Page MenuHomePhabricator
Create Task
Maniphest T171188

Move the main WMCS puppetmaster into the Labs realm
Closed, ResolvedPublic
Actions

Description

Historically, the Labs puppetmasters have been running in the production realm, for various legacy reasons. Early on, Labs (and now WMCS) gained support for self-hosted per-instance puppetmasters, and later for self-hosted per-project puppetmasters. Since then, the two (arguably) most important projects, deployment-prep and tools, have moved to self-hosted puppetmasters.

Having the WMCS "main" puppetmasters in the production realm is yet another labs->production realm bridge (or: a "labs-support" instance). It's especially iffy since Puppet is a complex codebase by itself, and complicated even further by the fact that it is essentially a compiler-on-demand for dynamic, living code. Such a jump has been exploited as a demonstration before and it wasn't that hard to achieve either (let's leave it at that :), so this isn't just hypothetical.

Puppet for WMCS instances doesn't need any kind of private data and there is really no particular reason other than legacy for why it runs in the production realm (as demonstrated by the various project puppetmasters too), so I'd like to discuss the path towards its eventual move to the labs realm. It's not super urgent or anything, but I've been thinking about this for a while and got reminded of it with the recent labspuppetmaster work -- and it turns out I never filed a task about it (that I could find) :)

So, I think there are a few different ideas have been mentioned on how to approach this (and feel free to adjust/correct):

  1. Move to "labs-support" (= production realm, public IP, but accessible only to Labs): would probably work and be an improvement over the current situation but not really moving to the labs realm and likely not enough.
  2. Deploy the puppetmasters in multiple VMs, perhaps even across multiple labvirts for increased reliability.
  3. Deploy a couple of puppetmasters VMs, perhaps allocated in a way that there's only 1 VM running in each bare metal server (I think this has been done already in a few other cases?).
  4. Wait until WMCS supports bare metal instances in the Labs realm, move the existing bare metal machines there (blocked on Neutron, I guess Ironic too?)

My inclination would be to just go with (2), which doesn't sound like a huge amount of work to me given that all the various parts are there, but I may be missing a lot of background.

How do you (cloud-services-team) folks feel about this? What pros/cons do you see in each and which one is your preferred solution?

TODO:

And then finally if everyone is happy to go ahead:

  • make old encapi read-only on labpuppetmaster1001 (somehow -- kill the r/w endpoint) (disable puppet, edit config in /etc/uwsgi/apps-enabled/labspuppetbackend.ini to set allowed writers to empty list or something invalid)
  • Import encapi data
  • Direct puppetmasters to the new encapi reader endpoint (patch)
  • Move infrastructure over to talking to new puppetmaster - e.g. horizon (patch)
  • Verify that in-project puppetmasters still work properly (e.g. toolforge puppetmaster)
  • Fix dns recursor hack to point 'puppet' domain to new puppetmaster (patch)
  • test that new VMs come up and work!
  • Move instances over to using new puppetmaster (patch)

Details

SubjectRepoBranchLines +/-
Move labpuppetmaster1001 and 1002 to role::spareoperations/puppetproduction+2 -2
labpuppetmaster1001/1002: Clean up after moving puppetmasters to the cloudoperations/puppetproduction+10 -16
labs.yaml: remove profile::base::certificates::puppet_ca_contentoperations/puppetproduction+0 -33
cloud: Move instances to use new puppetmasteroperations/puppetproduction+35 -2
Make puppetmaster CA content key be a hash keyed by puppetmasteroperations/puppetproduction+4 -3
Make puppetmaster CA content key be a hash keyed by puppetmasteroperations/puppetproduction+4 -3
cloud recursors: alias 'puppet' to the cloud-internal puppetmaster IPoperations/puppetproduction+1 -1
cloud recursors: alias 'puppet' to the new in-labs puppetmasteroperations/puppetproduction+1 -1
cloud: Change monitoring things to look at new puppetmasteroperations/puppetproduction+3 -3
cloud: Switch encapi calls to new puppetmasteroperations/puppetproduction+5 -5
certmanager: Set up config for running inside labs realmoperations/puppetproduction+9 -3
openstack puppetmaster roles: duplicate for set of profiles to be used in labsoperations/puppetproduction+14 -0
openstack puppetmaster profiles: don't include clientpackagesoperations/puppetproduction+0 -2
Replace git-sync-upstream on labspuppetmasters, remove from puppet-mergeoperations/puppetproduction+6 -19
openstack::puppet::master::encapi: Avoid nginx-apache conflictoperations/puppetproduction+5 -0
profile::puppetmaster::frontend: Allow getting allow_from from hieraoperations/puppetproduction+2 -2
openstack::puppet::master::encapi: work on stretch with python3.5operations/puppetproduction+7 -3
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
herron added a comment.Nov 19 2018, 3:05 PM
In T171188#4758203, @Krenair wrote:
In T171188#4758194, @faidon wrote:

JFTR, I don't know what cloudinfra-puppetmaster-01 is. Maybe @Krenair or someone else set up that?

I don't have access to do that. I assume this is a project puppetmaster for either the MX-out or NTP servers that exist in that project.

According to horizon cloudinfra-puppetmaster-01 was created by Andrew in September. It has no signed puppet certs currently, so safe to say nothing is using it as of yet. @Andrew is that something we still need/plan to use, or could we turn down the instance?

Andrew added a comment.Nov 19 2018, 3:16 PM

As arturo suggests, cloudinfra-puppetmaster-01 is meant to be the puppetmaster for things inside the cloudinfra project. I anticipated us needing that for project-local secrets -- I'm surprised that that e.g. mx-out01 doesn't need it... it certainly will if we add DKIM keys.

So, we can delete the VM if it's confusing people but I'l just need to rebuild it sometime soon :)

Nothing has been done regarding the actual topic of this bug. It's a perfectly reasonable idea but not on the top of the priority list and work there is pending some decisions in other areas.

aborrero added a comment.Nov 19 2018, 4:38 PM

Ok, clarified then:

  • cloudinfra-puppetmaster-01 is a puppetmaster server just for the cloudinfra project. Still not in use though.
  • we will have to discuss if we create a cloudvps-wide puppetmaster inside cloudvps (i.e, a VM).
GTirloni mentioned this in T177959: Should VPS puppetmasters include labs-recursor0/ns-1 in their resolv.confs?.Nov 21 2018, 7:25 PM
Andrew moved this task from Needs discussion to Inbox on the cloud-services-team (Kanban) board.Jan 8 2019, 4:36 PM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 9:23 PM
Andrew added a comment.Feb 18 2019, 7:48 PM

#2 is almost certainly they way to go, as it avoids the weird chicken-egg issue of "we need a labs
puppetmaster to build a labs puppetmaster" -- currently I can't even log into a new VM /at all/ until it's
properly puppetized. So to move forward on this we would need some way of accessing an unpuppetized
VM.

For the record -- T215211 is largely resolved, and with that I'm not longer nearly as worried about worst-case 'we locked ourselves out of everything' scenarios.

bd808 mentioned this in T218448: Volunteer NDA for Alex Monk.Mar 15 2019, 10:05 PM
Krenair claimed this task.Mar 26 2019, 5:45 PM

I'm planning to have a go at this soon.

Krenair mentioned this in T219424: Decide how we're going to handle certificates for the puppetmaster migration.Mar 27 2019, 5:15 PM
Krenair closed subtask T219428: Decide how to handle encapi database as Resolved.Mar 27 2019, 7:25 PM
gerritbot added a comment.Apr 5 2019, 2:29 PM

Change 501581 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] openstack::puppet::master::encapi: work on stretch with python3.5

https://gerrit.wikimedia.org/r/501581

gerritbot added a project: Patch-For-Review.Apr 5 2019, 2:29 PM
gerritbot added a comment.Apr 5 2019, 2:34 PM

Change 501581 merged by Andrew Bogott:
[operations/puppet@production] openstack::puppet::master::encapi: work on stretch with python3.5

https://gerrit.wikimedia.org/r/501581

gerritbot added a comment.Apr 5 2019, 2:49 PM

Change 501587 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] openstack::puppet::master::encapi: Avoid nginx-apache conflict

https://gerrit.wikimedia.org/r/501587

Krenair mentioned this in T153468: Ferm's upstream Net::DNS Perl library questionable handling of NOERROR responses without records causing puppet errors when we try to @resolve AAAA in labs.Apr 5 2019, 4:36 PM
Krenair added a comment.EditedApr 6 2019, 1:35 AM

I've got puppetmaster set up on puppetmaster.cloudinfra.wmflabs.org now, hosted at cloud-puppetmaster-01 with a backend of cloud-puppetmaster-02. A test client on krenair-t171188-test.testlabs.eqiad.wmflabs is working.
Still a load of stuff to do though. It doesn't have a floating IP or any way for the OpenStack hosts to contact it yet. Had to do some manual actions to avoid apache-nginx conflicts, deal with package problems around cergen's dependencies against the openstack-mitaka-jessie repo, work around ferm's AAAA handling bugs, among other things.

Krenair mentioned this in T220268: Consider ways to make puppetmaster CA changes smoother on the puppet client end.Apr 6 2019, 1:59 PM
gerritbot added a comment.Apr 8 2019, 2:52 PM

Change 502235 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] profile::puppetmaster::frontend: Allow getting allow_from from hiera

https://gerrit.wikimedia.org/r/502235

gerritbot added a comment.Apr 8 2019, 6:37 PM

Change 502235 merged by Alexandros Kosiaris:
[operations/puppet@production] profile::puppetmaster::frontend: Allow getting allow_from from hiera

https://gerrit.wikimedia.org/r/502235

gerritbot added a comment.Apr 12 2019, 4:20 PM

Change 501587 merged by Andrew Bogott:
[operations/puppet@production] openstack::puppet::master::encapi: Avoid nginx-apache conflict

https://gerrit.wikimedia.org/r/501587

Krenair added a subtask: T219390: Have puppet-merge on puppetmaster1001 publish the official sha1 after merging.Apr 12 2019, 11:26 PM
Krenair added a comment.EditedApr 19 2019, 4:56 AM

The number of puppet.git cherry-picks on cloudinfra-internal-puppetmaster is now 0, there's just the two secret commits to labs/private that are pretty much the purpose of that instance.

TODO:

And then finally if everyone is happy to go ahead:

  • Import encapi data
  • Move infrastructure over to talking to new puppetmaster - e.g. horizon
  • Move instances over to using new puppetmaster
Andrew closed subtask Restricted Task as Resolved.May 7 2019, 8:25 PM
gerritbot added a comment.May 13 2019, 6:33 PM

Change 509915 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Replace git-sync-upstream on labspuppetmasters, remove from puppet-merge

https://gerrit.wikimedia.org/r/509915

gerritbot added a comment.May 15 2019, 1:55 PM

Change 509915 merged by Andrew Bogott:
[operations/puppet@production] Replace git-sync-upstream on labspuppetmasters, remove from puppet-merge

https://gerrit.wikimedia.org/r/509915

Andrew closed subtask T219390: Have puppet-merge on puppetmaster1001 publish the official sha1 after merging as Resolved.May 15 2019, 7:14 PM
Krenair added a comment.May 22 2019, 1:25 PM

Looks like we regressed here while I was busy - logged onto the new puppetmasters to find puppet has been broken for weeks. Seems to be related to clientpackages changes

gerritbot added a comment.May 22 2019, 1:28 PM

Change 511875 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] openstack puppetmaster profiles: don't include clientpackages

https://gerrit.wikimedia.org/r/511875

gerritbot added a comment.May 22 2019, 1:33 PM

Change 511877 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] openstack puppetmaster roles: duplicate for set of profiles to be used in labs

https://gerrit.wikimedia.org/r/511877

gerritbot added a comment.May 24 2019, 4:53 PM

Change 511875 merged by Andrew Bogott:
[operations/puppet@production] openstack puppetmaster profiles: don't include clientpackages

https://gerrit.wikimedia.org/r/511875

gerritbot added a comment.May 24 2019, 4:54 PM

Change 511877 merged by Andrew Bogott:
[operations/puppet@production] openstack puppetmaster roles: duplicate for set of profiles to be used in labs

https://gerrit.wikimedia.org/r/511877

Andrew closed subtask T223920: Ensure/confirm a way to shell into unpuppetized VMs as Resolved.May 24 2019, 9:49 PM
Maintenance_bot removed a project: Patch-For-Review.May 28 2019, 3:57 PM
MoritzMuehlenhoff mentioned this in T224549: Track remaining jessie systems in production.May 29 2019, 10:36 AM
gerritbot added a comment.Jun 5 2019, 10:07 AM

Change 514454 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] certmanager: Set up config for running inside labs realm

https://gerrit.wikimedia.org/r/514454

gerritbot added a project: Patch-For-Review.Jun 5 2019, 10:07 AM
gerritbot added a comment.Jun 5 2019, 5:25 PM

Change 514454 merged by Andrew Bogott:
[operations/puppet@production] certmanager: Set up config for running inside labs realm

https://gerrit.wikimedia.org/r/514454

Maintenance_bot removed a project: Patch-For-Review.Jun 5 2019, 6:10 PM
Krenair closed subtask T219424: Decide how we're going to handle certificates for the puppetmaster migration as Resolved.Jun 22 2019, 4:36 PM
Krenair added a comment.Jul 7 2019, 9:34 PM

encapi works:

diff --git a/modules/openstack/manifests/puppet/master/encapi.pp b/modules/openstack/manifests/puppet/master/encapi.pp
index 509af5e7f8..261e0046e9 100644
--- a/modules/openstack/manifests/puppet/master/encapi.pp
+++ b/modules/openstack/manifests/puppet/master/encapi.pp
@@ -47,7 +47,8 @@ class openstack::puppet::master::encapi(
         ipresolve($designate_host, 4),
         ipresolve($designate_host, 6),
         ipresolve($designate_host_standby, 4),
-        ipresolve($designate_host_standby, 6)]),',')
+        ipresolve($designate_host_standby, 6),
+        '127.0.0.1']),',')
 
     # We override service_settings because the default includes autoload
     #  which insists on using python2
krenair@cloud-puppetmaster-01:~$ curl "http://localhost:8101/v1/test/node/test.asd.codfw.labtest"
hiera: {}
roles: []
krenair@cloud-puppetmaster-01:~$ curl "http://localhost:8101/v1/test/prefix/test.asd.codfw.labtest/hiera" --data '{a: b}' -H 'Content-Type: application/x-yaml'
{status: ok}
krenair@cloud-puppetmaster-01:~$ curl "http://localhost:8101/v1/test/node/test.asd.codfw.labtest"
hiera: {a: b}
roles: []
krenair@cloud-puppetmaster-01:~$ curl "http://localhost:8101/v1/test/prefix/test.asd.codfw.labtest" -X DELETE
{status: ok}
krenair@cloud-puppetmaster-01:~$ curl "http://localhost:8101/v1/test/node/test.asd.codfw.labtest"
hiera: {}
roles: []
bd808 moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.Jul 11 2019, 4:30 PM
Andrew mentioned this in T227029: Prevent catalog breakage on cloud instances by decoupling core cloud puppetmaster from custom puppetmasters.Aug 15 2019, 8:49 AM
Krenair updated the task description. (Show Details)Aug 15 2019, 9:56 AM
Andrew updated the task description. (Show Details)Aug 15 2019, 10:02 AM
Andrew updated the task description. (Show Details)
Krenair updated the task description. (Show Details)Aug 15 2019, 10:27 AM
Krenair updated the task description. (Show Details)
gerritbot added a comment.Aug 15 2019, 10:35 AM

Change 530340 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] cloud: Switch encapi calls to new puppetmaster

https://gerrit.wikimedia.org/r/530340

gerritbot added a project: Patch-For-Review.Aug 15 2019, 10:35 AM

Change 530341 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] cloud recursors: alias 'puppet' to the new in-labs puppetmaster

https://gerrit.wikimedia.org/r/530341

Krenair updated the task description. (Show Details)Aug 15 2019, 10:36 AM
Andrew updated the task description. (Show Details)Aug 15 2019, 10:37 AM
Krenair updated the task description. (Show Details)Aug 15 2019, 10:40 AM
Andrew updated the task description. (Show Details)Aug 15 2019, 10:41 AM
Andrew updated the task description. (Show Details)Aug 15 2019, 10:50 AM
Krenair updated the task description. (Show Details)Aug 15 2019, 11:01 AM
Krenair updated the task description. (Show Details)Aug 15 2019, 1:16 PM
gerritbot added a comment.Aug 15 2019, 2:41 PM

Change 530382 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] labpuppetmaster1001/1002: Clean up after moving puppetmasters to the cloud

https://gerrit.wikimedia.org/r/530382

gerritbot added a comment.Sep 1 2019, 7:19 PM

Change 533758 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] Make puppetmaster CA content key be a hash keyed by puppetmaster

https://gerrit.wikimedia.org/r/533758

gerritbot added a comment.Sep 1 2019, 7:20 PM

Change 530344 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] cloud: Change monitoring things to look at new pupeptmaster

https://gerrit.wikimedia.org/r/530344

gerritbot added a comment.Sep 1 2019, 7:21 PM

Change 530371 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] cloud: Move instances to use new puppetmaster

https://gerrit.wikimedia.org/r/530371

Krenair added a comment.Sep 1 2019, 7:28 PM

At Wikimania me and Andrew discussed what else needs doing before we push the button here. We realised that for the actual hiera change of puppetmaster plus the profile::base::certificates::puppet_ca_content addition there was a slight problem - some instances have overridden puppetmaster but won't have overrides for profile::base::certificates::puppet_ca_content (the whole idea of that key being to be kept synced with puppetmaster - they should be changed at the same time so puppet can fiddle about with certificates as appropriate). We decided to make it a hash keyed by puppetmaster, which is ignored if the relevant key is not set. I've uploaded that as https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/533758/ and updated https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/530371/ for it.

Stashbot added a comment.Sep 9 2019, 5:56 PM

Mentioned in SAL (#wikimedia-operations) [2019-09-09T17:56:24Z] <andrewbogott> disabling puppet on labpuppetmaster1001 as part of T171188

gerritbot added a comment.Sep 9 2019, 6:47 PM

Change 530340 merged by Andrew Bogott:
[operations/puppet@production] cloud: Switch encapi calls to new puppetmaster

https://gerrit.wikimedia.org/r/530340

gerritbot added a comment.Sep 9 2019, 6:57 PM

Change 530344 merged by Andrew Bogott:
[operations/puppet@production] cloud: Change monitoring things to look at new puppetmaster

https://gerrit.wikimedia.org/r/530344

gerritbot added a comment.Sep 9 2019, 7:15 PM

Change 530341 merged by Andrew Bogott:
[operations/puppet@production] cloud recursors: alias 'puppet' to the new in-labs puppetmaster

https://gerrit.wikimedia.org/r/530341

gerritbot added a comment.Sep 9 2019, 7:44 PM

Change 535275 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] cloud recursors: alias 'puppet' to the cloud-internal puppetmaster IP

https://gerrit.wikimedia.org/r/535275

gerritbot added a comment.Sep 9 2019, 7:46 PM

Change 535275 merged by Andrew Bogott:
[operations/puppet@production] cloud recursors: alias 'puppet' to the cloud-internal puppetmaster IP

https://gerrit.wikimedia.org/r/535275

gerritbot added a comment.Sep 9 2019, 8:53 PM

Change 533758 merged by Andrew Bogott:
[operations/puppet@production] Make puppetmaster CA content key be a hash keyed by puppetmaster

https://gerrit.wikimedia.org/r/533758

gerritbot added a comment.Sep 9 2019, 10:26 PM

Change 535305 had a related patch set uploaded (by Andrew Bogott; owner: Alex Monk):
[operations/puppet@production] Make puppetmaster CA content key be a hash keyed by puppetmaster

https://gerrit.wikimedia.org/r/535305

gerritbot added a comment.Sep 9 2019, 10:32 PM

Change 535305 merged by Andrew Bogott:
[operations/puppet@production] Make puppetmaster CA content key be a hash keyed by puppetmaster

https://gerrit.wikimedia.org/r/535305

gerritbot added a comment.Sep 9 2019, 11:38 PM

Change 530371 merged by Andrew Bogott:
[operations/puppet@production] cloud: Move instances to use new puppetmaster

https://gerrit.wikimedia.org/r/530371

gerritbot added a comment.Sep 10 2019, 2:13 AM

Change 535329 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] labs.yaml: remove profile::base::certificates::puppet_ca_content

https://gerrit.wikimedia.org/r/535329

gerritbot added a comment.Sep 10 2019, 2:14 AM

Change 535329 merged by Andrew Bogott:
[operations/puppet@production] labs.yaml: remove profile::base::certificates::puppet_ca_content

https://gerrit.wikimedia.org/r/535329

Andrew updated the task description. (Show Details)Sep 10 2019, 3:20 AM
Andrew closed subtask T232427: cloud-vps puppet cert cleaner not working properly as Resolved.Sep 10 2019, 4:13 PM
gerritbot added a comment.Sep 10 2019, 5:17 PM

Change 530382 merged by Andrew Bogott:
[operations/puppet@production] labpuppetmaster1001/1002: Clean up after moving puppetmasters to the cloud

https://gerrit.wikimedia.org/r/530382

Maintenance_bot removed a project: Patch-For-Review.Sep 10 2019, 6:11 PM
Andrew closed subtask T232429: Create in-cloud, cloud-vps-wide cumin masters as Resolved.Sep 10 2019, 8:20 PM
Krenair reopened subtask T232429: Create in-cloud, cloud-vps-wide cumin masters as Open.Sep 10 2019, 10:53 PM
Krenair closed subtask T219421: Work out what we're going to do with the cumin master functionality currently on labpuppetmaster1001 as Resolved.Sep 10 2019, 11:04 PM
bd808 mentioned this in T232536: Toolforge Kubernetes internal API down, causing `webservice` and other tooling to fail.Sep 11 2019, 2:00 AM
Stashbot added a comment.Sep 11 2019, 12:40 PM

Mentioned in SAL (#wikimedia-operations) [2019-09-11T12:40:42Z] <moritzm> removing now puppet/puppetdb packages from labpuppetmaster* T171188

Stashbot added a comment.Sep 11 2019, 12:40 PM

Mentioned in SAL (#wikimedia-operations) [2019-09-11T12:40:51Z] <moritzm> removing now obsolete puppet/puppetdb packages from labpuppetmaster* T171188

jbond subscribed.Sep 11 2019, 4:27 PM
Krenair closed subtask T232429: Create in-cloud, cloud-vps-wide cumin masters as Resolved.Sep 11 2019, 8:18 PM
Andrew closed subtask T232428: Resolve local commits on cloud-puppetmaster-01.cloudinfra.eqiad.wmflabs and cloud-puppetmaster-02.cloudinfra.eqiad.wmflabs as Resolved.Sep 13 2019, 3:42 PM
Krenair closed this task as Resolved.Sep 13 2019, 11:51 PM
Krenair closed subtask T232509: cloud-puppetmasters: move some hiera settings from Horizon to git/gerrit as Resolved.
Krenair mentioned this in T232924: Decide what to do with labpuppetmaster100[12].wikimedia.org.Sep 14 2019, 4:18 PM
gerritbot added a comment.Sep 16 2019, 1:29 PM

Change 537111 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Move labpuppetmaster1001 and 1002 to role::spare

https://gerrit.wikimedia.org/r/537111

gerritbot added a project: Patch-For-Review.Sep 16 2019, 1:29 PM
gerritbot added a comment.Sep 16 2019, 1:32 PM

Change 537111 merged by Andrew Bogott:
[operations/puppet@production] Move labpuppetmaster1001 and 1002 to role::spare

https://gerrit.wikimedia.org/r/537111

Maintenance_bot removed a project: Patch-For-Review.Sep 16 2019, 2:10 PM
Krenair mentioned this in T139011: puppet function ipresolve unable to look up instance on labs-puppetmaster.Sep 21 2019, 11:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL