codfw row D switches upgrade
Closed, ResolvedPublic
Actions

Description

codfw row D switches upgrade

For reasons detailed in T327248: eqiad/codfw virtual-chassis upgrades we're going to upgrade codfw row D.

Scheduled on May 16th - 13:00-15:00 UTC , please let us know if there is any issue with the scheduled time.
It means a 30min hard downtime for the whole row if everything goes well (well, 15min in real-reality). Also a good opportunity to test the hosts depool mechanisms and row redundancy of services.

The list of impacted servers and teams for this row is listed below.
The actions needed is quite free form:

please write NONE if no action is needed,
the cookbook/command to run if it can be done by a 3rd party
who will be around to take care of the depool
Link to the relevant doc
etc

The two main types of actions needed are depool and monitoring downtime

NOTE: If the servers can handle a longer depool, it's preferred to depool them many hours or the day before (and mark None in the table) so there are less moving parts closer to the maintenance window.

All servers will be downtimed with sudo cookbook sre.hosts.downtime --hours 2 -r "codfw row D upgrade" -t XXX 'P{P:netbox::host%location ~ "D.*codfw"}' but specific services might need specific downtimes.

Core Platform

Platform Engineering

Servers	Depool action needed	Repool action needed
maps[2008,2010]	`depool`	`pool`
restbase[2012,2017-2018,2023,2026-2027]	`depool`	`pool`
sessionstore2003	None	None
thumbor2006	None	None

Infrastructure Foundations

Infrastructure-Foundations

Servers	Depool action needed	Repool action needed	Status
ganeti[2015-2018,2025-2026]	NONE	NONE	OK
idm2001	NONE	NONE	OK
idp2002	NONE	NONE	OK
install2004	NONE	NONE	OK
ldap-replica2006	depooled	repooled	OK
netbox-dev2002	NONE	NONE	OK
ping2003	redirect ICMP traffic	revert
puppetdb2003	NONE	NONE	OK
puppetmaster2002	Puppet disabled in codfw/esams/ulsfo	Puppet re-enabled	OK
urldownloader2004	NONE	NONE	OK

Infrastructure Foundations and Data Engineering

Infrastructure-Foundations Data-Engineering

Servers	Depool action needed	Repool action needed	Status
krb[2001-2002]	NONE	NONE

WMCS

cloud-services-team

Servers	Depool action needed	Repool action needed	Status
cloudcontrol2004-dev	NONE	NONE

ServiceOps

serviceops

Servers	Depool action needed	Repool action needed	Status
chartmuseum2001
conf2006
kafka-main[2004-2005]
kubernetes[2013-2014,2016,2022,2024]
kubestagemaster2001
kubestagetcd2003
mc[2051-2054]
mc-gp2003
mc-wf2002
mw[2271-2279,2281-2290,2366-2376,2444-2451]
parse[2016-2020]
rdb2010

Observability

SRE Observability

Servers	Depool action needed	Repool action needed	Status
arclamp2001			nothing to do, not active
dispatch-be2001			not in production
kafka-logging2005			no action needed
logstash[2003,2029-2031]	drain shards 2003,2029 depool 2030,2031 & set downtime	allocate shards, re-pool	done

Observability and Data Persistence

SRE Observability Data-Persistence

Servers	Depool action needed	Repool action needed	Status
thanos-fe2003	`sudo depool`	`sudo pool`	@MatthewVernon done

Search Platform

Discovery-Search

Servers	Depool action needed	Repool action needed
apifeatureusage2001	none	none
elastic[2050-2054,2060,2067-2068,2072,2084-2086]	inflatador/rkemper ban/depool day before	inflatador/rkemper unban/repool
search-loader2001	none	none
wcqs2003	none	none
wdqs[2006,2012,2015,2021-2022]	none	none

ServiceOps-Collab

collaboration-services

Servers	Depool action needed	Repool action needed	Status
aphlict2001	NONE	NONE
gerrit2002	NONE	NONE
gitlab-runner2004	Will be paused in admin menu	Will be unpaused in admin menu	paused
miscweb2003	NONE	NONE

Traffic

Servers	Depool action needed	Status
cp[2039-2042]	NOOP, codfw depooled	DONE
dns2002	stop puppet and disable bird	DONE
durum2002	stop puppet and disable bird	DONE
lvs2010	NOOP, codfw depooled	DONE

Machine Learning

Machine-Learning-Team

Servers	Depool action needed	Repool action needed
ml-etcd2003	none	none
ml-serve[2004,2008]	none	none
ml-serve-ctrl2002	none	none
ml-staging2002	none	none
ml-staging-ctrl2002	none	none
ores[2007-2009]	`depool`	`pool`

Data Engineering

Data-Engineering

Servers	Depool action needed	Repool action needed	Status
aqs[2009-2012]	None	None
kafka-stretch2002	None	None
schema2004	`depool`	`pool`	Depooled

Data Persistence

Data-Persistence

Servers	Depool action needed	Repool action needed	Status
backup[2001,2007]	to make sure media backups are paused	resume media backups
cassandra-dev2003
db[2100-2101,2117-2120,2128-2131,2139-2140,2151-2152,2170-2174,2181-2182,2187]	Nothing - codfw will be depooled
dbprov2003	to make sure db backups are not ongoing	retry db backups if failed
dbproxy2004	Nothing, not in use	Reload haproxy
es[2023,2033-2034]	Nothing - codfw will be depooled
moss-fe2002	Nothing, not in service
ms-backup2002	to make sure media backups are paused	resume media backups
ms-be[2043,2050,2056,2059,2061,2065,2069,2073]	no action required
ms-fe2012	`sudo depool`	`sudo pool`	Done
pc2014	Nothing - codfw will be depooled
thanos-be2004	no action required

Details

	Subject	Repo	Branch	Lines +/-
	depool codfw for row D switch upgrade	operations/dns	master	+2 -0
	hiera: temporarily remove dns2002 from authdns_servers	operations/puppet	production	+0 -1

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T253824 planned upstream deprecation of the ssh-rsa signing algorithm (RSA with SHA-1)
Resolved	ayounsi	T254013 all network devices must run OpenSSH >= 7.2p1 but != 7.4p1
Resolved	ayounsi	T317175 Junos: resolve DNS through mgmt_junos
Resolved	ayounsi	T327862 Use mgmt_junos on all network devices
		Restricted Task
Open	None	T316539 Upgrade network devices to Junos 20+
Resolved	ayounsi	T327248 eqiad/codfw virtual-chassis upgrades
Resolved	ayounsi	T335042 codfw row D switches upgrade

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 19 2023, 2:57 PM

ayounsi mentioned this in T327248: eqiad/codfw virtual-chassis upgrades.Apr 19 2023, 2:58 PM

ayounsi updated the task description. (Show Details)

Marostegui edited projects, added DBA; removed Data-Persistence.Apr 19 2023, 2:59 PM

Marostegui subscribed.

MoritzMuehlenhoff updated the task description. (Show Details)Apr 19 2023, 3:29 PM

Maintenance_bot added a project: SRE.Apr 19 2023, 4:29 PM

colewhite updated the task description. (Show Details)Apr 19 2023, 5:08 PM

colewhite updated the task description. (Show Details)

@jcrespo kindly check what is needed for backup involved hosts, thanks!

In T335042#8795210, @Marostegui wrote:

@jcrespo kindly check what is needed for backup involved hosts, thanks!

Done.

Marostegui moved this task from In progress to Ready on the DBA board.Apr 20 2023, 9:05 AM

bking edited projects, added Discovery-Search (Current work); removed Discovery-Search.Apr 24 2023, 3:27 PM

akosiaris moved this task from Incoming 🐫 to Doing 😎 on the serviceops board.Apr 24 2023, 3:34 PM

klausman updated the task description. (Show Details)Apr 26 2023, 9:57 AM

klausman updated the task description. (Show Details)

ayounsi moved this task from Backlog to This quarter on the netops board.Apr 28 2023, 3:16 PM

MPhamWMF moved this task from Incoming to In Progress on the Discovery-Search (Current work) board.May 1 2023, 3:48 PM

fgiunchedi updated the task description. (Show Details)May 2 2023, 7:52 AM

Gehel added a project: Data-Platform-SRE.May 2 2023, 8:28 AM

Gehel moved this task from Incoming to In Progress on the Data-Platform-SRE board.

BTullis updated the task description. (Show Details)May 2 2023, 9:55 AM

Andrew updated the task description. (Show Details)May 2 2023, 1:47 PM

elukey moved this task from Unsorted to Watching on the Machine-Learning-Team board.May 2 2023, 2:02 PM

ayounsi added a parent task: T327248: eqiad/codfw virtual-chassis upgrades.May 2 2023, 2:02 PM

Marostegui moved this task from Ready to In progress on the DBA board.May 3 2023, 7:35 AM

Marostegui moved this task from In progress to Done on the DBA board.May 3 2023, 11:47 AM

ayounsi mentioned this in T335870: Store network users in Bitu/LDAP.May 3 2023, 3:02 PM

LSobanski updated the task description. (Show Details)May 8 2023, 3:34 PM

LSobanski moved this task from Incoming to Consultation on the collaboration-services board.

BTullis moved this task from In Progress to Blocked / Waiting on the Data-Platform-SRE board.May 9 2023, 5:18 PM

BTullis removed a project: Data-Engineering.

bking updated the task description. (Show Details)May 9 2023, 7:29 PM

bking updated the task description. (Show Details)May 9 2023, 7:31 PM

bking updated the task description. (Show Details)

colewhite updated the task description. (Show Details)May 12 2023, 7:42 PM

MatthewVernon updated the task description. (Show Details)May 15 2023, 9:40 AM

MatthewVernon subscribed.

MatthewVernon updated the task description. (Show Details)May 15 2023, 12:34 PM

Jelto updated the task description. (Show Details)May 15 2023, 12:41 PM

ssingh updated the task description. (Show Details)May 15 2023, 1:49 PM

Change 919847 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] hiera: temporarily remove dns2002 from authdns_servers

https://gerrit.wikimedia.org/r/919847

gerritbot added a project: Patch-For-Review.May 15 2023, 1:51 PM

herron updated the task description. (Show Details)May 15 2023, 3:40 PM

Mentioned in SAL (#wikimedia-operations) [2023-05-15T18:54:35Z] <sukhe> set routing-options static route 208.80.153.231/32 next-hop [ 208.80.153.48 208.80.153.10 ]: codfw row D maint 2023/05/16 [dns2002] T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-15T19:47:01Z] <ryankemper@cumin1001> START - Cookbook sre.hosts.downtime for 1 day, 2:00:00 on 20 hosts with reason: T335042 maintenance

Mentioned in SAL (#wikimedia-operations) [2023-05-15T19:47:16Z] <ryankemper@cumin1001> END (PASS) - Cookbook sre.hosts.downtime (exit_code=0) for 1 day, 2:00:00 on 20 hosts with reason: T335042 maintenance

Mentioned in SAL (#wikimedia-operations) [2023-05-15T19:49:13Z] <bking@cumin1001> START - Cookbook sre.elasticsearch.ban Banning hosts: elastic[2050-2054,2060,2067-2068,2072,2084-2086] for row D switch upgrade - bking@cumin1001 - T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-15T19:49:17Z] <bking@cumin1001> END (FAIL) - Cookbook sre.elasticsearch.ban (exit_code=99) Banning hosts: elastic[2050-2054,2060,2067-2068,2072,2084-2086] for row D switch upgrade - bking@cumin1001 - T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-15T19:50:21Z] <bking@cumin1001> START - Cookbook sre.elasticsearch.ban Banning hosts: elastic[2050-2054,2060,2067-2068,2072,2084-2086]* for row D switch upgrade - bking@cumin1001 - T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-15T19:50:25Z] <bking@cumin1001> END (PASS) - Cookbook sre.elasticsearch.ban (exit_code=0) Banning hosts: elastic[2050-2054,2060,2067-2068,2072,2084-2086]* for row D switch upgrade - bking@cumin1001 - T335042

MoritzMuehlenhoff updated the task description. (Show Details)May 16 2023, 8:14 AM

MoritzMuehlenhoff updated the task description. (Show Details)

MoritzMuehlenhoff updated the task description. (Show Details)May 16 2023, 8:18 AM

MoritzMuehlenhoff updated the task description. (Show Details)May 16 2023, 8:23 AM

hnowlan updated the task description. (Show Details)May 16 2023, 9:25 AM

akosiaris@cumin1001 - Cookbook cookbooks.sre.discovery.datacenter depool all active/active services in codfw: codfw row D switches upgrade - T335042 started.

Mentioned in SAL (#wikimedia-operations) [2023-05-16T10:29:46Z] <akosiaris@cumin1001> START - Cookbook sre.discovery.datacenter depool all active/active services in codfw: codfw row D switches upgrade - T335042

akosiaris@cumin1001 - Cookbook cookbooks.sre.discovery.datacenter depool all active/active services in codfw: codfw row D switches upgrade - T335042 failed.

Mentioned in SAL (#wikimedia-operations) [2023-05-16T10:48:13Z] <akosiaris@cumin1001> END (FAIL) - Cookbook sre.discovery.datacenter (exit_code=93) depool all active/active services in codfw: codfw row D switches upgrade - T335042

BTullis updated the task description. (Show Details)May 16 2023, 11:04 AM

Mentioned in SAL (#wikimedia-analytics) [2023-05-16T11:04:53Z] <btullis> depooled schema2004 for T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-16T11:57:04Z] <XioNoX> stage upgrade on asw-d-codfw - T335042

Change 919847 merged by Ssingh:

[operations/puppet@production] hiera: temporarily remove dns2002 from authdns_servers

https://gerrit.wikimedia.org/r/919847

ssingh updated the task description. (Show Details)May 16 2023, 12:17 PM

Change 920265 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/dns@master] depool codfw for row D switch upgrade

https://gerrit.wikimedia.org/r/920265

Mentioned in SAL (#wikimedia-operations) [2023-05-16T12:21:27Z] <XioNoX> disable ping offload in codfw - T335042

Change 920265 merged by Ssingh:

[operations/dns@master] depool codfw for row D switch upgrade

https://gerrit.wikimedia.org/r/920265

Mentioned in SAL (#wikimedia-operations) [2023-05-16T12:22:51Z] <sukhe> running authdns-update to disable codfw for switch upgrade: T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-16T12:24:31Z] <sukhe> [done] running authdns-update to disable codfw for switch upgrade: T335042

Maintenance_bot removed a project: Patch-For-Review.May 16 2023, 12:30 PM

Icinga downtime and Alertmanager silence (ID=3a841f97-aecd-4c7a-8eb4-8acd1caa15b3) set by ayounsi@cumin1001 for 2:00:00 on 189 host(s) and their services with reason: codfw row D upgrade

aphlict2001.codfw.wmnet,apifeatureusage2001.codfw.wmnet,aqs[2009-2012].codfw.wmnet,arclamp2001.codfw.wmnet,backup[2001,2007,2011].codfw.wmnet,bast2003.wikimedia.org,cassandra-dev2003.codfw.wmnet,chartmuseum2001.codfw.wmnet,cloudcontrol2004-dev.wikimedia.org,conf2006.codfw.wmnet,cp[2039-2042].codfw.wmnet,db[2100-2101,2117-2120,2128-2131,2139-2140,2151-2152,2170-2174,2181-2182,2187].codfw.wmnet,dbprov2003.codfw.wmnet,dbproxy2004.codfw.wmnet,dispatch-be2001.codfw.wmnet,dns[2002,2006].wikimedia.org,durum2002.codfw.wmnet,elastic[2050-2054,2060,2067-2068,2072,2084-2086].codfw.wmnet,es[2023,2033-2034].codfw.wmnet,ganeti[2015-2018,2025-2026].codfw.wmnet,gerrit2002.wikimedia.org,gitlab-runner2004.codfw.wmnet,idm2001.wikimedia.org,idp2002.wikimedia.org,install2004.wikimedia.org,kafka-logging2005.codfw.wmnet,kafka-main[2004-2005].codfw.wmnet,kafka-stretch2002.codfw.wmnet,krb[2001-2002].codfw.wmnet,kubernetes[2013-2014,2016,2022,2024].codfw.wmnet,kubestagemaster2001.codfw.wmnet,kubestagetcd2003.codfw.wmnet,ldap-replica2006.wikimedia.org,logstash[2003,2029-2031].codfw.wmnet,lvs2010.codfw.wmnet,maps[2008,2010].codfw.wmnet,mc[2051-2054].codfw.wmnet,mc-gp2003.codfw.wmnet,mc-wf2002.codfw.wmnet,miscweb2003.codfw.wmnet,ml-etcd2003.codfw.wmnet,ml-serve[2004,2008].codfw.wmnet,ml-serve-ctrl2002.codfw.wmnet,ml-staging2002.codfw.wmnet,ml-staging-ctrl2002.codfw.wmnet,moss-fe2002.codfw.wmnet,ms-backup2002.codfw.wmnet,ms-be[2043,2050,2056,2059,2061,2065,2069,2073].codfw.wmnet,ms-fe2012.codfw.wmnet,mw[2271-2279,2281-2290,2366-2376,2444-2451].codfw.wmnet,netbox-dev2002.codfw.wmnet,ores[2007-2009].codfw.wmnet,parse[2016-2020].codfw.wmnet,pc2014.codfw.wmnet,ping2003.codfw.wmnet,puppetdb2003.codfw.wmnet,puppetmaster2002.codfw.wmnet,rdb2010.codfw.wmnet,restbase[2012,2017-2018,2023,2026-2027].codfw.wmnet,schema2004.codfw.wmnet,search-loader2001.codfw.wmnet,sessionstore2003.codfw.wmnet,thanos-be2004.codfw.wmnet,thanos-fe2003.codfw.wmnet,thumbor2006.codfw.wmnet,urldownloader2004.wikimedia.org,wcqs2003.codfw.wmnet,wdqs[2006,2012,2015,2021-2022].codfw.wmnet

Mentioned in SAL (#wikimedia-operations) [2023-05-16T12:50:06Z] <moritzm> disabling Puppet in codfw/esams/ulsfo for switch maintenance T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-16T12:51:27Z] <Emperor> depool thanos-fe2003 T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-16T12:52:13Z] <Emperor> depool ms-fe2012 T335042

MatthewVernon updated the task description. (Show Details)May 16 2023, 12:53 PM

MoritzMuehlenhoff updated the task description. (Show Details)May 16 2023, 12:53 PM

Mentioned in SAL (#wikimedia-operations) [2023-05-16T13:01:16Z] <XioNoX> asw-d-codfw> request system reboot all-members - T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-16T13:25:23Z] <moritzm> enabled Puppet in codfw/esams/ulsfo for switch maintenance T335042

MoritzMuehlenhoff updated the task description. (Show Details)May 16 2023, 1:27 PM

Mentioned in SAL (#wikimedia-operations) [2023-05-16T13:32:36Z] <Emperor> repool thanos-fe2003 T335042

Mentioned in SAL (#wikimedia-analytics) [2023-05-16T13:40:18Z] <btullis> pooled schema2004 for T335042

Mentioned in SAL (#wikimedia-operations) [2023-05-16T13:46:05Z] <Emperor> repool ms-fe2012 T335042

akosiaris@cumin1001 - Cookbook cookbooks.sre.discovery.datacenter pool all active/active services in codfw: codfw row D switches upgrade done - T335042 started.

Mentioned in SAL (#wikimedia-operations) [2023-05-16T13:54:21Z] <akosiaris@cumin1001> START - Cookbook sre.discovery.datacenter pool all active/active services in codfw: codfw row D switches upgrade done - T335042

akosiaris@cumin1001 - Cookbook cookbooks.sre.discovery.datacenter pool all active/active services in codfw: codfw row D switches upgrade done - T335042 failed.

Mentioned in SAL (#wikimedia-operations) [2023-05-16T14:10:45Z] <akosiaris@cumin1001> END (FAIL) - Cookbook sre.discovery.datacenter (exit_code=93) pool all active/active services in codfw: codfw row D switches upgrade done - T335042

herron updated the task description. (Show Details)May 16 2023, 2:24 PM

Upgrade went very well. Thanks everybody! That was the last one!

ssingh updated the task description. (Show Details)May 16 2023, 3:04 PM

Gehel moved this task from Blocked / Waiting to Done on the Data-Platform-SRE board.Jul 19 2023, 8:52 AM

codfw row D switches upgradeClosed, ResolvedPublicActions