Phabricator: Make sure phabricator works properly including our puppet roles on jessie
Open, HighPublic

Description

This task is about making sure phabricator is ready for jessie including our phabricator puppet roles.

This task is high priority for the the iridium to a new machine with debian jessie (phab1001) T156970

Paladox created this task.Feb 17 2017, 4:56 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 17 2017, 4:56 PM
Paladox moved this task from To Triage to Backlog on the Phabricator board.Feb 17 2017, 4:57 PM
Paladox updated the task description. (Show Details)Feb 17 2017, 5:01 PM
Paladox triaged this task as High priority.Feb 17 2017, 5:40 PM
Dzahn added a comment.Feb 22 2017, 9:44 PM

puppet run LOOKS like it works, but ssh-phab service not started for real:

@phab2001:~# puppet agent -tv
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for phab2001.codfw.wmnet
Info: Applying configuration version '1487799292'
Notice: /Stage[main]/Phabricator::Vcs/Service[ssh-phab]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Phabricator::Vcs/Service[ssh-phab]: Unscheduling refresh on Service[ssh-phab]
Notice: Finished catalog run in 17.59 seconds
root@phab2001:~# systemctl status ssh-phab
● ssh-phab.service - Phabricator Secure Shell server
   Loaded: loaded (/etc/systemd/system/ssh-phab.service; disabled)
   Active: failed (Result: start-limit) since Wed 2017-02-22 21:41:39 UTC; 45s ago
  Process: 34620 ExecStart=/usr/sbin/sshd -D -f<%= @sshd_config %> (code=exited, status=1/FAILURE)
Dzahn added a comment.Feb 22 2017, 9:47 PM

13:46 <mutante> Process: 34620 ExecStart=/usr/sbin/sshd -D -f<%= @sshd_config %> (code=exited, status=1/FAILURE)
13:47 <mutante> ExecStart=/usr/sbin/sshd -D -f/etc/ssh/sshd_config.phabricator

^ missing space after -f and before path to config file

puppet changes it back:

-ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_config.phabricator
+ExecStart=/usr/sbin/sshd -D -f/etc/ssh/sshd_config.phabricator

Change 339312 had a related patch set uploaded (by Dzahn):
phabricator: fix missing space in sshd-phab unit file

https://gerrit.wikimedia.org/r/339312

Change 339312 merged by Dzahn:
phabricator: fix missing space in sshd-phab unit file

https://gerrit.wikimedia.org/r/339312

works now on phab2001

Notice: /Stage[main]/Phabricator::Vcs/Service[ssh-phab]/ensure: ensure changed 'stopped' to 'running'

● ssh-phab.service - Phabricator Secure Shell server

Loaded: loaded (/etc/systemd/system/ssh-phab.service; disabled)
Active: active (running) since Wed 2017-02-22 22:32:09 UTC; 1min 51s ago

Change 339763 had a related patch set uploaded (by Paladox; owner: Paladox):
Phabricator: Migrate to base::service_unit for ssh-phab

https://gerrit.wikimedia.org/r/339763

Change 340158 had a related patch set (by Paladox) published:
Phabricator: Migrate to base::service_unit for phd

https://gerrit.wikimedia.org/r/340158

Change 340242 had a related patch set uploaded (by Paladox; owner: Paladox):
Phabricator: Fix phd not starting up after reboot if it was previously stopped

https://gerrit.wikimedia.org/r/340242

Change 340242 merged by Dzahn:
Phabricator: Fix phd not starting up after reboot if it was previously stopped

https://gerrit.wikimedia.org/r/340242

demon removed a subscriber: demon.Feb 28 2017, 11:24 PM

Change 341589 had a related patch set uploaded (by Dzahn):
[operations/puppet] phabricator: fix file names of systemd/upstart templates

https://gerrit.wikimedia.org/r/341589

Change 341589 merged by Dzahn:
[operations/puppet] phabricator: fix file names of systemd/upstart templates

https://gerrit.wikimedia.org/r/341589

Change 339763 merged by Dzahn:
[operations/puppet] Phabricator: Migrate to base::service_unit for ssh-phab

https://gerrit.wikimedia.org/r/339763

Change 341598 had a related patch set uploaded (by Paladox):
[operations/puppet] Phabricator: Fix incorrect path to chown

https://gerrit.wikimedia.org/r/341598

Change 341598 merged by Dzahn:
[operations/puppet] Phabricator: Fix incorrect path to chown

https://gerrit.wikimedia.org/r/341598

Mentioned in SAL (#wikimedia-operations) [2017-03-07T20:27:22Z] <mutante> phab2001 - phab-ssh service converted to base::service_unit and with working systemd unit file. 'systemctl ssh-phab status' is active (running) (T158434)

I believe that we now have full support for debian jessie as far as i can tell. No errors are showing that i see but i may be wrong. systemd phd and systemd ssh-phab work including on rebooting the server without having to run the commands to start them. https://phab-01.wmflabs.org/ has been running fine since all the merges :)

Repo's work including importing.

Dzahn added a comment.Mar 7 2017, 8:50 PM

I believe that we now have full support for debian jessie as far as i can tell.

Gotta wait at least for the phd service change.

[phab2001:~] $ systemctl status phd
● phd.service - phabricator-phd
   Loaded: loaded (/etc/systemd/system/phd.service; disabled)
   Active: failed (Result: exit-code) since Thu 2017-02-16 22:04:03 UTC; 2 weeks 4 days ago
 Main PID: 140475 (code=exited, status=143)

Warning: Unit file changed on disk, 'systemctl daemon-reload' recommended.
Dzahn added a comment.Mar 7 2017, 8:52 PM

..or we need to make the Icinga check smarter to only run on the "active server" with a Hiera setting, if phd is not supposed to run all the time.

Change 340158 merged by Dzahn:
[operations/puppet] Phabricator: Migrate to base::service_unit for phd

https://gerrit.wikimedia.org/r/340158

This is currently working in labs. But we will see if it actually works when phab1001 is setup to replace iridium T163938 :)

I will keep this open just in case further fixes need happening.

Paladox removed a subscriber: gerritbot.
Dzahn added a comment.May 5 2017, 4:42 PM

@Paladox By "this" you mean that you can currently take a jessie labs instance, apply the same puppet role used in prod (role phabricator::main) and it will work and get you a Phabricator install? If that is correct it can be closed now and is resolved.

There is not going to be a change to that because iridium gets reinstalled as phab1001 since phab2001 is already on jessie and using the same role, both servers share a single regex in site.pp, so they _can't_ be different.

Ok. I haven't tested by making a new instance. But everything looks in working order. I can run systemd phd and ssh-phab. Loading phbricator's website works.

Paladox closed this task as Resolved.May 5 2017, 4:43 PM
Paladox claimed this task.
Dzahn added a comment.May 5 2017, 4:45 PM

Well, if you haven't tested, then please don't claim it works, reopen and test it.

Dzahn reopened this task as Open.May 5 2017, 4:45 PM

Well, if you haven't tested, then please don't claim it works, reopen and test it.

I have an instance running jessie with phabricator. What i haven't tested is to create a new instance and apply the phabricator class.

I still don't think it works 100% without a little manual intervention. It's damn close though.