Page MenuHomePhabricator
Create Task
Maniphest T248872

puppet-merge lockout/tagout
Open, MediumPublic
Actions

Description

In outage scenarios it would be good to have some advisory locking of puppet-merges, to prevent the deployment of unrelated changes. In many industries something similar is known as "lockout-tagout".

  • Implement this in the wrapper script invoked by humans, not in the Python script that runs on each host and does git operations itself
    • Tagout file should only live on the 'master' puppetmaster (i.e. puppetmaster1001)
  • Should be possible to override with a new --force-tagout-override flag, specifically for this purpose (don't reuse existing --yes flag)
  • A new file under /var/lock seems appropriate, let's say /var/lock/disable-puppet-merge
    • The contents of such should include a username and also a message, but even an empty file must prevent merges
    • Likely also want scripts to create and remove a tagout condition

Details

SubjectRepoBranchLines +/-
puppet-merge: implement Lock out, tag outoperations/puppetproduction+67 -6
Customize query in gerrit

Event Timeline

CDanis created this task.Mar 30 2020, 3:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 30 2020, 3:50 PM
CDanis renamed this task from puppet-merge manual locking to puppet-merge lockout/tagout.Mar 30 2020, 3:51 PM
CDanis triaged this task as Medium priority.
Aklapper removed CDanis as the assignee of this task.Sep 26 2022, 10:30 AM

Removing task assignee due to inactivity as this open task has been assigned for more than two years. See the email sent to the task assignee on August 22nd, 2022.
Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome!
If this task has been resolved in the meantime, or should not be worked on ("declined"), please update its task status via "Add Action… 🡒 Change Status".
Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator. Thanks!

jbond edited projects, added Puppet-Core, User-jbond; removed SRE.May 23 2023, 1:04 PM
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptMay 23 2023, 1:04 PM
gerritbot added a comment.May 24 2023, 5:49 PM

Change 922915 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppet-merge: implement Lock out, tag out

https://gerrit.wikimedia.org/r/922915

gerritbot added a project: Patch-For-Review.May 24 2023, 5:49 PM
gerritbot added a comment.Jun 6 2023, 2:28 PM

Change 922915 merged by Jbond:

[operations/puppet@production] puppet-merge: implement Lock out, tag out

https://gerrit.wikimedia.org/r/922915

Maintenance_bot removed a project: Patch-For-Review.Jun 6 2023, 2:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits