Page MenuHomePhabricator
Create Task
Maniphest T189790

Reimage deployment-ores01 as Stretch
Closed, ResolvedPublic
Actions

Event Timeline

awight triaged this task as Medium priority.Mar 15 2018, 4:21 PM
awight created this task.
awight added a comment.Mar 15 2018, 5:27 PM

Ran into some puppet unpleasantness:

Could not find data item profile::ores::web::workers in any Hiera data file and no default supplied at /etc/puppet/modules/profile/manifests/ores/web.pp:4:20 on node deployment-ores01.deployment-prep.eqiad.wmflabs

@akosiaris I think this is caused by the situation you were describing, where the defaults aren't loaded on labs. Do you have any ideas why hiera wouldn't be picking up hieradata/role/common/ores.yaml? I've got role::ores enabled, not sure how else to encourage hiera here...

Paladox added a comment.EditedMar 15 2018, 5:34 PM

@awight you could either add the ores hiera values to the wiki page for that paject (ie i think deployment-prep) or add them through horizion.

awight added a comment.Mar 15 2018, 5:47 PM

@Paladox Good idea. For the record, I used the following values, and puppet seems healthy so far.

{
"profile::ores::celery::workers": 4,
"profile::ores::celery::queue_maxsize": 100,
"profile::ores::web::workers": 8,
"profile::ores::web::redis_host": "127.0.0.1"
}
awight added a comment.Mar 15 2018, 6:02 PM

Puppet ran once, then broke itself:

Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster02.deployment-prep.eqiad.wmflabs]
awight added a comment.Mar 15 2018, 6:30 PM

I've rebuilt the puppet certs.

Now there's a conflict between redis and prometheus-redis

awight closed this task as Resolved.Mar 15 2018, 6:45 PM
akosiaris added a comment.Mar 16 2018, 9:10 AM

I am guessing this was resolved and I am no longer needed.

Krenair subscribed.EditedMay 27 2018, 7:06 PM

It looks like this host has been rebuilt again:

$ ssh deployment-ores01
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:gNywH2BdkKg2mU45nnQhMo6HX336cntrTME3iKfbczo.
Please contact your system administrator.
Add correct host key in /home/alex/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/alex/.ssh/known_hosts:155
  remove with:
  ssh-keygen -f "/home/alex/.ssh/known_hosts" -R deployment-ores01.deployment-prep.eqiad.wmflabs
ECDSA host key for deployment-ores01.deployment-prep.eqiad.wmflabs has changed and you have requested strict checking.
Host key verification failed.

Please don't reuse hostnames, the new one should've been deployment-ores02

Krenair added a project: Beta-Cluster-Infrastructure.May 27 2018, 7:06 PM
awight removed a parent task: T180628: Install git-lfs client (at least on scap targets & masters).Jun 4 2018, 10:41 PM
isarantopoulos moved this task from Unsorted to 2023-2024 Q3 Done on the Machine-Learning-Team board.Nov 20 2023, 12:12 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL