Page MenuHomePhabricator
Create Task
Maniphest T224557

Migrate ldap/corp replicas to Stretch/Buster
Closed, ResolvedPublic
Actions

Description

dubnium.wikimedia.org and pollux.wikimedia.org are the OpenLDAP replicas of the OIT directory. Given that these are Ganeti instances and only have a single user it's probably best to create a new cluster, test it and then switch the MXes to use it instead of dubnium/pollux. Let's maybe also use a name like ldapcorp1001 to make the DC naming more visible.

Details

ProjectBranchLines +/-Subject
operations/dnsmaster+0 -4Remove DNS entries for dubnium/pollux
operations/puppetproduction+2 -31Remove remaining Puppet refs of old jessie LDAP corp servers
operations/puppetproduction+1 -1Turn old LDAP replicas into spares
operations/dnsmaster+1 -1Switch ldap-corp.eqiad.wikimedia.org to ldap-corp1001
operations/dnsmaster+1 -1Switch ldap-corp.codfw.wikimedia.org to ldap-corp2001
Customize query in gerrit

Related Objects
Search...

Event Timeline

MoritzMuehlenhoff created this task.May 29 2019, 11:03 AM
MoritzMuehlenhoff mentioned this in T224549: Track remaining jessie systems in production.
ArielGlenn triaged this task as Medium priority.Jun 11 2019, 7:58 AM
MoritzMuehlenhoff claimed this task.Sep 27 2019, 2:10 PM
gerritbot added a comment.Nov 27 2019, 11:46 AM

Change 553323 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/dns@master] Switch ldap-corp.codfw.wikimedia.org to ldap-corp2001

https://gerrit.wikimedia.org/r/553323

gerritbot added a project: Patch-For-Review.Nov 27 2019, 11:46 AM
gerritbot added a comment.Dec 5 2019, 12:17 PM

Change 553323 merged by Muehlenhoff:
[operations/dns@master] Switch ldap-corp.codfw.wikimedia.org to ldap-corp2001

https://gerrit.wikimedia.org/r/553323

Maintenance_bot removed a project: Patch-For-Review.Dec 5 2019, 1:10 PM
gerritbot added a comment.Dec 5 2019, 1:22 PM

Change 554852 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/dns@master] Switch ldap-corp.eqiad.wikimedia.org to ldap-corp1001

https://gerrit.wikimedia.org/r/554852

gerritbot added a project: Patch-For-Review.Dec 5 2019, 1:22 PM
gerritbot added a comment.Dec 9 2019, 9:10 AM

Change 554852 merged by Muehlenhoff:
[operations/dns@master] Switch ldap-corp.eqiad.wikimedia.org to ldap-corp1001

https://gerrit.wikimedia.org/r/554852

Maintenance_bot removed a project: Patch-For-Review.Dec 9 2019, 10:10 AM
MoritzMuehlenhoff mentioned this in T231015: eqiad/codfw: 2 VMs for corp LDAP replicas.Dec 9 2019, 4:52 PM
gerritbot added a comment.Dec 9 2019, 4:52 PM

Change 555990 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/puppet@production] Turn old LDAP replicas into spares

https://gerrit.wikimedia.org/r/555990

gerritbot added a project: Patch-For-Review.Dec 9 2019, 4:52 PM
gerritbot added a comment.Dec 10 2019, 9:13 AM

Change 555990 merged by Muehlenhoff:
[operations/puppet@production] Turn old LDAP replicas into spares

https://gerrit.wikimedia.org/r/555990

Maintenance_bot removed a project: Patch-For-Review.Dec 10 2019, 10:11 AM
Stashbot added a comment.Dec 10 2019, 10:13 AM

Mentioned in SAL (#wikimedia-operations) [2019-12-10T10:13:52Z] <moritzm> stopping slapd on dubnium/pollux following application of the spare role T224557

ops-monitoring-bot added a comment.Dec 18 2019, 2:37 PM

cookbooks.sre.hosts.decommission executed by jmm@cumin2001 for hosts: pollux.wikimedia.org

  • pollux.wikimedia.org (FAIL)
    • Downtimed host on Icinga
    • No management interface found (likely a VM)
    • Unable to connect to the host, wipe of bootloaders will not be performed: Cumin execution failed (exit_code=2)
    • Failed to shutdown, manual intervention required: Cumin execution failed (exit_code=2)
    • Set Netbox status on VM not yet supported: manual intervention required
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB

ERROR: some step on some host failed, check the bolded items above

Stashbot added a comment.Dec 23 2019, 11:04 AM

Mentioned in SAL (#wikimedia-operations) [2019-12-23T11:04:19Z] <moritzm> removing dubnium in ganeti T224557

ops-monitoring-bot added a comment.Dec 23 2019, 11:06 AM

cookbooks.sre.hosts.decommission executed by jmm@cumin1001 for hosts: dubnium.wikimedia.org

  • dubnium.wikimedia.org (FAIL)
    • Downtimed host on Icinga
    • No management interface found (likely a VM)
    • Unable to connect to the host, wipe of bootloaders will not be performed: Cumin execution failed (exit_code=2)
    • Failed to shutdown, manual intervention required: Cumin execution failed (exit_code=2)
    • Set Netbox status on VM not yet supported: manual intervention required
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB

ERROR: some step on some host failed, check the bolded items above

gerritbot added a comment.Dec 23 2019, 11:13 AM

Change 560383 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/puppet@production] Remove remaining Puppet refs of old jessie LDAP corp servers

https://gerrit.wikimedia.org/r/560383

gerritbot added a project: Patch-For-Review.Dec 23 2019, 11:13 AM
gerritbot added a comment.Dec 23 2019, 12:14 PM

Change 560383 merged by Muehlenhoff:
[operations/puppet@production] Remove remaining Puppet refs of old jessie LDAP corp servers

https://gerrit.wikimedia.org/r/560383

MoritzMuehlenhoff closed this task as Resolved.Dec 23 2019, 1:06 PM

This is complete. The new systems based on buster are ldap-corp1001 and ldap-corp2001 and dubnium/pollux have been decomissioned.

Maintenance_bot removed a project: Patch-For-Review.Dec 23 2019, 1:11 PM
ayounsi reopened this task as Open.May 18 2020, 2:10 PM
ayounsi added a subscriber: ayounsi.

Not sure if I'm re-opening the proper task, but looks relevant.

dubnium/pollux are still present in DNS while I don't think they should (and they don't reply to pings).

gerritbot added a comment.May 18 2020, 3:14 PM

Change 597099 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/dns@master] Remove DNS entries for dubnium/pollux

https://gerrit.wikimedia.org/r/597099

gerritbot added a project: Patch-For-Review.May 18 2020, 3:14 PM
gerritbot added a comment.May 18 2020, 3:52 PM

Change 597099 merged by Muehlenhoff:
[operations/dns@master] Remove DNS entries for dubnium/pollux

https://gerrit.wikimedia.org/r/597099

MoritzMuehlenhoff closed this task as Resolved.May 18 2020, 3:53 PM
In T224557#6144902, @ayounsi wrote:

Not sure if I'm re-opening the proper task, but looks relevant.

dubnium/pollux are still present in DNS while I don't think they should (and they don't reply to pings).

Thanks, good catch! Fixed.

Maintenance_bot removed a project: Patch-For-Review.May 18 2020, 4:12 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL