Page MenuHomePhabricator

Enable puppetdb in toolforge
Closed, ResolvedPublic

Description

In order to decrease dependence on NFS as well as improve several aspects of Toolforge in terms of security and performance, we'd like to enable puppetdb there. Tools beta has it now. This may require upgrading the puppetmaster to stretch.

I suspect there are other tasks for this around to merge with.

Related Objects

Event Timeline

Bstorm triaged this task as Medium priority.Jan 22 2019, 6:01 PM
Bstorm created this task.
Bstorm created this object with visibility "Custom Policy".
Bstorm changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 23 2019, 4:43 PM

Change 761437 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] ssh::client: optionally disable key puppetdb management

https://gerrit.wikimedia.org/r/761437

Change 761437 merged by Jbond:

[operations/puppet@production] ssh::client: optionally disable key puppetdb management

https://gerrit.wikimedia.org/r/761437

Mentioned in SAL (#wikimedia-cloud) [2022-02-09T19:29:21Z] <taavi> installed tools-puppetdb-1, not configured on puppetmaster side yet T214427

Mentioned in SAL (#wikimedia-cloud) [2022-02-10T08:06:44Z] <taavi> disable puppet globally for enabling puppetdb T214427

Mentioned in SAL (#wikimedia-cloud) [2022-02-10T08:16:46Z] <taavi> enable puppetdb and re-enable puppet with puppetdb ssh key management disabled (profile::base::manage_ssh_keys: false) - T214427

Mentioned in SAL (#wikimedia-cloud) [2022-02-10T08:45:26Z] <taavi> set profile::base::manage_ssh_keys: true globally T214427