Page MenuHomePhabricator
Create Task
Maniphest T302208

setup/install kubernetes20[1(89)|2(012)]
Closed, ResolvedPublic
Actions

Description

New nodes kubernetes20[1(89)|2(012)] have been handed over by DC-Ops and need to be setup/added do the cluster.

We should set them up with bullseye + overlayfs (T300744) as extra capacity first and decommission kubernetes200[1-4] (which these are replacements for) after the cluster has been completely migrated.

https://wikitech.wikimedia.org/wiki/Kubernetes/Clusters/Add_or_remove_nodes

Details

SubjectRepoBranchLines +/-
Set bullseye + overlayfs for kubernetes1017operations/puppetproduction+7 -0
Add BGP config for kubernetes20[19-22] in wikikube codfwoperations/homer/publicmaster+4 -0
Add kubernetes20[19-22] to wikikube codfwoperations/puppetproduction+49 -10
Add BGP config for kubernetes2018operations/homer/publicmaster+1 -0
Add kubernetes2018 to wikikube codfwoperations/puppetproduction+17 -2
Enable overlayfs for kubernetes20[18-22]operations/puppetproduction+10 -0
install_server: set new partman recipe for new k8s nodesoperations/puppetproduction+2 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Feb 21 2022, 11:07 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 21 2022, 11:07 AM
JMeybohm added a parent task: Unknown Object (Task).Feb 21 2022, 11:07 AM
akosiaris subscribed.Feb 21 2022, 1:13 PM
JMeybohm edited parent tasks, added: T299470: (Need By: TBD) rack/setup/install kubernetes20[19|2(012)]; removed: Unknown Object (Task).Feb 21 2022, 5:02 PM
JMeybohm mentioned this in T293728: setup/install kubernetes10[18-22].
gerritbot added a comment.Feb 28 2022, 10:25 AM

Change 766588 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] install_server: set new partman recipe for new k8s nodes

https://gerrit.wikimedia.org/r/766588

gerritbot added a project: Patch-For-Review.Feb 28 2022, 10:26 AM
gerritbot added a comment.Feb 28 2022, 1:37 PM

Change 766588 merged by Elukey:

[operations/puppet@production] install_server: set new partman recipe for new k8s nodes

https://gerrit.wikimedia.org/r/766588

elukey renamed this task from setup/install kubernetes20[19|2(012)] to setup/install kubernetes20[1(89)|2(012)].Feb 28 2022, 1:40 PM
elukey updated the task description. (Show Details)
ops-monitoring-bot added a comment.Feb 28 2022, 1:50 PM

Cookbook cookbooks.sre.hosts.reimage was started by elukey@cumin1001 for host kubernetes2018.codfw.wmnet with OS bullseye

Maintenance_bot removed a project: Patch-For-Review.Feb 28 2022, 2:10 PM
ops-monitoring-bot added a comment.Feb 28 2022, 2:18 PM

Cookbook cookbooks.sre.hosts.reimage started by elukey@cumin1001 for host kubernetes2018.codfw.wmnet with OS bullseye completed:

  • kubernetes2018 (PASS)
    • Downtimed on Icinga
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202202281350_elukey_16234_kubernetes2018.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Feb 28 2022, 2:20 PM

Cookbook cookbooks.sre.hosts.reimage was started by elukey@cumin1001 for host kubernetes2019.codfw.wmnet with OS bullseye

ops-monitoring-bot added a comment.Feb 28 2022, 2:48 PM

Cookbook cookbooks.sre.hosts.reimage started by elukey@cumin1001 for host kubernetes2019.codfw.wmnet with OS bullseye completed:

  • kubernetes2019 (PASS)
    • Downtimed on Icinga
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202202281420_elukey_12515_kubernetes2019.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Feb 28 2022, 2:50 PM

Cookbook cookbooks.sre.hosts.reimage was started by elukey@cumin1001 for host kubernetes2020.codfw.wmnet with OS bullseye

ops-monitoring-bot added a comment.Feb 28 2022, 3:18 PM

Cookbook cookbooks.sre.hosts.reimage started by elukey@cumin1001 for host kubernetes2020.codfw.wmnet with OS bullseye completed:

  • kubernetes2020 (FAIL)
    • Downtimed on Icinga
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202202281450_elukey_7945_kubernetes2020.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
    • Failed to get Netbox script results, try manually: https://netbox.wikimedia.org/api/extras/job-results/2585730/
ops-monitoring-bot added a comment.Feb 28 2022, 3:18 PM

Cookbook cookbooks.sre.hosts.reimage started by elukey@cumin1001 for host kubernetes2020.codfw.wmnet with OS bullseye executed with errors:

  • kubernetes2020 (FAIL)
    • Downtimed on Icinga
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202202281450_elukey_7945_kubernetes2020.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
    • Failed to get Netbox script results, try manually: https://netbox.wikimedia.org/api/extras/job-results/2585730/
    • The reimage failed, see the cookbook logs for the details
ops-monitoring-bot added a comment.Feb 28 2022, 3:50 PM

Cookbook cookbooks.sre.hosts.reimage was started by elukey@cumin1001 for host kubernetes2021.codfw.wmnet with OS bullseye

gerritbot added a comment.Feb 28 2022, 4:17 PM

Change 766808 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] Enable overlayfs for kubernetes20[18-22]

https://gerrit.wikimedia.org/r/766808

gerritbot added a project: Patch-For-Review.Feb 28 2022, 4:17 PM
ops-monitoring-bot added a comment.Feb 28 2022, 4:17 PM

Cookbook cookbooks.sre.hosts.reimage started by elukey@cumin1001 for host kubernetes2021.codfw.wmnet with OS bullseye completed:

  • kubernetes2021 (PASS)
    • Downtimed on Icinga
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202202281550_elukey_30787_kubernetes2021.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Feb 28 2022, 4:54 PM

Cookbook cookbooks.sre.hosts.reimage was started by elukey@cumin1001 for host kubernetes2022.codfw.wmnet with OS bullseye

ops-monitoring-bot added a comment.Feb 28 2022, 5:21 PM

Cookbook cookbooks.sre.hosts.reimage started by elukey@cumin1001 for host kubernetes2022.codfw.wmnet with OS bullseye completed:

  • kubernetes2022 (PASS)
    • Downtimed on Icinga
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202202281654_elukey_25173_kubernetes2022.out
    • Checked BIOS boot parameters are back to normal
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
gerritbot added a comment.Feb 28 2022, 5:58 PM

Change 766808 merged by Elukey:

[operations/puppet@production] Enable overlayfs for kubernetes20[18-22]

https://gerrit.wikimedia.org/r/766808

elukey added a comment.Mar 1 2022, 7:26 AM

All nodes have Bullseye and the new partition layout for overlay. I have also enabled overlay via puppet, and manually added the systemd.unified_cgroup_hierarchy=0 to grub's settings and rebooted (it is applied by profile::kubernetes::node, so convenient for a pre-existing worker but less for a new one).

The hosts seem ready to be added to the k8s codfw cluster, @JMeybohm lemme know how you want to proceed :)

JMeybohm added a comment.Mar 1 2022, 9:34 AM
In T302208#7743568, @elukey wrote:

The hosts seem ready to be added to the k8s codfw cluster, @JMeybohm lemme know how you want to proceed :)

❤️
From my POV I say you can continue with adding the new nodes to the cluster.

gerritbot added a comment.Mar 2 2022, 9:02 AM

Change 767465 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] Add kubernetes2018 to wikikube codfw

https://gerrit.wikimedia.org/r/767465

gerritbot added a comment.Mar 2 2022, 9:16 AM

Change 767468 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/homer/public@master] Add BGP config for kubernetes2018

https://gerrit.wikimedia.org/r/767468

gerritbot added a comment.Mar 2 2022, 9:44 AM

Change 767465 merged by Elukey:

[operations/puppet@production] Add kubernetes2018 to wikikube codfw

https://gerrit.wikimedia.org/r/767465

gerritbot added a comment.Mar 2 2022, 9:55 AM

Change 767468 merged by Elukey:

[operations/homer/public@master] Add BGP config for kubernetes2018

https://gerrit.wikimedia.org/r/767468

gerritbot added a comment.Mar 2 2022, 10:38 AM

Change 767482 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] Add kubernetes20[19-22] to wikikube codfw

https://gerrit.wikimedia.org/r/767482

gerritbot added a comment.Mar 2 2022, 10:48 AM

Change 767485 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/homer/public@master] Add BGP config for kubernetes20[19-22] in wikikube codfw

https://gerrit.wikimedia.org/r/767485

elukey added a comment.Mar 2 2022, 10:51 AM

Status:

  • We have added kubernetes2018 to the wikikube codfw cluster, it is currently serving traffic.
  • The remaining four nodes will be added after testing a bit 2018. Code reviews ready.
gerritbot added a comment.Mar 3 2022, 9:20 AM

Change 767482 merged by Elukey:

[operations/puppet@production] Add kubernetes20[19-22] to wikikube codfw

https://gerrit.wikimedia.org/r/767482

elukey added a comment.Mar 3 2022, 9:29 AM

The first puppet run seems to always end up in:

Notice: /Stage[main]/Profile::Kubernetes::Node/K8s::Kubeconfig[/etc/kubernetes/kubelet_config]/File[/etc/kubernetes/kubelet_config]/ensure: defined content as '{md5}a17b9fafdfa37dd7305196acdef3119d'
Info: /Stage[main]/Profile::Kubernetes::Node/K8s::Kubeconfig[/etc/kubernetes/kubelet_config]/File[/etc/kubernetes/kubelet_config]: Scheduling refresh of Service[kubelet]
Error: Systemd start for kubelet failed!
journalctl log for kubelet:
-- Journal begins at Mon 2022-02-28 15:03:26 UTC, ends at Thu 2022-03-03 09:27:40 UTC. --
-- No entries --

Error: /Stage[main]/K8s::Kubelet/Service[kubelet]/ensure: change from 'stopped' to 'running' failed: Systemd start for kubelet failed!
journalctl log for kubelet:
-- Journal begins at Mon 2022-02-28 15:03:26 UTC, ends at Thu 2022-03-03 09:27:40 UTC. --
-- No entries --

Notice: /Stage[main]/K8s::Kubelet/Service[kubelet]: Triggered 'refresh' from 3 events
Notice: /Stage[main]/Profile::Kubernetes::Node/Base::Expose_puppet_certs[/etc/kubernetes]/File[/etc/kubernetes/ssl]/ensure: created
Notice: /Stage[main]/Profile::Kubernetes::Node/Base::Expose_puppet_certs[/etc/kubernetes]/File[/etc/kubernetes/ssl/cert.pem]/ensure: defined content as '{md5}d344c0d386beca69a0cc66131557b40c'
Notice: /Stage[main]/Profile::Kubernetes::Node/Base::Expose_puppet_certs[/etc/kubernetes]/File[/etc/kubernetes/ssl/server.key]/ensure: defined content as '{md5}2122f5e303b21582ae3fb8bb7ea0b25b'
Notice: /Stage[main]/Profile::Kubernetes::Node/K8s::Kubeconfig[/etc/kubernetes/kubeproxy_config]/File[/etc/kubernetes/kubeproxy_config]/ensure: defined content as '{md5}bc04bfb1a07d81795aa6169157d33dc7'
Info: /Stage[main]/Profile::Kubernetes::Node/K8s::Kubeconfig[/etc/kubernetes/kubeproxy_config]/File[/etc/kubernetes/kubeproxy_config]: Scheduling refresh of Service[kube-proxy]
Error: Systemd start for kube-proxy failed!
journalctl log for kube-proxy:
-- Journal begins at Mon 2022-02-28 15:03:26 UTC, ends at Thu 2022-03-03 09:27:40 UTC. --
-- No entries --

Error: /Stage[main]/K8s::Proxy/Service[kube-proxy]/ensure: change from 'stopped' to 'running' failed: Systemd start for kube-proxy failed!
journalctl log for kube-proxy:
-- Journal begins at Mon 2022-02-28 15:03:26 UTC, ends at Thu 2022-03-03 09:27:40 UTC. --
-- No entries --

Notice: /Stage[main]/K8s::Proxy/Service[kube-proxy]: Triggered 'refresh' from 3 events

I can't find logs indicating what's wrong, but a subsequent puppet run fixes it.

gerritbot added a comment.Mar 3 2022, 9:42 AM

Change 767485 merged by Elukey:

[operations/homer/public@master] Add BGP config for kubernetes20[19-22] in wikikube codfw

https://gerrit.wikimedia.org/r/767485

elukey added a comment.Mar 3 2022, 9:55 AM

All new nodes up and running!

I didn't spot anything weird, all bgp sessions seem to be up, pods scheduled on the new nodes (for the moment only calico/istio).

Stashbot added a comment.Mar 3 2022, 10:18 AM

Mentioned in SAL (#wikimedia-operations) [2022-03-03T10:18:56Z] <elukey> kubectl cordon kubernetes200[1-4] to avoid scheduling pods on nodes that will be decommed during the next weeks - T302208

JMeybohm added a parent task: T300744: Move kubernetes workers to bullseye and docker to overlayfs.Mar 4 2022, 1:32 PM
JMeybohm mentioned this in T300744: Move kubernetes workers to bullseye and docker to overlayfs.Mar 4 2022, 1:48 PM
JMeybohm added a subtask: T303045: decommission kubernetes200[1-4].Mar 4 2022, 1:53 PM
JMeybohm closed this task as Resolved.Mar 4 2022, 1:55 PM
JMeybohm claimed this task.

parent and decom tasks created/updated, closing this

akosiaris changed the status of subtask T303045: decommission kubernetes200[1-4] from Stalled to Open.Mar 18 2022, 10:50 AM
gerritbot added a comment.Mar 24 2022, 10:06 AM

Change 773467 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] Set bullseye + overlayfs for kubernetes1017

https://gerrit.wikimedia.org/r/773467

gerritbot added a comment.Mar 24 2022, 10:43 AM

Change 773467 merged by Elukey:

[operations/puppet@production] Set bullseye + overlayfs for kubernetes1017

https://gerrit.wikimedia.org/r/773467

Papaul closed subtask T303045: decommission kubernetes200[1-4] as Resolved.Mar 31 2022, 4:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL