Page MenuHomePhabricator
Create Task
Maniphest T171148

CI jobs are blocked because castor is unreachable
Closed, ResolvedPublic
Actions

Description

castor.integration.eqiad.wmflabs is no more reachable by SSH. Puppet has not been running for the last 10 days. It did not receive the new Puppet CA, that causes LDAP to fail:

2017-07-20T07:48:13.225792+00:00 castor nslcd[604]: [d89a32] <group/member="puppet"> no available LDAP server found: Server is unavailable
[09:48:58]  <hashar>	failed to bind to LDAP server ldap://ldap-labs.eqiad.wikimedia.org:389: Connect error: (unknown error code)

salt is broken as well, hence the instance is unreachable.

Details

SubjectRepoBranchLines +/-
Point Castor to castor02.integration.eqiad.wmflabsintegration/configmaster+3 -3
Revert "Disable castor entirely"integration/configmaster+39 -6
Disable castor entirelyintegration/configmaster+6 -39
Customize query in gerrit

Related Objects

Event Timeline

hashar created this task.Jul 20 2017, 7:53 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 20 2017, 7:53 AM
Stashbot subscribed.Jul 20 2017, 7:55 AM

Mentioned in SAL (#wikimedia-releng) [2017-07-20T07:55:05Z] <hashar> Refreshing all Jenkins jobs defined in JJB in order to then disable castor entirely for T171148

gerritbot subscribed.Jul 20 2017, 7:59 AM

Change 366520 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] Disable castor entirely

https://gerrit.wikimedia.org/r/366520

gerritbot added a project: Patch-For-Review.Jul 20 2017, 7:59 AM
Stashbot added a comment.Jul 20 2017, 8:00 AM

Mentioned in SAL (#wikimedia-releng) [2017-07-20T08:00:30Z] <hashar> Disabled castor entirely via https://gerrit.wikimedia.org/r/366520 . The instance is broken - T171148

Stashbot added a comment.Jul 20 2017, 8:25 AM

Mentioned in SAL (#wikimedia-operations) [2017-07-20T08:25:34Z] <hashar> CI is restored albeit in degraded mode (lack of Castor cache) - T171148

hashar added a comment.Jul 20 2017, 8:38 AM

From the console log, puppet-agent on boot reports:

SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: virt1000.wikimedia.org]

And salt does not work because it is apparently connected to the labs salt master instead of the CI salt master:

2017-07-20T08:28:16.753242+00:00 castor rc.local[533]: + '[' eqiad.wmflabs == eqiad.wmflabs ']'
2017-07-20T08:28:16.753460+00:00 castor rc.local[533]: + master=labs-puppetmaster-eqiad.wikimedia.org
2017-07-20T08:28:16.753595+00:00 castor rc.local[533]: + master_secondary=labs-puppetmaster-codfw.wikimedia.org
2017-07-20T08:28:16.753753+00:00 castor rc.local[533]: + '[' eqiad.wmflabs == codfw.wmflabs ']

In short the instance is completely broken. It is easier to just recreate it.

gerritbot added a comment.Jul 20 2017, 8:44 AM

Change 366520 merged by jenkins-bot:
[integration/config@master] Disable castor entirely

https://gerrit.wikimedia.org/r/366520

Stashbot added a comment.Jul 20 2017, 8:53 AM

Mentioned in SAL (#wikimedia-releng) [2017-07-20T08:53:56Z] <hashar> Created castor02.integration.eqiad.wmflabs with puppet role role::ci::castor::server and adding it to Jenkins. Will then update the Jenkins jobs to point to it - T171148

gerritbot added a comment.Jul 20 2017, 8:57 AM

Change 366523 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] Revert "Disable castor entirely"

https://gerrit.wikimedia.org/r/366523

gerritbot added a comment.Jul 20 2017, 8:57 AM

Change 366524 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] Point Castor to castor02.integration.eqiad.wmflabs

https://gerrit.wikimedia.org/r/366524

hashar claimed this task.Jul 20 2017, 8:59 AM
hashar triaged this task as Unbreak Now! priority.
Restricted Application added subscribers: Liuxinyu970226, Jay8g, TerraCodes. · View Herald TranscriptJul 20 2017, 8:59 AM
Stashbot added a comment.Jul 20 2017, 9:03 AM

Mentioned in SAL (#wikimedia-releng) [2017-07-20T09:03:12Z] <hashar> Restoring castorby updating all jobs to point to castor02 ( https://gerrit.wikimedia.org/r/366524 ) Starts with a cold cache :( - T171148

gerritbot added a comment.Jul 20 2017, 9:03 AM

Change 366523 merged by jenkins-bot:
[integration/config@master] Revert "Disable castor entirely"

https://gerrit.wikimedia.org/r/366523

gerritbot added a comment.Jul 20 2017, 9:03 AM

Change 366524 merged by jenkins-bot:
[integration/config@master] Point Castor to castor02.integration.eqiad.wmflabs

https://gerrit.wikimedia.org/r/366524

Stashbot added a comment.Jul 20 2017, 9:04 AM

Mentioned in SAL (#wikimedia-operations) [2017-07-20T09:04:11Z] <hashar> Restored CI cache storage (castor) on a fresh new instance. Cache is empty though so jobs will be a bit slower until the cache is populated - T171148

hashar added a comment.Jul 20 2017, 9:13 AM

I have manually repopulated the cache for operations/puppet.git by triggering https://integration.wikimedia.org/ci/job/operations-puppet-cache-update-jessie/

hashar closed this task as Resolved.Jul 20 2017, 9:13 AM
Liuxinyu970226 unsubscribed.Jul 20 2017, 11:27 AM
hashar mentioned this in T171174: a lot of beta cluster instances are not reachable over SSH.Jul 20 2017, 2:53 PM

Beta cluster instances have the exact same issue. Filled as T171174

hashar edited projects, added Wikimedia-Incident; removed Patch-For-Review.Jul 20 2017, 4:29 PM

https://wikitech.wikimedia.org/wiki/Incident_documentation/20170719-ldap#CI.2Fbeta

Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q1; removed Release-Engineering-Team (Kanban).Sep 26 2017, 11:44 PM
hashar added a project: Castor.Aug 5 2020, 5:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL