Page MenuHomePhabricator
Create Task
Maniphest T331695

Migrate the KDCs to Bullseye
Open, MediumPublic
Actions

Description

The KDCs should be migrated to Bullseye. There's also a new server (krb2002) which can be included in the migration.

Details

Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

MoritzMuehlenhoff created this task.Mar 10 2023, 8:10 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 10 2023, 8:10 AM
MoritzMuehlenhoff renamed this task from MIgrate the KDCs to Bullseye to Migrate the KDCs to Bullseye.Mar 10 2023, 8:11 AM
MoritzMuehlenhoff triaged this task as Medium priority.
MoritzMuehlenhoff added a subtask: T305488: Q4:(Need By: TBD) rack/setup/install krb2002.
MoritzMuehlenhoff claimed this task.Mar 20 2023, 8:35 AM
gerritbot added a comment.Mar 20 2023, 8:37 AM

Change 901117 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Make krb2002 a KDC

https://gerrit.wikimedia.org/r/901117

gerritbot added a project: Patch-For-Review.Mar 20 2023, 8:37 AM
gerritbot added a comment.Mar 20 2023, 8:42 AM

Change 901117 merged by Muehlenhoff:

[operations/puppet@production] Make krb2002 a KDC

https://gerrit.wikimedia.org/r/901117

Maintenance_bot removed a project: Patch-For-Review.Mar 20 2023, 9:10 AM
jcrespo mentioned this in T332234: Cannot access workboard: Unhandled Exception: Undefined variable: other_assignees.Mar 20 2023, 10:02 AM
gerritbot added a comment.Mar 20 2023, 11:27 AM

Change 901170 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add systemd override to allow KDC to write to it's log file

https://gerrit.wikimedia.org/r/901170

gerritbot added a project: Patch-For-Review.Mar 20 2023, 11:27 AM
gerritbot added a comment.Mar 20 2023, 11:56 AM

Change 901170 merged by Muehlenhoff:

[operations/puppet@production] Add systemd override to allow KDC to write to it's log file

https://gerrit.wikimedia.org/r/901170

gerritbot added a comment.Mar 20 2023, 12:04 PM

Change 901178 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Fix override to pass full directory

https://gerrit.wikimedia.org/r/901178

gerritbot added a comment.Mar 20 2023, 12:07 PM

Change 901178 merged by Muehlenhoff:

[operations/puppet@production] Fix override to pass full directory

https://gerrit.wikimedia.org/r/901178

Maintenance_bot removed a project: Patch-For-Review.Mar 20 2023, 12:10 PM
ops-monitoring-bot added a comment.Mar 24 2023, 10:55 AM

Icinga downtime and Alertmanager silence (ID=d3c0fbee-5db6-4389-b75e-415ed51c67bc) set by jmm@cumin2002 for 21 days, 0:00:00 on 1 host(s) and their services with reason: Non-functional, WIP for Bullseye update

krb2002.codfw.wmnet
gerritbot added a comment.Apr 6 2023, 11:41 AM

Change 906560 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add krb2002 as additional KDC

https://gerrit.wikimedia.org/r/906560

gerritbot added a project: Patch-For-Review.Apr 6 2023, 11:41 AM
gerritbot added a comment.Apr 6 2023, 11:58 AM

Change 906563 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Create a separate Hiera variable of KDCs specifically for use in client config

https://gerrit.wikimedia.org/r/906563

gerritbot added a comment.Apr 12 2023, 2:58 PM

Change 906563 merged by Muehlenhoff:

[operations/puppet@production] Create a separate Hiera variable of KDCs specifically for use in client config

https://gerrit.wikimedia.org/r/906563

ops-monitoring-bot added a comment.Apr 20 2023, 6:09 AM

Icinga downtime and Alertmanager silence (ID=22bf6bdd-4c99-40f0-ab28-bb73d3bcbf21) set by jmm@cumin2002 for 6 days, 0:00:00 on 1 host(s) and their services with reason: Non-functional, WIP for Bullseye update

krb2002.codfw.wmnet
gerritbot added a comment.Thu, May 4, 11:11 AM

Change 906560 merged by Muehlenhoff:

[operations/puppet@production] Add krb2002 as additional KDC

https://gerrit.wikimedia.org/r/906560

gerritbot added a comment.Thu, May 4, 11:18 AM

Change 915569 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Make krb2002 available to Kerberos client

https://gerrit.wikimedia.org/r/915569

gerritbot added a comment.Thu, May 4, 11:56 AM

Change 915569 merged by Muehlenhoff:

[operations/puppet@production] Make krb2002 available to Kerberos client

https://gerrit.wikimedia.org/r/915569

Maintenance_bot removed a project: Patch-For-Review.Thu, May 4, 12:10 PM
gerritbot added a comment.Mon, May 8, 3:22 PM

Change 917359 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Failover the kadminserver to krb2002

https://gerrit.wikimedia.org/r/917359

gerritbot added a project: Patch-For-Review.Mon, May 8, 3:22 PM
gerritbot added a comment.Wed, May 10, 1:31 PM

Change 917359 merged by Muehlenhoff:

[operations/puppet@production] Failover the kadminserver to krb2002

https://gerrit.wikimedia.org/r/917359

Maintenance_bot removed a project: Patch-For-Review.Wed, May 10, 2:11 PM
gerritbot added a comment.Tue, May 16, 8:49 AM

Change 920204 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Temporary drop krb1001 from KDC list used by clients

https://gerrit.wikimedia.org/r/920204

gerritbot added a project: Patch-For-Review.Tue, May 16, 8:49 AM
gerritbot added a comment.Tue, May 16, 9:59 AM

Change 920204 merged by Muehlenhoff:

[operations/puppet@production] Temporary drop krb1001 from KDC list used by clients

https://gerrit.wikimedia.org/r/920204

Maintenance_bot removed a project: Patch-For-Review.Tue, May 16, 10:11 AM
ops-monitoring-bot added a comment.Wed, May 17, 7:45 AM

Icinga downtime and Alertmanager silence (ID=0862bbee-318e-4c78-92cc-9304bf025af3) set by jmm@cumin2002 for 2:00:00 on 1 host(s) and their services with reason: Update to Bullseye

krb1001.eqiad.wmnet
Stashbot added a comment.Wed, May 17, 7:48 AM

Mentioned in SAL (#wikimedia-operations) [2023-05-17T07:48:58Z] <moritzm> upgrading krb1001 to Bullseye T331695

gerritbot added a comment.Wed, May 17, 8:45 AM

Change 920637 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add krb1001 back to KDCs exposed to Kerberos clients and drop krb2001

https://gerrit.wikimedia.org/r/920637

gerritbot added a project: Patch-For-Review.Wed, May 17, 8:45 AM
gerritbot added a comment.Wed, May 17, 9:17 AM

Change 920637 merged by Muehlenhoff:

[operations/puppet@production] Add krb1001 back to KDCs exposed to Kerberos clients and drop krb2001

https://gerrit.wikimedia.org/r/920637

Maintenance_bot removed a project: Patch-For-Review.Wed, May 17, 9:30 AM
gerritbot added a comment.Fri, May 19, 9:02 AM

Change 921242 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Switch kadmin server back to krb1001

https://gerrit.wikimedia.org/r/921242

gerritbot added a project: Patch-For-Review.Fri, May 19, 9:02 AM
gerritbot added a comment.Mon, May 22, 7:33 AM

Change 921242 merged by Muehlenhoff:

[operations/puppet@production] Switch kadmin server back to krb1001

https://gerrit.wikimedia.org/r/921242

Maintenance_bot removed a project: Patch-For-Review.Mon, May 22, 8:10 AM
gerritbot added a comment.Mon, May 22, 9:27 AM

Change 922068 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove KDC role from krb2001

https://gerrit.wikimedia.org/r/922068

gerritbot added a project: Patch-For-Review.Mon, May 22, 9:27 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL