Page MenuHomePhabricator
Create Task
Maniphest T233391

zuul-server should not start on spare server when the Debian package is upgraded
Closed, ResolvedPublic
Actions

Description

Whenever upgrading the zuul debian package on the spare CI server (contint2001), the zuul server is started and establishes connections to Gerrit. That in turns fill in two SSH connections on Gerrit but since we limit the pool to 4 connections per server, the zuul-merger can no more fetches from Gerrit. That caused T233390.

I have mentioned the issue on https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/502203/ :

The reason for the change is that each time I upgrade the Zuul debian package, the service is started despite having:

hieradata/hosts/contint1001.yaml:profile::zuul::server::service_ensure: running
hieradata/hosts/contint2001.yaml:profile::zuul::server::service_ensure: stopped

And indeed the next puppet run would stop it:

Notice: /Stage[main]/Zuul::Server/Systemd::Service[zuul]/Service[zuul]/ensure: ensure changed 'running' to 'stopped'

But the package installation starts it nonetheless:

root@contint2001:~# dpkg -i zuul_2.5.1-wmf9_amd64.deb
...
Processing triggers for systemd (215-17+deb8u13) ...

root@contint2001:~# systemctl status zuul
Active: active (running) since Fri 2019-05-17 08:32:23 UTC; 4s ago

I guess I would need it to be masked instead?

Details

SubjectRepoBranchLines +/-
zuul: mask service when not enabledoperations/puppetproduction+7 -1
Revert "zuul: mask service when it is disabled"operations/puppetproduction+0 -85
zuul: mask service when it is disabledoperations/puppetproduction+85 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

hashar created this task.Sep 20 2019, 8:35 AM
hashar mentioned this in T233390: zuul-merger fails to fetch from Gerrit.Sep 20 2019, 8:39 AM
gerritbot added a comment.Sep 20 2019, 10:18 AM

Change 538233 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] zuul: mask service when it is disabled

https://gerrit.wikimedia.org/r/538233

gerritbot added a project: Patch-For-Review.Sep 20 2019, 10:18 AM
hashar claimed this task.Sep 20 2019, 10:21 AM
hashar triaged this task as Medium priority.
gerritbot added a comment.Sep 20 2019, 6:41 PM

Change 538233 merged by Dzahn:
[operations/puppet@production] zuul: mask service when it is disabled

https://gerrit.wikimedia.org/r/538233

Maintenance_bot removed a project: Patch-For-Review.Sep 20 2019, 7:10 PM
gerritbot added a comment.Sep 20 2019, 8:30 PM

Change 538329 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] Revert "zuul: mask service when it is disabled"

https://gerrit.wikimedia.org/r/538329

gerritbot added a project: Patch-For-Review.Sep 20 2019, 8:30 PM
gerritbot added a comment.Sep 20 2019, 8:35 PM

Change 538329 abandoned by Hashar:
Revert "zuul: mask service when it is disabled"

https://gerrit.wikimedia.org/r/538329

gerritbot added a comment.Sep 20 2019, 8:43 PM

Change 538329 restored by Hashar:
Revert "zuul: mask service when it is disabled"

https://gerrit.wikimedia.org/r/538329

gerritbot added a comment.Sep 20 2019, 8:45 PM

Change 538329 merged by Dzahn:
[operations/puppet@production] Revert "zuul: mask service when it is disabled"

https://gerrit.wikimedia.org/r/538329

gerritbot added a comment.Sep 20 2019, 8:48 PM

Change 538331 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] zuul: mask service when not enabled

https://gerrit.wikimedia.org/r/538331

gerritbot added a comment.Sep 20 2019, 8:56 PM

Change 538331 merged by Dzahn:
[operations/puppet@production] zuul: mask service when not enabled

https://gerrit.wikimedia.org/r/538331

hashar closed this task as Resolved.Sep 20 2019, 9:04 PM
hashar added a subscriber: Dzahn.

Solved with the assistance of @Dzahn

Thing learned:

Do not:

systemd::mask('service'}

But do:

service { 'zuul': enable => 'mask' }

Since systemd::mask execute a command to mask the service, the service can then enable it again... So really systemd::mask and systemd::unmask should be removed entirely. They are misleading.

Jdforrester-WMF moved this task from INBOX to Completed on the Release-Engineering-Team-TODO (201909) board.Sep 20 2019, 9:05 PM
Jdforrester-WMF removed a project: Patch-For-Review.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL