Once we have these we can decom or reclaim labpuppetmaster1001/1002
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Restricted Task | |||||
Resolved | None | T207536 Move various support services for Cloud VPS currently in prod into their own instances | |||
Resolved | Krenair | T171188 Move the main WMCS puppetmaster into the Labs realm | |||
Resolved | Andrew | T232429 Create in-cloud, cloud-vps-wide cumin masters |
Event Timeline
Change 535670 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] cloud cumin: don't use a bastion if cumin is already running in the cloud
Change 535677 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] cloud cumin: add cloud-cumin-01.cloudinfra as a cumin master
Change 535670 merged by Andrew Bogott:
[operations/puppet@production] cloud cumin: don't use a bastion if cumin is already running in the cloud
Change 535677 merged by Andrew Bogott:
[operations/puppet@production] cloud cumin: add cloud-cumin-01.cloudinfra as a cumin master
There's now a cumin master on cloud-cumon-01.cloudinfra.eqiad.wmflabs that seems to work just fine.
It seems to work within cloudinfra but I think we have a little bit of config tweaking to do.
Change 535727 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] Labs cumin masters: Only set project filter if we're a project-specific cumin master
Change 535733 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] Labs cumin masters: Remove config associated with proxying via bastion
https://gerrit.wikimedia.org/r/535727 should make it behave like the existing cumin master, https://gerrit.wikimedia.org/r/535733 is tidyup of historical stuff
(I tried applying the first of those manually on the new instance, ran cumin '*' id and saw 814 hosts will be targeted so that looks good - 664 of those hosts even respond how you'd expect with uid=0(root) gid=0(root) groups=0(root), we should go through the ones that don't later in a different task)
Change 535727 merged by Andrew Bogott:
[operations/puppet@production] Labs cumin masters: Only set openstack project filter if we're project-specific
Change 535866 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] cloud cumin: add a second cumin master
Change 535866 merged by Andrew Bogott:
[operations/puppet@production] cloud cumin: add a second cumin master
I built a second cumin host, cloud-cumin-02.cloudinfra.eqiad.wmflabs. It's partly for backup, and partly because I wanted to confirm that the existing puppetization is sufficient. It turns out that it is! The new host just required a reboot to get keyholder on board.
-02 doesn't reach quite as many hosts since I haven't hand-tuned the exceptions, but as puppet does its work it should eventually be equivalent to -01.
Change 535733 merged by Andrew Bogott:
[operations/puppet@production] Labs cumin masters: Remove config associated with proxying via bastion