, DeclinedPublic
Actions

Description

Debs + ensure => latest is a ticking time bomb when running code that should be the same across the entire cluster, and it blew up in our face this time. Let's switch to something else that does actual deployments.

Related Objects
Search...

Event Timeline

yuvipanda created this task.May 25 2016, 6:58 AM
scfc mentioned this in T136162: Investigate Tool Labs webservice outage on 2016-05-25.May 26 2016, 12:25 AM
scfc added a subscriber: scfc.May 26 2016, 12:28 AM
In T136162#2328765, @scfc wrote:

I don't think this deserves major action, and T136168 can't prevent it. If software needs to be updated on multiple hosts, regardless of any deployment method, there will be a time frame where host A will run version X and host B will run version X + 1. Therefore whether it's MediaWiki or some other application, good practice is to make version X + 1 backwards-compatible with version X, deploy X + 1, and once that is running everywhere, the compatibility mode can be disabled/dropped aka new features can be used.

We've used that process in the past, here we missed it once, so let's make a mental note and move on.

valhallasw moved this task from Triage to Backlog on the Toolforge board.May 27 2016, 11:08 AM
greg added a project: Wikimedia-Incident.Jul 27 2016, 10:47 PM
greg moved this task from Active investigation to Follow-up prevention on the Wikimedia-Incident board.Jul 27 2016, 10:53 PM
greg added a subscriber: greg.Sep 29 2016, 7:41 PM

This follow-up task from an incident report has not been updated recently. If it is no longer valid, please add a comment explaining why. If it is still valid, please prioritize it appropriately relative to your other work. If you have any questions, feel free to ask me (Greg Grossmeier).

Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:42 PM
Legoktm added a subscriber: Legoktm.Aug 14 2018, 12:38 AM

I just ran into this, specifically the ensure => latest. I didn't realize that by uploading a new deb it would instantly be upgraded.

I *do* think that debs are the ideal deployment mechanism here, but not with ensure => latest. Just => present, combined with a manual cumin command to upgrade it everywhere plus the rebuild of docker images.

Imarlier added a subscriber: Imarlier.Aug 14 2018, 4:56 PM

An alternative to =>present would be specifying an exact version (even having it as a hiera data object so that it's possible to upgrade a single server or environment). I've found that to be helpful in the past.

zhuyifei1999 added a subscriber: zhuyifei1999.Aug 14 2018, 5:04 PM
marilerr closed this task as Declined.Aug 24 2019, 3:32 AM
marilerr removed a project: Cloud-Services.
JJMC89 reopened this task as Open.Aug 24 2019, 3:35 AM
JJMC89 edited projects, added Cloud-Services; removed Toolforge.
JJMC89 edited projects, added Toolforge; removed Cloud-Services.
bd808 closed this task as Declined.Apr 21 2020, 4:41 PM
bd808 added a subscriber: bd808.

This is not a perfect system, but honestly reading the incident I agree with T136168#2328773 that this would not have had any effect.

Krinkle edited projects, added Sustainability (Incident Followup); removed Wikimedia-Incident.Apr 28 2020, 9:50 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL