Page MenuHomePhabricator
Create Task
Maniphest T293728

setup/install kubernetes10[18-22]
Closed, ResolvedPublic
Actions

Description

New nodes kubernetes10[18-22] have been handed over by DC-Ops and need to be setup/added do the cluster.

These are replacements for kubernetes100[1-4], so those need to be decommissioned afterwards.

https://wikitech.wikimedia.org/wiki/Kubernetes/Clusters/Add_or_remove_nodes

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add kubernetes1018-1022operations/puppetproduction+70 -7
Add kubernetes1018-1022 as BGP neighborsoperations/homer/publicmaster+5 -0
install_server: set new partman recipe for new k8s nodesoperations/puppetproduction+2 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Oct 19 2021, 7:38 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 19 2021, 7:38 AM
elukey subscribed.Nov 24 2021, 7:55 AM

Opened T296369 for kubernetes1018.

Jelto subscribed.Nov 29 2021, 4:36 PM
JMeybohm updated the task description. (Show Details)Jan 18 2022, 5:06 PM
JMeybohm added a subscriber: akosiaris.
akosiaris claimed this task.Jan 18 2022, 5:07 PM
JMeybohm added a comment.Feb 16 2022, 11:12 AM

@akosiaris we could postpone this a bit and image the nodes with bullseye + overlayfs directly (T300744) to not loose capacity when something goes sideways. AIUI we will be having replacements racked in codfw soon as well. We could do the same with them.

akosiaris changed the task status from Open to Stalled.Feb 16 2022, 1:26 PM
In T293728#7714290, @JMeybohm wrote:

@akosiaris we could postpone this a bit and image the nodes with bullseye + overlayfs directly (T300744) to not loose capacity when something goes sideways. AIUI we will be having replacements racked in codfw soon as well. We could do the same with them.

Yes, I don't see why not. Ping me when I can proceed with this.

elukey added a comment.EditedFeb 16 2022, 1:34 PM

@akosiaris in theory we can have bullseye+overlay nodes simply adding this per-host hiera config:

# See https://phabricator.wikimedia.org/T300744
profile::base::overlayfs: true
profile::docker::engine::force_default_docker_storage: true
profile::docker::storage::physical_volumes: ~
profile::docker::storage::vg_to_remove: ~
profile::docker::engine::packagename: "docker.io"

We are currently checking that everything looks good on the ml-serve bullseye nodes (ml-serve200[5-8], once done you are free to go :)

akosiaris added a comment.Feb 16 2022, 1:36 PM
In T293728#7714672, @elukey wrote:

@akosiaris in theory we can have bullseye+overlay nodes simply adding this per-host hiera config:

# See https://phabricator.wikimedia.org/T300744
profile::base::overlayfs: true
profile::docker::engine::force_default_docker_storage: true
profile::docker::storage::physical_volumes: ~
profile::docker::storage::vg_to_remove: ~

We are currently checking that everything looks good on the ml-serve bullseye nodes (ml-serve200[5-8], once done you are free to go :)

Super! Can't wait for it :-)

elukey added a comment.Feb 21 2022, 4:48 PM

@akosiaris both staging clusters are on bullseye with overlay, I have updated the hiera settings after some rounds of reimage. I am currently reimaging all ml-serve nodes with the following procedure:

  1. disable puppet on the target node
  2. merge a puppet change with the above per-host hiera config
  3. drain the node + depool from kubesvc
  4. kick off the reimage with bullseye

Then once the host is up and running, uncordon/pool/etc.. For new nodes it is easier, maybe we could try to add one with bullseye + overlay and check how it goes. @JMeybohm thoughts?

JMeybohm added a comment.Feb 21 2022, 5:04 PM
In T293728#7726108, @elukey wrote:

Then once the host is up and running, uncordon/pool/etc.. For new nodes it is easier, maybe we could try to add one with bullseye + overlay and check how it goes. @JMeybohm thoughts?

Yes. I would start with codfw (T302208) but that is probably more like personal preference.

akosiaris changed the task status from Stalled to Open.Feb 24 2022, 8:13 AM

Cool, moving back to open, I 'll tend to this early next week.

elukey added a comment.Feb 24 2022, 8:26 AM

Important note - we had to modify grub's config to add systemd.unified_cgroup_hierarchy=0 (the kubelets do not support the new cgroup hierarchy in 1.16) so a reboot is needed (the one done by the reimage cookbook is enough).

elukey renamed this task from setup/install kubernetes10[18-21] to setup/install kubernetes10[18-22].Feb 28 2022, 10:34 AM
elukey updated the task description. (Show Details)
gerritbot added a comment.Feb 28 2022, 1:33 PM

Change 766588 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] install_server: set new partman recipe for new k8s nodes

https://gerrit.wikimedia.org/r/766588

gerritbot added a project: Patch-For-Review.Feb 28 2022, 1:33 PM
gerritbot added a comment.Feb 28 2022, 1:37 PM

Change 766588 merged by Elukey:

[operations/puppet@production] install_server: set new partman recipe for new k8s nodes

https://gerrit.wikimedia.org/r/766588

Maintenance_bot removed a project: Patch-For-Review.Feb 28 2022, 2:11 PM
JMeybohm added a parent task: T300744: Move kubernetes workers to bullseye and docker to overlayfs.Mar 4 2022, 1:33 PM
JMeybohm mentioned this in T300744: Move kubernetes workers to bullseye and docker to overlayfs.Mar 4 2022, 1:48 PM
JMeybohm added a subtask: T303044: decommission kubernetes100[1-4].Mar 4 2022, 1:53 PM
gerritbot added a comment.Mar 17 2022, 11:08 AM

Change 771564 had a related patch set uploaded (by Alexandros Kosiaris; author: Alexandros Kosiaris):

[operations/homer/public@master] Add kubernetes1018-1022 as BGP neighbors

https://gerrit.wikimedia.org/r/771564

gerritbot added a project: Patch-For-Review.Mar 17 2022, 11:08 AM
gerritbot added a comment.Mar 17 2022, 1:58 PM

Change 771598 had a related patch set uploaded (by Alexandros Kosiaris; author: Alexandros Kosiaris):

[operations/puppet@production] Add kubernetes1018-1022

https://gerrit.wikimedia.org/r/771598

gerritbot added a comment.Mar 17 2022, 2:06 PM

Change 771564 merged by jenkins-bot:

[operations/homer/public@master] Add kubernetes1018-1022 as BGP neighbors

https://gerrit.wikimedia.org/r/771564

akosiaris added a comment.Mar 17 2022, 2:10 PM
In T293728#7734355, @elukey wrote:

Important note - we had to modify grub's config to add systemd.unified_cgroup_hierarchy=0 (the kubelets do not support the new cgroup hierarchy in 1.16) so a reboot is needed (the one done by the reimage cookbook is enough).

4/5 nodes are stretch, I 'll reimage all of them anyway as part of the process. I guess that should do it.

gerritbot added a comment.Mar 17 2022, 2:57 PM

Change 771598 merged by Alexandros Kosiaris:

[operations/puppet@production] Add kubernetes1018-1022

https://gerrit.wikimedia.org/r/771598

ops-monitoring-bot added a comment.Mar 17 2022, 3:00 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1018.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 3:00 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1019.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 3:30 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1020.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 3:31 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1021.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 3:31 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1022.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 5:04 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1018.eqiad.wmnet with OS bullseye executed with errors:

  • kubernetes1018 (FAIL)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • The reimage failed, see the cookbook logs for the details
ops-monitoring-bot added a comment.Mar 17 2022, 5:05 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1018.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 5:06 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1019.eqiad.wmnet with OS bullseye executed with errors:

  • kubernetes1019 (FAIL)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • The reimage failed, see the cookbook logs for the details
ops-monitoring-bot added a comment.Mar 17 2022, 5:07 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1019.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 5:08 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1021.eqiad.wmnet with OS bullseye executed with errors:

  • kubernetes1021 (FAIL)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • The reimage failed, see the cookbook logs for the details
ops-monitoring-bot added a comment.Mar 17 2022, 5:08 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1021.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 5:08 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1022.eqiad.wmnet with OS bullseye executed with errors:

  • kubernetes1022 (FAIL)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • The reimage failed, see the cookbook logs for the details
ops-monitoring-bot added a comment.Mar 17 2022, 5:09 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1022.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 5:09 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1020.eqiad.wmnet with OS bullseye executed with errors:

  • kubernetes1020 (FAIL)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • The reimage failed, see the cookbook logs for the details
ops-monitoring-bot added a comment.Mar 17 2022, 5:09 PM

Cookbook cookbooks.sre.hosts.reimage was started by akosiaris@cumin1001 for host kubernetes1020.eqiad.wmnet with OS bullseye

ops-monitoring-bot added a comment.Mar 17 2022, 5:30 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1018.eqiad.wmnet with OS bullseye completed:

  • kubernetes1018 (PASS)
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202203171705_akosiaris_1754508_kubernetes1018.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Mar 17 2022, 5:33 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1020.eqiad.wmnet with OS bullseye completed:

  • kubernetes1020 (PASS)
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202203171709_akosiaris_1754946_kubernetes1020.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Mar 17 2022, 5:35 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1019.eqiad.wmnet with OS bullseye completed:

  • kubernetes1019 (PASS)
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202203171707_akosiaris_1754672_kubernetes1019.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Mar 17 2022, 5:36 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1021.eqiad.wmnet with OS bullseye completed:

  • kubernetes1021 (PASS)
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202203171708_akosiaris_1754826_kubernetes1021.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Mar 17 2022, 5:37 PM

Cookbook cookbooks.sre.hosts.reimage started by akosiaris@cumin1001 for host kubernetes1022.eqiad.wmnet with OS bullseye completed:

  • kubernetes1022 (PASS)
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202203171708_akosiaris_1754867_kubernetes1022.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Stashbot added a comment.Mar 17 2022, 6:18 PM

Mentioned in SAL (#wikimedia-operations) [2022-03-17T18:18:25Z] <akosiaris> cordon kubernetes10{18..22} T293728

Stashbot added a comment.Mar 18 2022, 9:37 AM

Mentioned in SAL (#wikimedia-operations) [2022-03-18T09:37:44Z] <akosiaris> pool kubernetes1018-1022 in pybal. T293728

Stashbot added a comment.Mar 18 2022, 9:42 AM

Mentioned in SAL (#wikimedia-operations) [2022-03-18T09:42:00Z] <akosiaris> uncordon kubernetes1018-1022. T293728. Nodes are live, ready to receive workloads and traffic.

akosiaris closed this task as Resolved.Mar 18 2022, 9:51 AM
akosiaris changed the status of subtask T303044: decommission kubernetes100[1-4] from Stalled to Open.
Cmjohnson closed subtask T303044: decommission kubernetes100[1-4] as Resolved.Apr 13 2022, 5:44 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits