Page MenuHomePhabricator
Create Task
Maniphest T287465

Cookbooks repository: avoid stale code in master branch
Closed, ResolvedPublic
Actions

Description

Current situation

Currently we have the master branch of the cookbooks repo that is deployed to the cumin hosts and is the authoritative source of all the cookbooks that run in production, from the production hosts.
Then the wmcs branch of the repository was created to unblock the development on the WMCS side.
When the wmcs branch of the same repo was created there were already some existing cookbooks in the wmcs/ subtree.
As the development has progressed in the wmcs branch for all things WMCS-related, the original copy of the existing cookbooks in the wmcs/ subtree is not anymore authoritative and in many cases also obsolete having stale copies of the cookbooks that have been updated in the wmcs branch.

Practical issues
  • The stale copies of those cookbooks are deployed to the cumin hosts, with the risk of potentially running stale/obsolete code.
  • As I'm about to remove the deprecated icinga.Icinga class in favor of the icinga.IcingaHosts one, I found that I would need to update both copies of the wmcs and master branches. Apart the double patch (that is not a big problem ofc), this will also create more conflicts when rebasing the wmcs branch on top of the master one.
  • There are currently cookbooks in the master branch that are deployed to the cumin hosts that can't be run from there as they will fail because they are supposed to be run from the local environment of a WMCS SRE.
Proposal

Simplify the distinction of the two branches, removing all stale/obsolete cookbooks in the wmcs/ subtree that are not supposed to be run from production and for which the copy in the wmcs branch is the one authoritative.
The only current exception that I can see is the wmcs/wikireplicas/add_wiki.py cookbook, that AFAIK is run from production.
I see two mutually alternative clear cuts here:

  1. remove all wmcs/** cookbooks from the master branch and all additional code in wmcs/__init__py leaving just the add_wiki cookbook there.
  2. move the add_wiki cookbook into the sre/ subtree and remove entirely the wmcs/ subtree from the master branch.

This will effectively remove all stale code, reduce or remove conflicts when rebasing the wmcs branch, make more clear (even more with (2) than (1)) which branch is authoritative for which cookbook, remove the need of unnecessary patches to modify obsolete code that uses old Spicerack features when those are modified/removed.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: fix typo in sudo ruleoperations/puppetproduction+1 -1
wmcs: remove wmcs/ subtreeoperations/cookbooksmaster+0 -1 K
admin: update sudo rule for renamed cookbookoperations/puppetproduction+1 -1
wmcs.wikireplicas.add_wiki: renameoperations/cookbooksmaster+2 -2
Customize query in gerrit

Related Objects

Event Timeline

Volans created this task.Jul 27 2021, 1:10 PM
Volans triaged this task as Medium priority.
Restricted Application edited projects, added cloud-services-team (Kanban), Infrastructure-Foundations; removed cloud-services-team. · View Herald TranscriptJul 27 2021, 1:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
dcaro added a comment.Jul 27 2021, 2:18 PM

Some notes:

The stale copies of those cookbooks are deployed to the cumin hosts, with the risk of potentially running stale/obsolete code.
There are currently cookbooks in the master branch that are deployed to the cumin hosts that can't be run from there as they will fail because they are supposed to be run from the local environment of a WMCS SRE.

As you mentioned in the chat, only wmcs ever runs those tasks, and we do know which ones should be run locally and which can be run on cumin. The risk you mention imo is very low (and the impact is very little).
Btw. I'd prefer to call them frozen, not stale, as they are actively monitored, maintained and tracked.

As I'm about to remove the deprecated icinga.Icinga class in favor of the icinga.IcingaHosts one, I found that I would need to update both copies of the wmcs and master branches. Apart the double patch (that is not a big problem ofc), this will also create more conflicts when rebasing the wmcs branch on top of the master one.

Removing the tasks will make the rebasing even harder, and the merge later too.

I propose doing the Icinga patch on master, rebase the wmcs branch, and continue with the current setup, keeping the code frozen until the decision to merge or not is taken (as previously discussed). That avoids extra diverging of the branches and minimizes the effort needed to merge in the future.

Volans added a comment.Jul 27 2021, 2:22 PM
In T287465#7239650, @dcaro wrote:

Removing the tasks will make the rebasing even harder, and the merge later too.

What do you mean? I don't understand the english, sorry.

Volans added a comment.Jul 27 2021, 2:37 PM
In T287465#7239650, @dcaro wrote:

Some notes:

The stale copies of those cookbooks are deployed to the cumin hosts, with the risk of potentially running stale/obsolete code.
There are currently cookbooks in the master branch that are deployed to the cumin hosts that can't be run from there as they will fail because they are supposed to be run from the local environment of a WMCS SRE.

As you mentioned in the chat, only wmcs ever runs those tasks, and we do know which ones should be run locally and which can be run on cumin. The risk you mention imo is very low (and the impact is very little).
Btw. I'd prefer to call them frozen, not stale, as they are actively monitored, maintained and tracked.

I disagree, the cookbooks for which the development has gone forward in the wmcs branch and not reflected in the master branch are effectively stale in the master version of them. If I pick for example the wmcs/openstack/cloudvirt/unset_maintenance.py cookbook between the wmcs version and the master version of it. They are quite different, the wmcs one has got 7 additional commits. It has also an obvious bug at line 90 for example, that was fixed in a later commit in the wmcs branch. How can the master version of it be considered "actively monitored, maintained and tracked" ?

dcaro added a comment.EditedJul 27 2021, 2:47 PM

What do you mean? I don't understand the english, sorry.

Rephrasing: Removing the tasks from the master branch will make rebasing the wmcs branch on top of it harder, and merging the wmcs branch onto master at a later time harder too.

How can the master version of it be considered "actively monitored, maintained and tracked" ?

It's frozen, so no changes can go to it (as per our agreement), but it's actively monitored, maintained and tracked in order to not allow any patches in, to rebase on top of any repo-wide refactorings done to any of them. If there's any critical issue with them (ex. breaking CI, breaking other tasks) they will get patched too. The wmcs branch is being also actively developed, that's why there's differences (and we are not allowed to backport any of those changes to master yet, so expect it to keep diverging).

Volans added a comment.Jul 27 2021, 2:50 PM
In T287465#7239783, @dcaro wrote:

What do you mean? I don't understand the english, sorry.

Rephrasing: Removing the tasks from the master branch will make rebasing the wmcs branch on top of it harder, and merging the wmcs branch onto master at a later time harder too.

If for tasks you mean the cookbooks, I don't get it. How removing the entire wmcs/ subtree can make any rebase harder given that there is guarantee of no conflicts at all as the branch has a path that is not present in master?

dcaro added a comment.Jul 27 2021, 2:53 PM

How removing the entire wmcs/ subtree can make any rebase harder given that there is guarantee of no conflicts at all as the branch has a path that is not present in master?

Because the branch was made when the subtree existed, so there's already quite a bit of git history that would be lost.

jbond added a comment.Jul 27 2021, 3:20 PM

Because the branch was made when the subtree existed, so there's already quite a bit of git history that would be lost.

Have been following along and appolagise up front iof im just adding noise however I think I'm missing something here. Tthe git history will still be preserved as in, you will still be able to see all the log messages and diff between files. The fact that wmcs is deleted will of course cause a conflict when merging as the files are deleted in one branch but on the other. however i think this is fairly easy to fix e.g.

$ git rm -r cookbooks/wmcs/
rm 'cookbooks/wmcs/__init__.py'
rm 'cookbooks/wmcs/openstack/__init__.py'
rm 'cookbooks/wmcs/openstack/cloudvirt/set_maintenance.py'
rm 'cookbooks/wmcs/openstack/cloudvirt/unset_maintenance.py'
rm 'cookbooks/wmcs/toolforge/__init__.py'
rm 'cookbooks/wmcs/toolforge/add_etcd_node.py'
rm 'cookbooks/wmcs/toolforge/etcd/__init__.py'
rm 'cookbooks/wmcs/toolforge/etcd/add_node_to_cluster.py'
rm 'cookbooks/wmcs/toolforge/etcd/add_node_to_hiera.py'
rm 'cookbooks/wmcs/toolforge/etcd/depool_and_remove_node.py'
rm 'cookbooks/wmcs/toolforge/etcd/remove_node_from_hiera.py'
rm 'cookbooks/wmcs/toolforge/remove_etcd_node.py'
rm 'cookbooks/wmcs/toolforge/start_instance_with_prefix.py'
rm 'cookbooks/wmcs/vps/__init__.py'
rm 'cookbooks/wmcs/vps/refresh_puppet_certs.py'
rm 'cookbooks/wmcs/vps/remove_instance.py'
rm 'cookbooks/wmcs/wikireplicas/__init__.py'
rm 'cookbooks/wmcs/wikireplicas/add_wiki.py'
$ git commit -a -m'remove wmcs directory'                                         
[master 3711dd8] remove wmcs directory
 18 files changed, 1884 deletions(-)
 delete mode 100644 cookbooks/wmcs/__init__.py
 delete mode 100644 cookbooks/wmcs/openstack/__init__.py
 delete mode 100644 cookbooks/wmcs/openstack/cloudvirt/set_maintenance.py
 delete mode 100644 cookbooks/wmcs/openstack/cloudvirt/unset_maintenance.py
 delete mode 100644 cookbooks/wmcs/toolforge/__init__.py
 delete mode 100644 cookbooks/wmcs/toolforge/add_etcd_node.py
 delete mode 100644 cookbooks/wmcs/toolforge/etcd/__init__.py
 delete mode 100644 cookbooks/wmcs/toolforge/etcd/add_node_to_cluster.py
 delete mode 100644 cookbooks/wmcs/toolforge/etcd/add_node_to_hiera.py
 delete mode 100644 cookbooks/wmcs/toolforge/etcd/depool_and_remove_node.py
 delete mode 100644 cookbooks/wmcs/toolforge/etcd/remove_node_from_hiera.py
 delete mode 100644 cookbooks/wmcs/toolforge/remove_etcd_node.py
 delete mode 100644 cookbooks/wmcs/toolforge/start_instance_with_prefix.py
 delete mode 100644 cookbooks/wmcs/vps/__init__.py
 delete mode 100644 cookbooks/wmcs/vps/refresh_puppet_certs.py
 delete mode 100644 cookbooks/wmcs/vps/remove_instance.py
 delete mode 100644 cookbooks/wmcs/wikireplicas/__init__.py
 delete mode 100644 cookbooks/wmcs/wikireplicas/add_wiki.py
$ git merge wmcs                                                          
CONFLICT (modify/delete): cookbooks/wmcs/vps/refresh_puppet_certs.py deleted in HEAD and modified in wmcs. Version wmcs of cookbooks/wmcs/vps/refresh_puppet_certs.py left in tree.
CONFLICT (modify/delete): cookbooks/wmcs/toolforge/start_instance_with_prefix.py deleted in HEAD and modified in wmcs. Version wmcs of cookbooks/wmcs/toolforge/start_instance_with_prefix.py left in tree.
CONFLICT (modify/delete): cookbooks/wmcs/openstack/cloudvirt/unset_maintenance.py deleted in HEAD and modified in wmcs. Version wmcs of cookbooks/wmcs/openstack/cloudvirt/unset_maintenance.py left in tree.
CONFLICT (modify/delete): cookbooks/wmcs/openstack/cloudvirt/set_maintenance.py deleted in HEAD and modified in wmcs. Version wmcs of cookbooks/wmcs/openstack/cloudvirt/set_maintenance.py left in tree.
CONFLICT (modify/delete): cookbooks/wmcs/__init__.py deleted in HEAD and modified in wmcs. Version wmcs of cookbooks/wmcs/__init__.py left in tree.
Automatic merge failed; fix conflicts and then commit the result.
$ git add cookbooks/wmcs/   
$ git merge --continue 
[master 3c25c12] Merge branch 'wmcs'

We can also rebase the wmcs branch after we have removed the wmcs folder (this was a bit more involved but still < 5 minutes work), which would make merging wmcs backing master at a later date a none issue.

Both theses options seem much less painful then having to update two separate branches with the same change.

dcaro added a comment.Jul 27 2021, 5:33 PM

You'll have to keep applying the changes/refactors to both branches, that will not go away until they are merged (if Icinga gets replaced by IcingaHosts, the change will have to happen also on the wmcs branch).

So there's no benefit there.

jbond added a comment.EditedJul 27 2021, 6:13 PM
In T287465#7240495, @dcaro wrote:

You'll have to keep applying the changes/refactors to both branches, that will not go away until they are merged (if Icinga gets replaced by IcingaHosts, the change will have to happen also on the wmcs branch).

Considering the current case of deprecating icinga.Icinga class from what i can tell in the current set up we would need to:

  • create a commit to update everything under sre
  • create a commit to update everything under wmcs directory in the master branch
    • of course this could be the same commit as above but the point is its updating an additional set of files
  • git checkout wmcs; git rebase -i master
    • not sure if this is done currently however this merge is likely going to be more painful [then the proposal below] as there are modifications in both branches
  • then make a commit to change to any additional files under the wmcs directory in the wmcs branch

If we go with proposal from the original post then we would have

  • create a commit to update everything under sre
  • git checkout wmcs; git rebase -i master
    • this should be painless as, AFAIK, the wmcs branch doesn't change files under sre and the master branch doesn't change files under wmcs
  • then a commit make a change to the files under the wmcs directory in the wmcs branch

To me it seems like going with the later proposal i.e. removing the wmcs directory in master then doing a git rebase -i master in the wmcs branch, is a cheep cost to pay now and will make rebasing and a final merge much easier in the future. what are the down sides of doing this? or phrased differently what are the benefits of keeping the wmcs directory in the master branch?

dcaro added a comment.Jul 28 2021, 7:34 AM

Sure, I'm exhausted, do whatever you feel more comfortable with, let me know if there's anything needed on my side.

mark subscribed.Jul 28 2021, 10:57 AM
Bstorm subscribed.Jul 28 2021, 7:13 PM

I should mention here that the original purpose of the wmcs prefix in the master branch is to enable running of the add_wiki cookbook by those who have admin access to do the manual tasks on the Wikireplicas databases T261145

If you move it elsewhere, please update the sudo definition and perhaps the secure_cookbook wrapper as needed.

jbond added a comment.EditedJul 29 2021, 2:31 PM
In T287465#7244334, @Bstorm wrote:

I should mention here that the original purpose of the wmcs prefix in the master branch is to enable running of the add_wiki cookbook by those who have admin access to do the manual tasks on the Wikireplicas databases T261145

Thanks brooke, the original proposal was to do either of the following:

  1. remove all wmcs/** cookbooks from the master branch and all additional code in wmcs/__init__py leaving just the add_wiki cookbook there.
  2. move the add_wiki cookbook into the sre/ subtree and remove entirely the wmcs/ subtree from the master branch.

Personally i have a slight presence for option two however i think both are workable if WMCS (or riccardo for that matter :)) would prefer option one? That said i have had to work on some puppetdb issues the last two days and im on vacation next week so will leave this for riccardo to pick up again when he is back in.

If you move it elsewhere, please update the sudo definition and perhaps the secure_cookbook wrapper as needed.

noted

joanna_borun added a comment.Aug 17 2021, 2:35 PM

Thank you all for such an active conversation. Myself and Nicholas would like to follow up on this thread and sum up the conversation with next steps that we sign under - please proceed with moving the add_wiki cookbook into the sre/ subtree and remove entirely the wmcs/ subtree from the master branch.

Thanks,
Joanna & Nicholas

Volans claimed this task.Aug 25 2021, 3:06 PM
gerritbot added a comment.Aug 25 2021, 3:46 PM

Change 714797 had a related patch set uploaded (by Volans; author: Volans):

[operations/cookbooks@master] wmcs.wikireplicas.add_wiki: rename

https://gerrit.wikimedia.org/r/714797

gerritbot added a project: Patch-For-Review.Aug 25 2021, 3:46 PM

Change 714798 had a related patch set uploaded (by Volans; author: Volans):

[operations/cookbooks@master] wmcs: remove wmcs/ subtree

https://gerrit.wikimedia.org/r/714798

gerritbot added a comment.Aug 25 2021, 3:47 PM

Change 714799 had a related patch set uploaded (by Volans; author: Volans):

[operations/puppet@production] admin: update sudo rule for renamed cookbook

https://gerrit.wikimedia.org/r/714799

gerritbot added a comment.Aug 27 2021, 6:29 AM

Change 714797 merged by Volans:

[operations/cookbooks@master] wmcs.wikireplicas.add_wiki: rename

https://gerrit.wikimedia.org/r/714797

gerritbot added a comment.Aug 27 2021, 6:30 AM

Change 714799 merged by Volans:

[operations/puppet@production] admin: update sudo rule for renamed cookbook

https://gerrit.wikimedia.org/r/714799

gerritbot added a comment.Aug 27 2021, 6:37 AM

Change 714798 merged by jenkins-bot:

[operations/cookbooks@master] wmcs: remove wmcs/ subtree

https://gerrit.wikimedia.org/r/714798

Volans added a subscriber: bd808.Aug 27 2021, 6:41 AM

The above patches have all been merged and deployed.
The add_wiki cookbook is now available as sre.wikireplicas.add-wiki. The related documentation at https://wikitech.wikimedia.org/wiki/Add_a_wiki#Best_method has been updated.
@nskaggs @bd808: when you get a chance could you test that you can still run it with the new name? The sudo rule for the secure-cookbook wrapper has been updated too.

Leaving it open for confirmation that all works fine.

Maintenance_bot removed a project: Patch-For-Review.Aug 27 2021, 7:10 AM
nskaggs added a comment.Aug 27 2021, 1:35 PM

@Volans, as far as I can tell, I can no longer use this cookbook. The sudo rule no longer seems to work.

gerritbot added a comment.Aug 27 2021, 6:02 PM

Change 715271 had a related patch set uploaded (by Volans; author: Volans):

[operations/puppet@production] admin: fix typo in sudo rule

https://gerrit.wikimedia.org/r/715271

gerritbot added a project: Patch-For-Review.Aug 27 2021, 6:02 PM

Change 715271 merged by Volans:

[operations/puppet@production] admin: fix typo in sudo rule

https://gerrit.wikimedia.org/r/715271

Volans added a comment.Aug 27 2021, 6:06 PM

@nskaggs sorry for the trouble, there was a typo in the puppet patch, it should be fixed now.

Maintenance_bot removed a project: Patch-For-Review.Aug 27 2021, 6:10 PM
Volans closed this task as Resolved.Sep 22 2021, 7:29 AM

AFAIK it's all working fine, resolving, feel free to re-open if you encounter any issue.

BTullis mentioned this in T315442: Wiki replicas are not fully setup for newly created wikis.Aug 17 2022, 2:11 PM
Volans mentioned this in rCCKB84d104d0f2f0: wmcs.wikireplicas.add_wiki: rename.Dec 14 2022, 3:28 PM
Volans mentioned this in rCCKB71309569dc36: wmcs: remove wmcs/ subtree.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits