Page MenuHomePhabricator
Create Task
Maniphest T330997

Support locking cookbooks run except for switchover related cookbooks
Open, MediumPublic
Actions

Description

In order to avoid accidental disruption of switchover procedure by cookbook runs, find a way to lock all cookbooks except:

  • sre.switchdc.mediawiki
  • sre.discovery.datacenter
  • sre.discovery.service-route

Related Objects
Search...

Event Timeline

Clement_Goubert created this task.Mar 2 2023, 11:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 2 2023, 11:28 AM
Clement_Goubert triaged this task as Medium priority.Mar 2 2023, 11:29 AM
Clement_Goubert moved this task from Backlog to Automation improvements on the Datacenter-Switchover board.
Clement_Goubert added a parent task: T328907: Post March 2023 Datacenter Switchover Tasks.Mar 2 2023, 11:41 AM
Clement_Goubert moved this task from Incoming 🐫 to this.quarter 🍕 on the serviceops board.Mar 2 2023, 12:50 PM
Volans added a project: SRE-tools.Mar 2 2023, 1:02 PM
LSobanski subscribed.Dec 15 2025, 3:49 PM

@Clement_Goubert is this still needed?

Clement_Goubert added a subscriber: Blake.Dec 15 2025, 5:22 PM

Not strictly, but it would be nice to have for peace of mind. This may be a task that @Blake can work on in the coming quarter as prep for the next switchover.

CDanis subscribed.Jan 5 2026, 3:57 PM
MLechvien-WMF edited projects, added ServiceOps new; removed serviceops.Tue, Jan 20, 10:56 AM
MLechvien-WMF subscribed.

@Blake could you move this on the board if you plan to do it this quarter?

Blake claimed this task.Tue, Jan 20, 11:29 AM
Blake moved this task from Inbox to Scheduled (this Q) on the ServiceOps new board.
Blake edited parent tasks, added: T413974: Northward Datacenter Switchover (March 2026; codfw to eqiad); removed: T328907: Post March 2023 Datacenter Switchover Tasks.Wed, Feb 4, 11:42 AM
Blake added a comment.Wed, Feb 4, 2:11 PM

The way I'm considering going about this would be to create a switchover lock or flag file, and a cookbook allowlist. All cookbooks would need to check if a switchover lock exists, then, if it does, the cookbook would check the allowlist for its own name. If the name isn't in the allowlist, execution should cease. I'm going to see if I can find someone on Infrastructure Foundations to have a chat with about this approach.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits