Page MenuHomePhabricator
Create Task
Maniphest T203003

Keyholder phab repo duplicate work
Open, MediumPublic
Actions

Description

There have been changes and improvements to keyholder in the phab repo that have not been incorporated into puppet. This is creating duplicate work.

We should figure out a way to use the upstream repo in puppet.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Initial debianizationoperations/software/keyholderdebian+63 -0
Add debian-glue for operations/software/keyholderintegration/configmaster+4 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

thcipriani created this task.Aug 28 2018, 3:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 28 2018, 3:35 PM
thcipriani added a comment.Aug 28 2018, 3:36 PM

For an example of the problem see T202952

thcipriani updated the task description. (Show Details)Aug 28 2018, 3:43 PM
faidon added a comment.Aug 28 2018, 3:51 PM

Thanks for filing this! I lost about an hour debugging and (re-)fixing the above issue today, so +1 to everything you said :)

Let's sort this out and all other potential cases like it and avoid doing this kind of fork in any of our projecs again.

Krenair subscribed.Aug 28 2018, 3:52 PM
mmodell added a comment.Aug 28 2018, 3:57 PM

I agree that we should use the upstream repo from puppet and I should have refactored the puppet code as soon as I created rKEYHOLDER. The question then is, do we install via debian packaging or directly via GIT?

ArielGlenn triaged this task as Medium priority.Aug 29 2018, 10:21 AM
thcipriani closed subtask T203108: Create keyholder gerrit repo as Resolved.Sep 12 2018, 5:42 PM
hashar subscribed.Sep 13 2018, 4:42 PM

Thank you @faidon to have managed to import the git history into operations/software/keyholder that will be very helpful in the future I guess :]

greg edited projects, added Release-Engineering-Team (Backlog); removed Release-Engineering-Team.Nov 21 2018, 12:16 AM
greg subscribed.

next steps here?

hashar added a comment.Nov 22 2018, 10:12 PM

I guess we can close rKEYHOLDER. Seems to me keyholder code will be moved out of operations/puppet to operations/software/keyholder where development has been occurring recently.

faidon added a comment.Nov 23 2018, 3:33 PM
In T203003#4768791, @hashar wrote:

I guess we can close rKEYHOLDER. Seems to me keyholder code will be moved out of operations/puppet to operations/software/keyholder where development has been occurring recently.

That is all correct, so yes we should.

Other than that and to answer @greg's question, the next steps would be:

  1. Switch our deployment of keyholder in prod to be using this repository (possibly start with the existing version)
  2. Drop the (now antiquated) version of the keyholder scripts from production.
  3. Test and release a new keyholder version and deploy that in production as well.
thcipriani closed subtask T210674: Point keyholder github mirror to gerrit as Resolved.Dec 12 2018, 5:57 PM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 10:18 PM
hashar added a project: Keyholder.Mar 7 2019, 10:03 PM
Phabricator_maintenance edited projects, added Release-Engineering-Team-TODO; removed Release-Engineering-Team (Backlog).Jun 12 2019, 11:52 PM
Phabricator_maintenance moved this task from Should be empty (use Release-Engineering-Team) to Later / Need volunteer on the Release-Engineering-Team-TODO board.Jun 12 2019, 11:55 PM
greg added a project: Release-Engineering-Team.Jun 21 2019, 10:35 PM
greg moved this task from INBOX to Deployment services on the Release-Engineering-Team board.Jul 9 2019, 5:47 PM
greg edited projects, added Release-Engineering-Team (Deployment services); removed Release-Engineering-Team.
gerritbot added a comment.Apr 10 2020, 10:57 PM

Change 588054 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] Add debian-glue for operations/software/keyholder

https://gerrit.wikimedia.org/r/588054

gerritbot added a project: Patch-For-Review.Apr 10 2020, 10:57 PM
gerritbot added a comment.Apr 10 2020, 11:01 PM

Change 588054 merged by jenkins-bot:
[integration/config@master] Add debian-glue for operations/software/keyholder

https://gerrit.wikimedia.org/r/588054

gerritbot added a comment.Apr 10 2020, 11:01 PM

Change 588055 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/software/keyholder@debian] Initial debianization

https://gerrit.wikimedia.org/r/588055

hashar added a comment.Apr 10 2020, 11:09 PM

Eventually today I went with the issue of having to restart Keyholder and reharm after a change in the yaml configuration. The version in operations/software/keyholder supports reloading them without having to reharm (just signal SIGHUP). So I guess I am going to cookie lick the Debian packaging :]

@faidon @thcipriani I could use a tag in the repository though. 0.1 1.0 or whatever work for you.

faidon added a comment.Apr 11 2020, 7:10 AM

The master branch of operations/software/keyholder is not ready for a release at this time, so please don't tag, package or deploy this at this state. There are a bunch of pending changes in Gerrit for about a year, plus more that I've queued up locally (because it's hard to manage dozens of dependent git commits with Gerrit…). If y'all are willing to review these I can clean them up and prepare a release; if not, then I can pick this up and make some progress. Let me know!

hashar added a comment.Apr 12 2020, 3:57 PM

I forgot to check for open changes, thank you for the notification. I guess it is time for some reviews and +2 :].

hashar added a comment.Apr 14 2020, 6:36 AM

There are a bunch of pending changes in Gerrit for about a year, plus more that I've queued up locally (because it's hard to manage dozens of dependent git commits with Gerrit…).

Somehow I have missed that part. The repository is requiring changes to be fast forward in order to be submitted/merged, I would like to change it to Rebase-If-Necessary like we did for operations/puppet (T224033). Can be done at https://gerrit.wikimedia.org/r/#/admin/projects/operations/software/keyholder

The long list of patches is not ideal either unless they are strictly related. A patch in the middle of the chain might be held because some parent change is pending review. While it is easy to cherry pick them as needed.

gerritbot added a comment.Jun 10 2020, 8:14 AM

Change 588055 abandoned by Hashar:
Initial debianization

https://gerrit.wikimedia.org/r/588055

Maintenance_bot removed a project: Patch-For-Review.Jun 10 2020, 9:10 AM
taavi subscribed.Apr 1 2021, 2:13 PM
thcipriani removed a project: Release-Engineering-Team (Deployment services).Apr 20 2021, 1:10 AM
thcipriani edited projects, added Release-Engineering-Team (thcipriani-workboard-fiddling); removed Release-Engineering-Team-TODO.Apr 20 2021, 3:42 AM
thcipriani moved this task from thcipriani-workboard-fiddling to Seen (ARCHIVE) on the Release-Engineering-Team board.Apr 20 2021, 3:54 AM
thcipriani edited projects, added Release-Engineering-Team; removed Release-Engineering-Team (thcipriani-workboard-fiddling).
thcipriani edited projects, added Release-Engineering-Team (Seen); removed Release-Engineering-Team.Apr 20 2021, 3:23 PM
Dzahn subscribed.May 10 2023, 1:43 AM

The repo on Phabricator has been closed meanwhile. I wonder if there are things left to do here now in 2023.

hashar added a comment.May 10 2023, 7:23 AM

One can compare the content of https://phabricator.wikimedia.org/source/keyholder.git with https://gerrit.wikimedia.org/r/operations/software/keyholder

Also per Faidon in T203003#6048360, there was also a series of pending open change in Gerrit + a few that were on his local machine which would be great to integrate.

Then I think the issue is having the ssh knowledge needed to review the code (even though certainly a lot of patches do not need that very specific knowledge).

jbond edited projects, added Infrastructure-Foundations; removed Release-Engineering-Team (Seen).May 23 2023, 8:37 AM
elukey subscribed.Feb 23 2026, 3:50 PM

@thcipriani Hi! We are reviewing the backlog and we are wondering if you are still interested in pursuing this.

thcipriani added a comment.Feb 23 2026, 6:42 PM
In T203003#11641074, @elukey wrote:

@thcipriani Hi! We are reviewing the backlog and we are wondering if you are still interested in pursuing this.

This isn't a priority for me.

There's still divergence between https://gerrit.wikimedia.org/r/operations/software/keyholder and what actually gets used in prod (afaict from looking at puppet code). But the last example of that divergence causing issues is from 8 years ago when I filed this task.

Up to you all if you want pursue aligning these. If not, I'm happy to help archive the gerrit repo to avoid confusion.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits