⚓ T201504 cloudvps: main/eqiad1 keystone merge

Subject	Repo	Branch	Lines +/-
striker: Point at cloudcontrol1003 for OpenStack APIs	operations/puppet	production	+2 -0
striker/striker.ini: refresh keystone URL	labs/striker	master	+1 -1
Horizon: set DEFAULT_SERVICE_REGION to eqiad	operations/puppet	production	+3 -0
nfs-exportd: fix our call to region.list()	operations/puppet	production	+16 -5
labs-ip-alias-dump.py.trusty: make multi-region	operations/puppet	production	+28 -23
labs-ip-alias-dump.py: make multi-region	operations/puppet	production	+28 -23
cloud vps: main: restore envscripts and adminscripts	operations/puppet	production	+18 -0
Pass keystone_host to profile::openstack::main::nova::common	operations/puppet	production	+2 -1
keystone: pass the actual keystone host to openstack::util::envscripts	operations/puppet	production	+1 -1
cloudvps: use keytone_host instead of nova_controller	operations/puppet	production	+2 -9
cloudvps: merge main/eqiad1 keystone services	operations/puppet	production	+38 -98
Horizon: disable during keystone switchover	operations/puppet	production	+1 -1
cloudvps: keystone: allow IPv6 connections from foreign services	operations/puppet	production	+2 -1

Status	Assigned	Task
Open	None	T53494 Use Beta cluster as a true canary for code deployments (epic)
Declined	None	T87220 Minimize infrastructure differences between Beta Cluster and production
Open	None	T196662 Set up LVS in beta like prod
Resolved	bd808	T166396 Program 1 Outcome 4: VPS hosting
Resolved	None	T167293 Nova-network to Neutron migration
Resolved	• aborrero	T201504 cloudvps: main/eqiad1 keystone merge
Resolved	• aborrero	T201674 m5-master: setup for new keystone daemon
Resolved	• aborrero	T210595 cloudvps: keystone extra services

• aborrero created this task.Aug 8 2018, 11:30 AM

• aborrero triaged this task as Medium priority.

• aborrero updated the task description. (Show Details)Aug 8 2018, 11:36 AM

• aborrero updated the task description. (Show Details)

• aborrero updated the task description. (Show Details)Aug 8 2018, 11:40 AM

Change 451314 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloudvps: merge main/eqiad1 keystone services

https://gerrit.wikimedia.org/r/451314

gerritbot added a project: Patch-For-Review.Aug 8 2018, 1:05 PM

• aborrero updated the task description. (Show Details)Aug 8 2018, 1:10 PM

• aborrero updated the task description. (Show Details)Aug 9 2018, 12:20 PM

• aborrero updated the task description. (Show Details)Aug 10 2018, 10:10 AM

New endpoints are ready. On D day, we need to:

enable eqiad1 endpoints (they have been created, but disabled)
run SQL queries to update main endpoints

In m5-master:

MariaDB [keystone]> UPDATE endpoint set url='http://cloudcontrol1003.wikimedia.org:5000/v3' WHERE url='http://labcontrol1001.wikimedia.org:5000/v3';
MariaDB [keystone]> UPDATE endpoint set url='http://cloudcontrol1003.wikimedia.org:35357/v3' WHERE url='http://labcontrol1001.wikimedia.org:35357/v3';

in case of rollback:

MariaDB [keystone]> UPDATE endpoint set url='http://labcontrol1001.wikimedia.org:5000/v3' WHERE url='http://cloudcontrol1003.wikimedia.org:5000/v3';
MariaDB [keystone]> UPDATE endpoint set url='http://labcontrol1001.wikimedia.org:35357/v3' WHERE url='http://cloudcontrol1003.wikimedia.org:35357/v3';

Change 451850 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloudvps: keystone: allow IPv6 connections from foreign services

https://gerrit.wikimedia.org/r/451850

Change 451850 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] cloudvps: keystone: allow IPv6 connections from foreign services

https://gerrit.wikimedia.org/r/451850

• aborrero updated the task description. (Show Details)Aug 10 2018, 1:08 PM

• aborrero updated the task description. (Show Details)

• aborrero updated the task description. (Show Details)Aug 10 2018, 1:11 PM

Andrew updated the task description. (Show Details)Aug 12 2018, 4:38 PM

Andrew updated the task description. (Show Details)

Andrew updated the task description. (Show Details)Aug 12 2018, 4:42 PM

Change 452345 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloudvps: use keytone_host instead of nova_controller

https://gerrit.wikimedia.org/r/452345

• aborrero updated the task description. (Show Details)Aug 13 2018, 12:00 PM

• aborrero updated the task description. (Show Details)

• aborrero updated the task description. (Show Details)Aug 13 2018, 1:41 PM

• aborrero updated the task description. (Show Details)

Change 452367 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Horizon: disable during keystone switchover

https://gerrit.wikimedia.org/r/452367

Change 452367 merged by Andrew Bogott:
[operations/puppet@production] Horizon: disable during keystone switchover

https://gerrit.wikimedia.org/r/452367

• aborrero updated the task description. (Show Details)Aug 13 2018, 2:05 PM

• aborrero updated the task description. (Show Details)

Mentioned in SAL (#wikimedia-operations) [2018-08-13T14:09:48Z] <andrewbogott> stopping nodepool, downtiming horizon for T201504

Mentioned in SAL (#wikimedia-operations) [2018-08-13T14:10:48Z] <arturo> T201504 disable keystone in main and eqiad1 deployments, all has been downtimed in icinga

• aborrero updated the task description. (Show Details)Aug 13 2018, 2:11 PM

Change 451314 merged by Andrew Bogott:
[operations/puppet@production] cloudvps: merge main/eqiad1 keystone services

https://gerrit.wikimedia.org/r/451314

Change 452345 merged by Andrew Bogott:
[operations/puppet@production] cloudvps: use keytone_host instead of nova_controller

https://gerrit.wikimedia.org/r/452345

• aborrero updated the task description. (Show Details)Aug 13 2018, 2:18 PM

• aborrero updated the task description. (Show Details)Aug 13 2018, 2:25 PM

Change 452381 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] keystone: pass the actual keystone host to openstack::util::envscripts

https://gerrit.wikimedia.org/r/452381

Change 452381 merged by Andrew Bogott:
[operations/puppet@production] keystone: pass the actual keystone host to openstack::util::envscripts

https://gerrit.wikimedia.org/r/452381

ayounsi unsubscribed.Aug 13 2018, 2:40 PM

Change 452389 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloud vps: main: restore envscripts

https://gerrit.wikimedia.org/r/452389

Change 452393 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Pass keystone_host to profile::openstack::main::nova::common

https://gerrit.wikimedia.org/r/452393

Change 452393 merged by Andrew Bogott:
[operations/puppet@production] Pass keystone_host to profile::openstack::main::nova::common

https://gerrit.wikimedia.org/r/452393

Change 452389 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] cloud vps: main: restore envscripts and adminscripts

https://gerrit.wikimedia.org/r/452389

Change 452427 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] labs-ip-alias-dump.py: make multi-region

https://gerrit.wikimedia.org/r/452427

Change 452427 merged by Andrew Bogott:
[operations/puppet@production] labs-ip-alias-dump.py: make multi-region

https://gerrit.wikimedia.org/r/452427

Change 452435 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] labs-ip-alias-dump.py.trusty: make multi-region

https://gerrit.wikimedia.org/r/452435

Change 452435 merged by Andrew Bogott:
[operations/puppet@production] labs-ip-alias-dump.py.trusty: make multi-region

https://gerrit.wikimedia.org/r/452435

Paladox mentioned this in R2073:a27c6c0a9592: keystone: refresh keystone server URL.Aug 13 2018, 6:25 PM

Change 452448 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] nfs-exportd: fix our call to region.list()

https://gerrit.wikimedia.org/r/452448

Change 452448 merged by Bstorm:
[operations/puppet@production] nfs-exportd: fix our call to region.list()

https://gerrit.wikimedia.org/r/452448

Change 452457 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Horizon: set DEFAULT_SERVICE_REGION to eqiad

https://gerrit.wikimedia.org/r/452457

Change 452457 merged by Andrew Bogott:
[operations/puppet@production] Horizon: set DEFAULT_SERVICE_REGION to eqiad

https://gerrit.wikimedia.org/r/452457

There were two categories of issues that cropped up during this change:

Services still trying to hit labcontrol1001. Some of these were puppet mishaps (our hiera model is very tangly) and some of them were unpuppetized services (e.g. openstack-browser) that needed to be informed.

Basically any custom code that enumerated instances immediately started enumerating in the new region (eqiad1-r) and coming up empty. In retrospect, this was basically a coin-toss -- we got (un) lucky and the default region didn't change when we made this merge in labtest so I wasn't expecting it.

Lots of additional patches (most of them linked above) have addressed all the problems we've found so far.

This change was a huge blocker for the neutron migration -- I'm thrilled to have it done.

Krenair mentioned this in T201881: Cumin's OpenStack backend appears to be broken after labs keystone region merge.Aug 13 2018, 10:55 PM

• aborrero closed subtask T201674: m5-master: setup for new keystone daemon as Resolved.Aug 14 2018, 9:58 AM

• aborrero updated the task description. (Show Details)Aug 14 2018, 10:43 AM

Change 452668 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[labs/striker@master] striker/striker.ini: refresh keystone URL

https://gerrit.wikimedia.org/r/452668

Change 452668 merged by jenkins-bot:
[labs/striker@master] striker/striker.ini: refresh keystone URL

https://gerrit.wikimedia.org/r/452668

Change 456288 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[operations/puppet@production] striker: Point at cloudcontrol1003 for OpenStack APIs

https://gerrit.wikimedia.org/r/456288

Change 456288 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] striker: Point at cloudcontrol1003 for OpenStack APIs

https://gerrit.wikimedia.org/r/456288

Change 476232 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] openstack: eqiad1: activate keystone extra services

https://gerrit.wikimedia.org/r/476232

• aborrero mentioned this in T210595: cloudvps: keystone extra services.Nov 28 2018, 10:52 AM

• aborrero closed subtask T210595: cloudvps: keystone extra services as Resolved.Nov 28 2018, 5:28 PM

cloudvps: main/eqiad1 keystone merge
Closed, ResolvedPublic
Actions

Description

Details

Related Objects
Search...

Event Timeline

cloudvps: main/eqiad1 keystone mergeClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

cloudvps: main/eqiad1 keystone merge
Closed, ResolvedPublic
Actions

Related Objects
Search...