Page MenuHomePhabricator
Create Task
Maniphest T286054

Evaluate Dragonfly for distribution of docker images
Closed, ResolvedPublic
Actions

Description

T264209 has shown that we'll need a different way of distributing docker images to kubernetes nodes.

I did a evaluation of Kraken and Dragonfly as docker-registry P2P layers (https://wikitech.wikimedia.org/wiki/User:JMeybohm/Docker-Registry-P2P) and settled with Dragonfly for a first test.

Notes I took during initial packaging, testing and writing first puppet code:

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+2 -0Add dragonfly-peer and supernode cumin aliases
operations/puppetproduction+1 -0dragonfly::dfdaemon: Ensure on codfw kubernetes nodes
operations/puppetproduction+13 -97Clean up appserver_dragonfly test role
operations/puppetproduction+4 -8appserver_dragonfly: Remove experimental stuff from appservers
operations/puppetproduction+5 -4dragonfly::dfdaemon: Notify dfdaemon on certificate change
operations/puppetproduction+1 -1dragonfly::dfdaemon: Add local hostname to dfdaemon certificate
operations/puppetproduction+15 -4prometheus::ops: Scrape metrics from dfdaemon
operations/puppetproduction+1 -1dragonfly: Switch codfw peers to codfw supernode
operations/puppetproduction+6 -1site/install_server: Add dragonfly-supernode2001 to DHCP and site.pp
operations/puppetproduction+16 -8dragonfly: Enable metric scraping for dfdaemon
operations/puppetproduction+11 -11site: Switch a bunch of eqiad appservers to appserver_dragonfly role
operations/debs/dragonflymaster+18 -18Create dragonfly user via systemd-sysusers
operations/puppetproduction+1 -1mediawiki::appserver_dragonfly: Fix docker package name
operations/puppetproduction+90 -2Add a temporary role for appservers plus docker and dragonfly
operations/debs/dragonflymaster+291 -0Add debian directory
integration/configmaster+5 -0Debian glue for operations/debs/dragonfly
operations/puppetproduction+11 -1dragonfly::dfdaemon: Allow to specify ratelimit for dfdaemon
operations/puppetproduction+2 -0dragonfly: Enable dfdaemon on eqiad kubernetes nodes
operations/puppetproduction+18 -1prometheus::ops: Add scraping config for dragonfly supernodes
operations/puppetproduction+8 -3dragonfly::dfdaemon
operations/puppetproduction+1 -1dragonfly::dfdaemon: Fix typo in dfdaemon config template
operations/puppetproduction+15 -6dragonfly: Don't run pki::get_cert in ensure=absent case
operations/puppetproduction+1 -1dragonfly::dfdaemon: Fix HTTPS_PROXY URI to actually use HTTPS
operations/puppetproduction+1 -0dragonfly::dfdaemon: Write certificate to /etc/dragonfly
operations/puppetproduction+4 -4dragonfly: Trim newlines in config files
operations/puppetproduction+28 -16kubernetes::*::worker: include dragonfly dfdaemon
operations/puppetproduction+13 -6dragonfly::dfdaemon: Make profile and module ensureable
operations/puppetproduction+11 -0site/install_server: Add dragonfly-supernode1001 to DHCP and site.pp
operations/puppetproduction+0 -7dragonfly: Remove fetching of $docker_registry_fqdn cert
operations/puppetproduction+203 -0dragonfly: Add dragonfly supernode and client (dfdaemon) modules
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Jul 2 2021, 2:22 PM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptJul 2 2021, 2:22 PM
JMeybohm triaged this task as High priority.Jul 2 2021, 2:22 PM
gerritbot added a comment.Jul 2 2021, 2:31 PM

Change 701530 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly: Add dragonfly supernode and client (dfdaemon) modules

https://gerrit.wikimedia.org/r/701530

gerritbot added a project: Patch-For-Review.Jul 2 2021, 2:31 PM
JMeybohm mentioned this in T286057: eqiad: 1 VM request for Dragonfly supernode.Jul 2 2021, 2:40 PM
gerritbot added a comment.Jul 2 2021, 3:08 PM

Change 701530 merged by JMeybohm:

[operations/puppet@production] dragonfly: Add dragonfly supernode and client (dfdaemon) modules

https://gerrit.wikimedia.org/r/701530

gerritbot added a comment.Jul 2 2021, 3:18 PM

Change 702979 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly: Remove fetching of $docker_registry_fqdn cert

https://gerrit.wikimedia.org/r/702979

gerritbot added a comment.Jul 2 2021, 3:25 PM

Change 702982 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] site/install_server: Add dragonfly-supernode1001 to DHCP and site.pp

https://gerrit.wikimedia.org/r/702982

Joe moved this task from Backlog to In Progress on the MW-on-K8s board.Jul 7 2021, 8:56 AM
gerritbot added a comment.Jul 12 2021, 9:14 AM

Change 702979 merged by JMeybohm:

[operations/puppet@production] dragonfly: Remove fetching of $docker_registry_fqdn cert

https://gerrit.wikimedia.org/r/702979

gerritbot added a comment.Jul 12 2021, 9:17 AM

Change 702982 merged by JMeybohm:

[operations/puppet@production] site/install_server: Add dragonfly-supernode1001 to DHCP and site.pp

https://gerrit.wikimedia.org/r/702982

gerritbot added a comment.Jul 13 2021, 11:58 AM

Change 704318 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Make profile and module ensureable

https://gerrit.wikimedia.org/r/704318

gerritbot added a comment.Jul 13 2021, 12:27 PM

Change 704322 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] kubernetes::*::worker: include dragonfly dfdaemon

https://gerrit.wikimedia.org/r/704322

gerritbot added a comment.Jul 13 2021, 3:51 PM

Change 704360 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly: Trim newlines in config files

https://gerrit.wikimedia.org/r/704360

gerritbot added a comment.Jul 15 2021, 9:22 AM

Change 704318 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Make profile and module ensureable

https://gerrit.wikimedia.org/r/704318

gerritbot added a comment.Jul 15 2021, 9:22 AM

Change 704360 merged by JMeybohm:

[operations/puppet@production] dragonfly: Trim newlines in config files

https://gerrit.wikimedia.org/r/704360

gerritbot added a comment.Jul 15 2021, 9:22 AM

Change 704322 merged by JMeybohm:

[operations/puppet@production] kubernetes::*::worker: include dragonfly dfdaemon

https://gerrit.wikimedia.org/r/704322

gerritbot added a comment.Jul 15 2021, 9:47 AM

Change 704755 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Write certificate to /etc/dragonfly

https://gerrit.wikimedia.org/r/704755

gerritbot added a comment.Jul 15 2021, 9:49 AM

Change 704755 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Write certificate to /etc/dragonfly

https://gerrit.wikimedia.org/r/704755

gerritbot added a comment.Jul 15 2021, 10:14 AM

Change 704758 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Fix HTTPS_PROXY URI to actually use HTTPS

https://gerrit.wikimedia.org/r/704758

gerritbot added a comment.Jul 15 2021, 10:16 AM

Change 704758 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Fix HTTPS_PROXY URI to actually use HTTPS

https://gerrit.wikimedia.org/r/704758

gerritbot added a comment.Jul 16 2021, 8:05 AM

Change 704921 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly: Don't run pki::get_cert in ensure=absent case

https://gerrit.wikimedia.org/r/704921

gerritbot added a comment.Jul 16 2021, 8:10 AM

Change 704921 merged by JMeybohm:

[operations/puppet@production] dragonfly: Don't run pki::get_cert in ensure=absent case

https://gerrit.wikimedia.org/r/704921

gerritbot added a comment.Jul 19 2021, 2:20 PM

Change 705382 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Fix typo in dfdaemon config template

https://gerrit.wikimedia.org/r/705382

gerritbot added a comment.Jul 19 2021, 2:28 PM

Change 705382 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Fix typo in dfdaemon config template

https://gerrit.wikimedia.org/r/705382

gerritbot added a comment.Jul 20 2021, 9:28 AM

Change 705627 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon

https://gerrit.wikimedia.org/r/705627

gerritbot added a comment.Jul 20 2021, 9:31 AM

Change 705627 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon

https://gerrit.wikimedia.org/r/705627

JMeybohm updated the task description. (Show Details)Jul 20 2021, 9:39 AM
gerritbot added a comment.Jul 20 2021, 9:46 AM

Change 705639 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly: Enable dfdaemon on eqiad kubernetes nodes

https://gerrit.wikimedia.org/r/705639

gerritbot added a comment.Jul 20 2021, 10:24 AM

Change 705646 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] prometheus::ops: Add jobs to scrape dragonfly supernodes

https://gerrit.wikimedia.org/r/705646

gerritbot added a comment.Jul 20 2021, 12:30 PM

Change 705646 merged by JMeybohm:

[operations/puppet@production] prometheus::ops: Add scraping config for dragonfly supernodes

https://gerrit.wikimedia.org/r/705646

gerritbot added a comment.Jul 20 2021, 2:09 PM

Change 705639 merged by JMeybohm:

[operations/puppet@production] dragonfly: Enable dfdaemon on eqiad kubernetes nodes

https://gerrit.wikimedia.org/r/705639

JMeybohm added a comment.Jul 22 2021, 9:28 AM

I did ran the ramp up test like I did for plain registry pulls with dragonfly on default settings (more or less) yesterday (see Wikitech for details on the process).
The tests where run in eiqad this time, but I used the eqiad docker registry nodes as well (to keep traffic DC local, besides from initial nginx cache warmup).

With the current settings, the average download time for the images has been pretty much constant, regardless of the number of nodes pulling in parallel (which is great). Also the network load on the docker-registries decreased overall and into a very acceptable area[1]. Unfortunately, the average download time for the image (as well as standard derivation) increased significantly[2] to around 5min.

I think there is quite some room for improvement by tuning dragonfly config. I'll be looking into that.

Interactive dashboards:

gerritbot added a comment.Jul 26 2021, 9:16 AM

Change 708068 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Allow to specify ratelimit for dfdaemon

https://gerrit.wikimedia.org/r/708068

gerritbot added a comment.Jul 26 2021, 9:23 AM

Change 708068 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Allow to specify ratelimit for dfdaemon

https://gerrit.wikimedia.org/r/708068

JMeybohm added a comment.EditedJul 26 2021, 2:51 PM

I went through various config options for the different components involved, but the only one yielding significant impact is rate limiting (surprise) which is set to 20M per default, when dfget is started via dfdaemon (dfget default is unlimited).

With a rate limit of 100M the average download time (15 parallel nodes) is around 00:01:35 with a standard deviation of 00:00:50. This is way more close to what we have seen running plain docker pull against 6 registry nodes (average DL time with 15 nodes: 00:01:18, std dev: 00:00:24) but obviously without the massive network usage on the registry nodes.

dancy added a comment.Jul 26 2021, 3:08 PM

Nice work!

gerritbot added a comment.Jul 28 2021, 9:41 AM

Change 708483 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/debs/dragonfly@master] Add debian directory

https://gerrit.wikimedia.org/r/708483

gerritbot added a comment.Jul 28 2021, 2:16 PM

Change 708534 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/debs/dragonfly@master] Create dragonfly user via systemd-sysusers

https://gerrit.wikimedia.org/r/708534

gerritbot added a comment.Jul 28 2021, 2:42 PM

Change 708536 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[integration/config@master] Debian glue for operations/debs/dragonfly

https://gerrit.wikimedia.org/r/708536

gerritbot added a comment.Jul 28 2021, 2:43 PM

Change 708536 merged by jenkins-bot:

[integration/config@master] Debian glue for operations/debs/dragonfly

https://gerrit.wikimedia.org/r/708536

gerritbot added a comment.Aug 3 2021, 8:52 AM

Change 708483 merged by jenkins-bot:

[operations/debs/dragonfly@master] Add debian directory

https://gerrit.wikimedia.org/r/708483

gerritbot added a comment.Aug 3 2021, 8:52 AM

Change 708534 merged by jenkins-bot:

[operations/debs/dragonfly@master] Create dragonfly user via systemd-sysusers

https://gerrit.wikimedia.org/r/708534

Stashbot added a comment.Aug 3 2021, 9:11 AM

Mentioned in SAL (#wikimedia-operations) [2021-08-03T09:11:50Z] <jayme> importing dragonfly 1.0.6-2 to buster-wikimedia and stretch-wikimedia - T286054

gerritbot added a comment.Aug 3 2021, 1:40 PM

Change 709703 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly: Enable metric scraping for dfdaemon

https://gerrit.wikimedia.org/r/709703

gerritbot added a comment.Aug 3 2021, 1:40 PM

Change 709704 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] prometheus::ops: Scrape metrics from dfdaemon

https://gerrit.wikimedia.org/r/709704

gerritbot added a comment.Aug 3 2021, 2:14 PM

Change 709719 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] Add a temporary role for appservers plus docker and dragonfly

https://gerrit.wikimedia.org/r/709719

gerritbot added a comment.Aug 3 2021, 3:27 PM

Change 709740 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] site: Switch a bunch of eqiad appservers to appserver_dragonfly role

https://gerrit.wikimedia.org/r/709740

gerritbot added a comment.Aug 4 2021, 8:20 AM

Change 709719 merged by JMeybohm:

[operations/puppet@production] Add a temporary role for appservers plus docker and dragonfly

https://gerrit.wikimedia.org/r/709719

gerritbot added a comment.Aug 4 2021, 8:32 AM

Change 709952 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] mediawiki::appserver_dragonfly: Fix docker package name

https://gerrit.wikimedia.org/r/709952

gerritbot added a comment.Aug 4 2021, 8:34 AM

Change 709952 merged by JMeybohm:

[operations/puppet@production] mediawiki::appserver_dragonfly: Fix docker package name

https://gerrit.wikimedia.org/r/709952

JMeybohm added a comment.Aug 4 2021, 9:49 AM

I've just reverted the CR adding systemd-sysusers to the dragonfly packages (https://gerrit.wikimedia.org/r/c/operations/debs/dragonfly/+/708534) as it segfaults on mw1384. The patch should be added back when T256098 is fixed.

Stashbot added a comment.Aug 4 2021, 10:29 AM

Mentioned in SAL (#wikimedia-operations) [2021-08-04T10:29:40Z] <jayme> importing dragonfly 1.0.6-1 (downgrade from 1.0.6-2) to buster-wikimedia and stretch-wikimedia - T286054

gerritbot added a comment.Aug 4 2021, 10:44 AM

Change 709740 merged by JMeybohm:

[operations/puppet@production] site: Switch a bunch of eqiad appservers to appserver_dragonfly role

https://gerrit.wikimedia.org/r/709740

Stashbot added a comment.Aug 4 2021, 10:48 AM

Mentioned in SAL (#wikimedia-operations) [2021-08-04T10:48:44Z] <jayme> switch most eqiad appservers to appserver_dragonly role for testing - T286054

JMeybohm added a comment.Aug 4 2021, 4:03 PM

The test with 73 nodes max shows a pull time of 00:01:46 with standard deviation of 00:00:33 [1] which is pretty close to the numbers from the test with 15 nodes. When looking at those numbers it must be taken into account that the appserver nodes do have to pull every layer of the image while the kubernetes nodes may skip some, because they are reused by some other image (like the debian base one) and can therefore not be removed prior to testing.

The network load on the registries in eqiad did peak around 10MB/s during the whole test run and the system load of the supernode is nowhere near problematic, peaking somewhere around 25% CPU usage / load 5 of 0.34 and less than 500MiB Used memory. So we can even lower the specs (at least memory wise) for the supernode in production I suppose.

Dynamic dashboards for the test time frame;

JMeybohm mentioned this in T288216: codfw: 1 VM request for Dragonfly supernode.Aug 5 2021, 9:49 AM
gerritbot added a comment.Aug 5 2021, 12:18 PM

Change 709703 merged by JMeybohm:

[operations/puppet@production] dragonfly: Enable metric scraping for dfdaemon

https://gerrit.wikimedia.org/r/709703

gerritbot added a comment.Aug 5 2021, 12:28 PM

Change 710247 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] site/install_server: Add dragonfly-supernode2001 to DHCP and site.pp

https://gerrit.wikimedia.org/r/710247

gerritbot added a comment.Aug 5 2021, 12:29 PM

Change 710247 merged by JMeybohm:

[operations/puppet@production] site/install_server: Add dragonfly-supernode2001 to DHCP and site.pp

https://gerrit.wikimedia.org/r/710247

gerritbot added a comment.Aug 5 2021, 1:43 PM

Change 710261 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly: Switch codfw peers to codfw supernode

https://gerrit.wikimedia.org/r/710261

gerritbot added a comment.Aug 5 2021, 1:44 PM

Change 710261 merged by JMeybohm:

[operations/puppet@production] dragonfly: Switch codfw peers to codfw supernode

https://gerrit.wikimedia.org/r/710261

JMeybohm added a comment.Aug 5 2021, 1:54 PM

FTR: I also did some tests pulling the images cross-dc (which we do usually because of the current active/passive nature of docker-registry) which does not yield significantly different results. Also pulling from just one registry (which I did by accident) went totally fine.

What I did check as well are failure scenarios like the supernode being unreachable when starting a pull and becoming unreachable during a pull. Both situations are handled transparently by dfdaemon which then falls back to pulling the chunks from docker-registry directly.

As all the (unencrypted) P2P traffic will stay DC local and only root users have access to kubernetes nodes, we decided to risk accept the no-TLS and credentials leak issues from the task summary for now and continue with rolling out dragonfly to codfw.

gerritbot added a comment.Aug 5 2021, 3:09 PM

Change 709704 merged by JMeybohm:

[operations/puppet@production] prometheus::ops: Scrape metrics from dfdaemon

https://gerrit.wikimedia.org/r/709704

gerritbot added a comment.Aug 5 2021, 4:02 PM

Change 710295 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Add local hostname to dfdaemon certificate

https://gerrit.wikimedia.org/r/710295

gerritbot added a comment.Aug 5 2021, 4:20 PM

Change 710295 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Add local hostname to dfdaemon certificate

https://gerrit.wikimedia.org/r/710295

gerritbot added a comment.Aug 6 2021, 7:23 AM

Change 710484 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Notify dfdaemon on certificate change

https://gerrit.wikimedia.org/r/710484

gerritbot added a comment.Aug 6 2021, 7:37 AM

Change 710485 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] appserver_dragonfly: Remove experimental stuff from appservers

https://gerrit.wikimedia.org/r/710485

gerritbot added a comment.Aug 6 2021, 7:42 AM

Change 710487 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] Clean up appserver_dragonfly test role

https://gerrit.wikimedia.org/r/710487

gerritbot added a comment.Aug 6 2021, 7:52 AM

Change 710484 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Notify dfdaemon on certificate change

https://gerrit.wikimedia.org/r/710484

gerritbot added a comment.Aug 6 2021, 9:20 AM

Change 710485 merged by JMeybohm:

[operations/puppet@production] appserver_dragonfly: Remove experimental stuff from appservers

https://gerrit.wikimedia.org/r/710485

gerritbot added a comment.Aug 6 2021, 10:40 AM

Change 710487 merged by JMeybohm:

[operations/puppet@production] Clean up appserver_dragonfly test role

https://gerrit.wikimedia.org/r/710487

gerritbot added a comment.Aug 6 2021, 11:35 AM

Change 710522 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] dragonfly::dfdaemon: Ensure on codfw kubernetes nodes

https://gerrit.wikimedia.org/r/710522

gerritbot added a comment.Aug 6 2021, 11:42 AM

Change 710522 merged by JMeybohm:

[operations/puppet@production] dragonfly::dfdaemon: Ensure on codfw kubernetes nodes

https://gerrit.wikimedia.org/r/710522

gerritbot added a comment.Aug 6 2021, 12:02 PM

Change 710528 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] Add dragonfly-peer and supernode cumin aliases

https://gerrit.wikimedia.org/r/710528

JMeybohm added a comment.Aug 6 2021, 12:22 PM

Dragonfly rolled out and active on main and staging clusters in eqiad and codfw.

JMeybohm updated the task description. (Show Details)Aug 10 2021, 6:54 AM
JMeybohm updated the task description. (Show Details)Aug 10 2021, 2:50 PM
gerritbot added a comment.Aug 11 2021, 8:30 AM

Change 710528 merged by JMeybohm:

[operations/puppet@production] Add dragonfly-peer and supernode cumin aliases

https://gerrit.wikimedia.org/r/710528

JMeybohm closed this task as Resolved.Aug 25 2021, 11:43 AM

This is done. Docs at https://wikitech.wikimedia.org/wiki/Dragonfly

Stashbot added a comment.Aug 27 2021, 10:56 AM

Mentioned in SAL (#wikimedia-operations) [2021-08-27T10:56:42Z] <akosiaris> sudo cumin 'mw*' 'ip ro ls dev docker0 && sysctl net.ipv4.ip_forward=0' to clear up the docker remnants of the dragonfly evaluation. T286054

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL