Page MenuHomePhabricator
Create Task
Maniphest T317179

Move dborch to private IPs + CDN
Open, MediumPublic
Actions

Description

Bold title to start the the conversation and help with T317177: [tracking] Don't keep on the public vlans hosts that don't require it
I see from the doc that it was on a private IP, but moved to a public one to (at least) support SSO in T266106: orchestrator: Support SSO.
Talking to I/F, requirement might not be valid anymore and thus private IPs + CDN a possibility. There might be other requirements I'm not aware of though, in that case it can be an addition to the doc.
Unrelated but note that there is no equivalent in codfw for redundancy.

Related Objects
Search...

Event Timeline

ayounsi created this task.Sep 7 2022, 9:35 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 7 2022, 9:35 AM
ayounsi added a parent task: T317177: [tracking] Don't keep on the public vlans hosts that don't require it.Sep 7 2022, 9:36 AM
Marostegui added a project: Infrastructure-Foundations.Sep 7 2022, 9:38 AM
Marostegui added subscribers: jbond, Marostegui.

I am sure we'd need help from I/F to be able to achieve this.
Orchestrator was set up by @Kormat, and I am not sure I am up to speed with all the details about it, maybe @jbond knows a bit more.

We don't have any preferences on whether we have public ip for it or not as long as it serves the wait it is now :)

Marostegui triaged this task as Medium priority.Sep 7 2022, 9:39 AM
Marostegui moved this task from Triage to In progress on the DBA board.
Volans subscribed.Sep 7 2022, 10:12 AM
In T317179#8216853, @Marostegui wrote:

We don't have any preferences on whether we have public ip for it or not as long as it serves the wait it is now :)

That depends if you're ok with dborch depending on LVS or LVS+CDN.
As it will not be used to manage those at least we're not at risk of circular dependencies here.

MoritzMuehlenhoff subscribed.Sep 7 2022, 10:21 AM
Marostegui added a comment.Sep 7 2022, 10:35 AM

I have been talking to @Volans in IRC as I didn't quite get the sentence

In T317179#8216946, @Volans wrote:

As it will not be used to manage those at least we're not at risk of circular dependencies here.

So, orchestrator will not handle LVS of course.

We are not really super concerned on whether it is behind LVS and CDN or not. In case of emergency, we can always use its CLI.
For now we only use Orchestrator as a RO (even though we can do RW stuff), but everything can be done via CLI anyways. To visualize topologies as we do a CLI example would be:

root@dborch1001:~# /usr/bin/orchestrator -c topology-tabulated -c topology-tags -alias s1 --quiet
db1163.eqiad.wmnet:3306            [0s,ok,10.4.22-MariaDB-log,rw,STATEMENT,>>,semi:master] []
+ db1099.eqiad.wmnet:3311          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID] []
+ db1105.eqiad.wmnet:3311          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID] []
+ db1106.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db1154.eqiad.wmnet:3311        [0s,ok,10.4.26-MariaDB-log,ro,ROW,>>,GTID] []
    + clouddb1013.eqiad.wmnet:3311 [0s,ok,10.4.22-MariaDB,ro,nobinlog,GTID] []
    + clouddb1017.eqiad.wmnet:3311 [0s,ok,10.4.22-MariaDB,ro,nobinlog,GTID] []
    + clouddb1021.eqiad.wmnet:3311 [0s,ok,10.4.22-MariaDB,ro,nobinlog,GTID] []
+ db1107.eqiad.wmnet:3306          [0s,ok,10.4.26-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1118.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,STATEMENT,>>,GTID,semi:replica] [name=candidate]
+ db1119.eqiad.wmnet:3306          [0s,ok,10.4.26-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1128.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1132.eqiad.wmnet:3306          [0s,ok,10.6.10-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1133.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,semi:replica] []
+ db1134.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1135.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1139.eqiad.wmnet:3311          [0s,ok,10.4.25-MariaDB,ro,nobinlog,GTID] []
+ db1140.eqiad.wmnet:3311          [0s,ok,10.4.25-MariaDB,ro,nobinlog,GTID] []
- db1169.eqiad.wmnet:3306          [null,nonreplicating,10.4.25-MariaDB-log,ro,ROW,>>,GTID] []
+ db1184.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1186.eqiad.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db1196.eqiad.wmnet:3306          [0s,ok,10.4.26-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ db2103.codfw.wmnet:3306          [0s,ok,10.4.25-MariaDB-log,ro,STATEMENT,>>,GTID,semi:master] []
  + db2097.codfw.wmnet:3311        [0s,ok,10.4.25-MariaDB,ro,nobinlog,GTID] []
  + db2102.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db2112.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,STATEMENT,>>,GTID,semi:replica] [name=candidate]
  + db2116.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db2130.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db2141.codfw.wmnet:3311        [0s,ok,10.4.25-MariaDB,ro,nobinlog,GTID] []
  + db2145.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db2146.codfw.wmnet:3306        [0s,ok,10.6.10-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db2153.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db2167.codfw.wmnet:3311        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID] []
  + db2170.codfw.wmnet:3311        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID] []
  + db2173.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
    + db2094.codfw.wmnet:3311      [0s,ok,10.4.26-MariaDB-log,ro,ROW,>>,GTID] []
  + db2174.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
  + db2176.codfw.wmnet:3306        [0s,ok,10.4.25-MariaDB-log,ro,ROW,>>,GTID,semi:replica] []
+ dbstore1003.eqiad.wmnet:3311     [0s,ok,10.4.22-MariaDB,ro,nobinlog,GTID] []
ayounsi mentioned this in T298959: Upgrade dborch1001 to Bullseye.Mar 22 2023, 3:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL