Page MenuHomePhabricator
Create Task
Maniphest T168478

Keep wmflabs scoring boxes up-to-date
Closed, ResolvedPublic
Actions

Description

We're running very old versions of Jessie, https://tools.wmflabs.org/openstack-browser/project/ores, apparently without regular security updates. I'm not sure exactly what role our wmflabs boxes play, but there's no reason to tempt fate by skipping updates.

Details

SubjectRepoBranchLines +/-
wikilabels: Add zlib1g-dev package and cronjob to remove expired tasksoperations/puppetproduction+18 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

awight created this task.Jun 20 2017, 10:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 20 2017, 10:16 PM
ArielGlenn triaged this task as Medium priority.Jun 26 2017, 9:15 AM
ArielGlenn added a project: Cloud-VPS.
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJun 26 2017, 9:15 AM
faidon removed a project: SRE.Jun 28 2017, 12:36 PM
Paladox subscribed.Jun 28 2017, 1:12 PM
Halfak subscribed.Jun 29 2017, 3:02 PM

Weird. We have been getting restarts when there's a labs-wide kernel update. What makes you think we aren't getting updates and what should we do to get them?

Halfak moved this task from Unsorted to Maintenance/cleanup on the Machine-Learning-Team board.Jun 29 2017, 3:02 PM
Paladox added a comment.Jun 29 2017, 3:09 PM

@Halfak they update the labs machine that hosts the vm. So the machines got updated but not the vms.

Halfak added a comment.Jun 29 2017, 4:27 PM

I'm surprised to find out that we aren't getting regular updates on these vms. Why has that happened and how do we change it?

Paladox added a comment.Jun 29 2017, 4:32 PM

The only way to change that is to run a cron script that does apt-get update and then apt-get upgrade -y

Halfak added a subtask: T169247: Document recommended process for installing vendor provided package upgrades in Wikimedia VPS.Jun 29 2017, 4:46 PM
Halfak added a subscriber: bd808.

I've talked to @bd808 in #wikimedia-cloud and he doesn't think there's a best practice for this yet so I created T169247: Document recommended process for installing vendor provided package upgrades in Wikimedia VPS and set that as a blocked for this task.

Halfak added a project: ORES.Jun 29 2017, 4:48 PM
Ladsgroup changed the task status from Open to Stalled.Aug 2 2018, 5:43 PM
Ladsgroup subscribed.

It's blocked on T169247

Stashbot subscribed.Aug 22 2018, 11:52 AM

Mentioned in SAL (#wikimedia-cloud) [2018-08-22T11:52:34Z] <Amir1> spinning up wikilabels-02 (T168478)

Ladsgroup added a comment.Aug 22 2018, 1:00 PM

https://github.com/wikimedia/wikilabels-wmflabs-deploy/pull/49

gerritbot subscribed.Aug 22 2018, 1:44 PM

Change 454546 had a related patch set uploaded (by Ladsgroup; owner: Amir Sarabadani):
[operations/puppet@production] wikilabels: Add zlib1g-dev package and cronjob to remove expired tasks

https://gerrit.wikimedia.org/r/454546

gerritbot edited projects, added Patch-For-Review; removed Cloud-VPS.Aug 22 2018, 1:44 PM
Stashbot added a comment.Aug 22 2018, 6:12 PM

Mentioned in SAL (#wikimedia-cloud) [2018-08-22T18:12:55Z] <Amir1> redirecting traffic of labels.wmflabs.org from wikilabels-01.eqiad.wmflabs to wikilabels-02.eqiad.wmflabs (T168478)

Ladsgroup added a comment.Aug 22 2018, 6:19 PM

ores nodes are read-only while wikilabels nodes are read/write and contain sensitive information (database credentials, OAuth credentials). I made a new node and migrated the credential files and puppetized everything else so we can throw away VMs faster in future. I made a temporarily DNS proxy to expose the new node (wikilabels-02) to the outside and ran tests on it, when I was sure it writes to the database and OAuth works fine, I redirected the traffic to the new node but I keep the old node alive for a week in case anything happens.

gerritbot added a comment.Aug 24 2018, 11:23 AM

Change 454546 merged by Alexandros Kosiaris:
[operations/puppet@production] wikilabels: Add zlib1g-dev package and cronjob to remove expired tasks

https://gerrit.wikimedia.org/r/454546

awight unsubscribed.Mar 21 2019, 4:01 PM
Harej subscribed.Apr 3 2019, 12:44 AM

All of the VMs now run Debian Stretch. Yay!

Harej closed this task as Resolved.Apr 3 2019, 12:45 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL