Page MenuHomePhabricator
Create Task
Maniphest T308211

Upgrade ganeti/eqsin to Bullseye
Closed, ResolvedPublic
Actions

Description

Upgrade the Ganeti cluster in Singatore to Bullseye:

  • Add component/ganeti3 to all nodes
  • Upgrade all nodes to the new Ganeti 3
  • sudo gnt-cluster upgrade --to 3.0

Firmware updates completed: nic 21.85.21.92, bios 2.14.2, idrac 5.10.10.00 to ganeti500[123]

Empty every node of primary/secondary instances. Remove it with gnt-node remove and reimage it to Bullseye, then re-add with gnt-node add:

  • ganeti5001
  • ganeti5002
  • ganeti5003

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Enable Ganeti3 component on eqsin serversoperations/puppetproduction+1 -0
Customize query in gerrit

Related Objects

Event Timeline

MoritzMuehlenhoff created this task.May 12 2022, 8:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 12 2022, 8:25 AM
gerritbot added a comment.May 12 2022, 8:27 AM

Change 791306 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Enable Ganeti3 component on eqsin servers

https://gerrit.wikimedia.org/r/791306

gerritbot added a project: Patch-For-Review.May 12 2022, 8:27 AM
MoritzMuehlenhoff triaged this task as Medium priority.May 12 2022, 8:33 AM
gerritbot added a comment.May 12 2022, 12:23 PM

Change 791306 merged by Muehlenhoff:

[operations/puppet@production] Enable Ganeti3 component on eqsin servers

https://gerrit.wikimedia.org/r/791306

MoritzMuehlenhoff updated the task description. (Show Details)May 12 2022, 12:24 PM
Stashbot added a comment.May 18 2022, 8:11 AM

Mentioned in SAL (#wikimedia-operations) [2022-05-18T08:11:13Z] <moritzm> upgrading ganeti packages in eqsin to Ganeti 3.0 T308211

MoritzMuehlenhoff updated the task description. (Show Details)May 18 2022, 8:24 AM
Stashbot added a comment.May 18 2022, 8:25 AM

Mentioned in SAL (#wikimedia-operations) [2022-05-18T08:25:43Z] <moritzm> sudo gnt-cluster upgrade --to 3.0 for ganeti/eqsin T308211

Stashbot added a comment.May 18 2022, 8:26 AM

Mentioned in SAL (#wikimedia-operations) [2022-05-18T08:26:57Z] <moritzm> drain ganeti5002 T308211

Maintenance_bot removed a project: Patch-For-Review.May 18 2022, 8:30 AM
MoritzMuehlenhoff updated the task description. (Show Details)May 18 2022, 8:57 AM
MoritzMuehlenhoff added a comment.May 18 2022, 10:46 AM

ganeti5002 is removed from the cluster and needs the same firmware/NIC updates as ganeti4* to enable the reimage to Bullseye.

MoritzMuehlenhoff reassigned this task from MoritzMuehlenhoff to RobH.May 18 2022, 5:40 PM
RobH reassigned this task from RobH to MoritzMuehlenhoff.May 18 2022, 6:51 PM
RobH subscribed.

ganeti5002 firmware updates completed: nic 21.85.21.92, bios 2.14.2, idrac 5.10.10.00. system booted back into OS and is online for reimage later.

can reimage and repool, and kick this back to me for ganeti500[13], whichever is next.

ops-monitoring-bot added a comment.May 19 2022, 9:03 AM

Cookbook cookbooks.sre.hosts.reimage was started by jmm@cumin2002 for host ganeti5002.eqsin.wmnet with OS bullseye

ops-monitoring-bot added a comment.May 19 2022, 10:00 AM

Cookbook cookbooks.sre.hosts.reimage started by jmm@cumin2002 for host ganeti5002.eqsin.wmnet with OS bullseye completed:

  • ganeti5002 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202205190901_jmm_1370260_ganeti5002.out
    • Checked BIOS boot parameters are back to normal
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
MoritzMuehlenhoff updated the task description. (Show Details)May 19 2022, 1:04 PM
MoritzMuehlenhoff reassigned this task from MoritzMuehlenhoff to RobH.May 19 2022, 3:23 PM

ganeti5003 is removed from the cluster and needs the same firmware/NIC updates as ganeti4* to enable the reimage to Bullseye.

Stashbot added a comment.May 19 2022, 8:21 PM

Mentioned in SAL (#wikimedia-sre) [2022-05-19T20:21:55Z] <robh> ganeti5003 updating firmware via T308211

RobH reassigned this task from RobH to MoritzMuehlenhoff.May 19 2022, 9:13 PM

Moritz,

ganeti5003 firmware updates completed: nic 21.85.21.92, bios 2.14.2, idrac 5.10.10.00. system booted back into OS and is online for reimage later.

can reimage and repool, and kick this back to me for ganeti5001

MoritzMuehlenhoff reassigned this task from MoritzMuehlenhoff to RobH.May 20 2022, 6:14 AM

@RobH I'm unable to reimage ganeti5003, the ipmitool call fails with "Error: Unable to establish IPMI v2 / RMCP+ session"

I've tried a racreset, but that didn't change anything. Some digging showed that we had similar symptoms with ganeti5002 before: https://phabricator.wikimedia.org/T261130#6752341 So could you please reset the IDRAC password?

Stashbot added a comment.May 20 2022, 4:33 PM

Mentioned in SAL (#wikimedia-sre) [2022-05-20T16:33:50Z] <robh> troubleshooting ganeti5003 ipmi failure via T308211

ops-monitoring-bot added a comment.May 20 2022, 4:37 PM

Cookbook cookbooks.sre.hosts.reimage was started by robh@cumin1001 for host ganeti5003.eqsin.wmnet with OS bullseye

RobH added a comment.May 20 2022, 4:38 PM

I just overwrote the password with the exact same password, as described in the comment you linked. It didn't fix it, so I checked the settings, and it seems perhaps the firmware load disabled ipmi over mgmt lan interface or it was set incorrectly to start and hadn't been reimaged via script.

Screen Shot 2022-05-20 at 9.36.42 AM.png (756×1 px, 165 KB)

Fixed, fired off the reimage.

MoritzMuehlenhoff added a comment.May 20 2022, 5:27 PM

Thanks!

ops-monitoring-bot added a comment.May 20 2022, 5:28 PM

Cookbook cookbooks.sre.hosts.reimage started by robh@cumin1001 for host ganeti5003.eqsin.wmnet with OS bullseye completed:

  • ganeti5003 (WARN)
    • Downtimed on Icinga/Alertmanager
    • Unable to disable Puppet, the host may have been unreachable
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202205201637_robh_505017_ganeti5003.out
    • Checked BIOS boot parameters are back to normal
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
RobH reassigned this task from RobH to MoritzMuehlenhoff.May 20 2022, 5:31 PM

@MoritzMuehlenhoff,

The warn is due to the host being in bios when i fired off the script, so it couldn't disable puppet on the old OS. This host is now ready for redeployment, I have not run the gnt-add command, since I'm not familiar with how to best monitor the cluster after addition to ensure it is optimal.

https://wikitech.wikimedia.org/wiki/Ganeti#Add_nodes_to_new_cluster_%28or_extend_an_existing_one

This seems to denote I should add via a different command than gnt-add, but perhaps due to it being a reimaged not 'new', so rather than do it wrong and cause a potential outage condition on a Friday, I'll let you evaluate/push this into service. Once its good to go, and you want ganeti5001 firmware updated, feel free to reassign this back to me with comment denoting such. Thanks!

Stashbot added a comment.May 23 2022, 9:54 AM

Mentioned in SAL (#wikimedia-operations) [2022-05-23T09:54:32Z] <moritzm> failover ganeti master in eqsin to ganeti5003 T308211

MoritzMuehlenhoff updated the task description. (Show Details)May 23 2022, 9:55 AM
Stashbot added a comment.May 23 2022, 9:55 AM

Mentioned in SAL (#wikimedia-operations) [2022-05-23T09:55:48Z] <moritzm> drain ganeti5001 T308211

MoritzMuehlenhoff reassigned this task from MoritzMuehlenhoff to RobH.EditedMay 23 2022, 12:52 PM

ganeti5001 is removed from the cluster and needs the same firmware/NIC updates as ganeti4* to enable the reimage to Bullseye.

MoritzMuehlenhoff added a comment.May 23 2022, 12:52 PM

I meant: ganeti5001 is removed from the cluster and needs the same firmware/NIC updates as ganeti4* to enable the reimage to Bullseye.

Stashbot added a comment.May 23 2022, 3:12 PM

Mentioned in SAL (#wikimedia-sre) [2022-05-23T15:12:54Z] <robh> updating firmware on ganeti5001 per T308211

ops-monitoring-bot added a comment.May 23 2022, 3:43 PM

Cookbook cookbooks.sre.hosts.reimage was started by robh@cumin1001 for host ganeti5001.eqsin.wmnet with OS bullseye

ops-monitoring-bot added a comment.May 23 2022, 4:39 PM

Cookbook cookbooks.sre.hosts.reimage started by robh@cumin1001 for host ganeti5001.eqsin.wmnet with OS bullseye completed:

  • ganeti5001 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Host up (new fresh bullseye OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202205231543_robh_1113641_ganeti5001.out
    • Checked BIOS boot parameters are back to normal
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
RobH reassigned this task from RobH to MoritzMuehlenhoff.May 23 2022, 4:40 PM

@MoritzMuehlenhoff, per our earlier IRC discussion, ganeti5001 has had all the firmware updated and reimaged successfully. All yours!

RobH updated the task description. (Show Details)May 23 2022, 4:41 PM
MoritzMuehlenhoff updated the task description. (Show Details)May 24 2022, 10:17 AM
Stashbot added a comment.May 24 2022, 10:18 AM

Mentioned in SAL (#wikimedia-operations) [2022-05-24T10:18:03Z] <moritzm> rebalance Ganeti cluster in eqsin T308211

MoritzMuehlenhoff closed this task as Resolved.Jun 17 2022, 10:27 AM

This is complete. The eqsin cluster is affected by T309724, but that will be investigated via that task (and it doesn't have a functional impact apart from the fact that gnt-cluster verify fails)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits