puppetboard* are still on Stretch and should be moved to Buster. New VMs will be created in parallel and the old ones eventually shut down.
Description
Details
- Other Assignee
- jbond
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | jbond | T292522 Upgrade puppetboard to the latest version | |||
Resolved | MoritzMuehlenhoff | T264276 Migrate puppetboard to Bullseye |
Event Timeline
@MoritzMuehlenhoff ping me when this work will start as we might want to upgrade puppetboard too. At the time I had to apply a couple of internal patches because not yet merged upstream. We should re-check the status and evaluate.
The PRs I had there got eventually merged, at that time puppetboard was barely maintained so there was no release, but I guess they are included in the latest releases.
Then there is https://github.com/voxpupuli/puppetboard/issues/461 but I have totally forgotten what I might have done in our setup for that, but I'm sure I can reconstruct it.
Change 657812 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/puppet@production] Add puppetboard[12]002
Change 657812 merged by Muehlenhoff:
[operations/puppet@production] Add puppetboard[12]002
Change 726637 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] linux-host-entries: update puppetboard[12]002 servers to bullseye
Change 726637 merged by Jbond:
[operations/puppet@production] linux-host-entries: update puppetboard[12]002 servers to bullseye
Change 726872 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] stdlib: update stdlib from version 7.0.1 to 8.1.0
Change 726878 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] sslcert: switch to using ensure_packages
Change 726878 merged by Jbond:
[operations/puppet@production] sslcert: switch to using ensure_packages
Change 726872 merged by Jbond:
[operations/puppet@production] stdlib: update stdlib from version 7.0.1 to 8.1.0
Change 733002 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] P:puppetdb: update puppetboard hosts
Change 733002 merged by Jbond:
[operations/puppet@production] P:puppetdb: update puppetboard hosts
Change 734232 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] P:puppetmaster::ng: Enable catalog and update inventory facts
Change 734232 merged by Jbond:
[operations/puppet@production] P:puppetmaster::ng: Enable catalog and update inventory facts
Change 734255 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] P:puppetboard::ng: add notify for service
Change 734255 merged by Jbond:
[operations/puppet@production] P:puppetboard::ng: add notify for service
Change 734257 had a related patch set uploaded (by Jbond; author: John Bond):
[operations/puppet@production] P:puppetboard::ng: drop icinga check
Change 734257 merged by Jbond:
[operations/puppet@production] P:puppetboard::ng: drop icinga check
Change 736228 had a related patch set uploaded (by Jbond; author: jbond):
[operations/puppet@production] O:puppetboard: add puppetboard.w.o to the cert SAN
Change 736228 merged by Jbond:
[operations/puppet@production] O:puppetboard: add puppetboard.w.o to the cert SAN
I have now built puppetboard[12]002 with bullseye pypuppetdb 2.4 and puppetboard to 3.1. i will leave the old systems around for ~1week before starting the decommissioning process
Change 742704 had a related patch set uploaded (by Jbond; author: jbond):
[operations/puppet@production] scap::dsh: update puppetboard hosts to new host
Uncomplete list of things to cleanup in random order that I think are not needed anymore if we can ditch the old puppetboard puppet module:
- Gerrit repositories that could be deleted: https://gerrit.wikimedia.org/r/admin/repos/q/filter:puppetboard
- puppet's profile::puppetdb::puppetboard_hosts
- deploy-puppetboard system user
- Scap dsh settings for puppetboard
- decommission the old hosts
- cleanup site.pp
Change 742704 merged by Jbond:
[operations/puppet@production] scap::dsh: remove puppetboard; hosts now use apt
Thanks riccardo although unless im missing something:
This is still needed for the ferm ACL's
Yes but I think still refer to all 4 hosts. I meant cleanup the old hostnames from there, sorry.
Forgot to add: manual cleanup of the /srv/deployment/puppetboard directory in the deployment hosts
Yes but I think still refer to all 4 hosts. I meant cleanup the old hostnames from there, sorry.
ack thanks
Forgot to add: manual cleanup of the /srv/deployment/puppetboard directory in the deployment hosts
ack
Change 742731 had a related patch set uploaded (by Jbond; author: jbond):
[operations/puppet@production] P:puppetdb: drop old puppetboard hosts
Change 742731 merged by Jbond:
[operations/puppet@production] P:puppetdb: drop old puppetboard hosts
Ill close this and haneld the rest of the deom in https://phabricator.wikimedia.org/T296744
cookbooks.sre.hosts.decommission executed by jbond@cumin1001 for hosts: puppetboard2001.codfw.wmnet
- puppetboard2001.codfw.wmnet (PASS)
- Downtimed host on Icinga
- Found Ganeti VM
- VM shutdown
- Started forced sync of VMs in Ganeti cluster ganeti01.svc.codfw.wmnet to Netbox
- Removed from DebMonitor
- Removed from Puppet master and PuppetDB
- VM removed
- Started forced sync of VMs in Ganeti cluster ganeti01.svc.codfw.wmnet to Netbox
cookbooks.sre.hosts.decommission executed by jbond@cumin1001 for hosts: puppetboard1001.eqiad.wmnet
- puppetboard1001.eqiad.wmnet (PASS)
- Downtimed host on Icinga
- Found Ganeti VM
- VM shutdown
- Started forced sync of VMs in Ganeti cluster ganeti01.svc.eqiad.wmnet to Netbox
- Removed from DebMonitor
- Removed from Puppet master and PuppetDB
- VM removed
- Started forced sync of VMs in Ganeti cluster ganeti01.svc.eqiad.wmnet to Netbox