Page MenuHomePhabricator
Create Task
Maniphest T341056

volatile: We need to configure the volatile endpoint on puppetserveres
Closed, ResolvedPublic
Actions

Description

currently the volatile endpoint is only configured on the puppet front ends. if we move to using SRV records then we would need this synced to all puppetservers. 🤞

Details

Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

jbond created this task.Jul 4 2023, 11:28 AM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptJul 4 2023, 11:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
jbond triaged this task as Medium priority.Jul 4 2023, 11:28 AM
jbond added a project: Puppet-Infrastructure.
jbond changed the task status from Open to In Progress.Aug 14 2023, 1:43 PM
gerritbot added a comment.Aug 14 2023, 1:44 PM

Change 948567 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver: Add support for defining additional mount points

https://gerrit.wikimedia.org/r/948567

gerritbot added a project: Patch-For-Review.Aug 14 2023, 1:44 PM
gerritbot added a comment.Aug 14 2023, 3:24 PM

Change 948607 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] P:puppetserver: add support for extra_mounts

https://gerrit.wikimedia.org/r/948607

gerritbot added a comment.Aug 14 2023, 3:24 PM

Change 948608 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver: add volatile file mount

https://gerrit.wikimedia.org/r/948608

gerritbot added a comment.Aug 17 2023, 1:38 PM

Change 948567 merged by Jbond:

[operations/puppet@production] puppetserver: Add support for defining additional mount points

https://gerrit.wikimedia.org/r/948567

gerritbot added a comment.Aug 17 2023, 1:38 PM

Change 948607 merged by Jbond:

[operations/puppet@production] P:puppetserver: add support for extra_mounts

https://gerrit.wikimedia.org/r/948607

gerritbot added a comment.Aug 17 2023, 1:38 PM

Change 948608 merged by Jbond:

[operations/puppet@production] puppetserver: add volatile file mount

https://gerrit.wikimedia.org/r/948608

gerritbot added a comment.Aug 17 2023, 1:54 PM

Change 948647 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver: add volatile config

https://gerrit.wikimedia.org/r/948647

gerritbot added a comment.Aug 17 2023, 1:54 PM

Change 949978 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver: switch to useing ca_server instead of enable_ca

https://gerrit.wikimedia.org/r/949978

gerritbot added a comment.Aug 17 2023, 2:00 PM

Change 949978 merged by Jbond:

[operations/puppet@production] puppetserver: switch to useing ca_server instead of enable_ca

https://gerrit.wikimedia.org/r/949978

gerritbot added a comment.Aug 21 2023, 3:02 PM

Change 951138 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetmaster::fetch_swift_rings: rename profile

https://gerrit.wikimedia.org/r/951138

gerritbot added a comment.Aug 22 2023, 9:14 AM

Change 951138 merged by Jbond:

[operations/puppet@production] puppetmaster::fetch_swift_rings: rename profile

https://gerrit.wikimedia.org/r/951138

gerritbot added a comment.Aug 22 2023, 9:44 AM

Change 948647 merged by Jbond:

[operations/puppet@production] puppetserver: add volatile config

https://gerrit.wikimedia.org/r/948647

gerritbot added a comment.Aug 22 2023, 10:17 AM

Change 951440 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] external_clouds_vendors: add way top specify the private repo

https://gerrit.wikimedia.org/r/951440

gerritbot added a comment.Aug 22 2023, 10:17 AM

Change 951441 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver::volatile: pass through correct private repo path

https://gerrit.wikimedia.org/r/951441

gerritbot added a comment.Aug 22 2023, 11:22 AM

Change 951440 merged by Jbond:

[operations/puppet@production] external_clouds_vendors: add way top specify the private repo

https://gerrit.wikimedia.org/r/951440

gerritbot added a comment.Aug 22 2023, 11:22 AM

Change 951441 merged by Jbond:

[operations/puppet@production] puppetserver::volatile: pass through correct private repo path

https://gerrit.wikimedia.org/r/951441

gerritbot added a comment.Aug 22 2023, 11:36 AM

Change 951451 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver::volatile: ony update conftool on puppetmasters

https://gerrit.wikimedia.org/r/951451

gerritbot added a comment.Aug 22 2023, 11:48 AM

Change 951451 merged by Jbond:

[operations/puppet@production] puppetserver::volatile: ony update conftool on puppetmasters

https://gerrit.wikimedia.org/r/951451

gerritbot added a comment.Aug 22 2023, 12:02 PM

Change 951457 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver::volatile: we need to ensure if *not* empty

https://gerrit.wikimedia.org/r/951457

gerritbot added a comment.Aug 22 2023, 12:06 PM

Change 951457 merged by Jbond:

[operations/puppet@production] puppetserver::volatile: we need to ensure if *not* empty

https://gerrit.wikimedia.org/r/951457

gerritbot added a comment.Aug 22 2023, 12:23 PM

Change 951462 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] swift/thanos: allow puppetservers to also pull swift rings

https://gerrit.wikimedia.org/r/951462

gerritbot added a comment.Aug 22 2023, 1:21 PM

Change 951462 merged by Jbond:

[operations/puppet@production] swift/thanos: allow puppetservers to also pull swift rings

https://gerrit.wikimedia.org/r/951462

gerritbot added a comment.Aug 22 2023, 2:09 PM

Change 951506 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] profile::swift:fetch_rings: ensure we create directories

https://gerrit.wikimedia.org/r/951506

gerritbot added a comment.Aug 22 2023, 2:36 PM

Change 951506 merged by Jbond:

[operations/puppet@production] profile::swift:fetch_rings: ensure we create directories

https://gerrit.wikimedia.org/r/951506

gerritbot added a comment.Aug 22 2023, 3:03 PM

Change 951523 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver::rsync: open firwall port

https://gerrit.wikimedia.org/r/951523

gerritbot added a comment.Aug 22 2023, 3:12 PM

Change 951523 merged by Jbond:

[operations/puppet@production] puppetserver::rsync: open firwall port

https://gerrit.wikimedia.org/r/951523

gerritbot added a comment.Aug 22 2023, 3:35 PM

Change 951529 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] puppetserver::rsync: fix dir and ferm rule

https://gerrit.wikimedia.org/r/951529

gerritbot added a comment.Aug 22 2023, 3:39 PM

Change 951529 merged by Jbond:

[operations/puppet@production] puppetserver::rsync: fix dir and ferm rule

https://gerrit.wikimedia.org/r/951529

jbond closed this task as Resolved.Nov 14 2023, 2:46 PM
jbond claimed this task.

volatile is now synced to all puppetserveres and agents using puppet7 can fetch data correctly

MoritzMuehlenhoff subscribed.Feb 13 2024, 1:08 PM

During the preparation of the apt server migration I noticed that Puppet clients migrated to Puppet 7 receive outdated data, specifically I noticed this for the tftpboot data stored in volatile.

The current main apt servers (apt1001 and apt2001) are on Buster and thus Puppet 5. The new WIP apt server running bookworm (apt1002) has been migrated to Puppet 7 to catch errors early.

On apt1001 we have the latest version of the Bookworm image:

jmm@apt1001:/srv/tftpboot/bookworm-installer$ ls -lha
total 20K
dr-xr-xr-x  4 root root 4.0K Feb 12 08:19 .
dr-xr-xr-x 64 root root 4.0K Oct  9 08:48 ..
dr-xr-xr-x  3 root root 4.0K Feb 28  2023 debian-installer
lrwxrwxrwx  1 root root   47 Feb 28  2023 ldlinux.c32 -> debian-installer/amd64/boot-screens/ldlinux.c32
lrwxrwxrwx  1 root root   33 Feb 28  2023 pxelinux.0 -> debian-installer/amd64/pxelinux.0
dr-xr-xr-x  2 root root 4.0K Feb 27  2023 pxelinux.cfg
lrwxrwxrwx  1 root root   47 May 30  2023 splash.png -> debian-installer/amd64/boot-screens//splash.png
-r--r--r--  1 root root   65 Feb 12 08:19 version.info
jmm@apt1001:/srv/tftpboot/bookworm-installer$ cat version.info
Debian version:  12 (bookworm)
Installer build: 20230607+deb12u5

But on apt1002:

jmm@apt1002:/srv/tftpboot/bookworm-installer$ ls -lha
total 244K
dr-xr-xr-x  4 root root 4.0K Nov 20 06:51 .
dr-xr-xr-x 17 root root 4.0K Nov 20 06:51 ..
dr-xr-xr-x  3 root root 4.0K Oct 11 13:59 debian-installer
-r--r--r--  1 root root 117K Nov 20 06:51 ldlinux.c32
-r--r--r--  1 root root  42K Nov 20 06:51 pxelinux.0
dr-xr-xr-x  2 root root 4.0K Nov 20 06:51 pxelinux.cfg
-r--r--r--  1 root root  59K Nov 20 06:51 splash.png
-r--r--r--  1 root root   65 Nov 20 06:51 version.info
jmm@apt1002:/srv/tftpboot/bookworm-installer$ cat version.info
Debian version:  12 (bookworm)
Installer build: 20230607+deb12u1

Initially assumed that were some kind of freshness issue, but pruning /srv/tftpboot/bookworm-installer re-generates the 20230607+deb12u1 version.

I also noticed that the same applies to the install servers (which are also on Puppet 7):

jmm@install3003:/srv/tftpboot/bookworm-installer$ ls -lha
total 244K
dr-xr-xr-x  4 root root 4.0K Nov  2 14:17 .
dr-xr-xr-x 23 root root 4.0K Oct  9 08:48 ..
dr-xr-xr-x  3 root root 4.0K Aug 17 06:50 debian-installer
-r--r--r--  1 root root 117K Nov  2 14:17 ldlinux.c32
-r--r--r--  1 root root  42K Nov  2 14:17 pxelinux.0
dr-xr-xr-x  2 root root 4.0K Nov  2 14:17 pxelinux.cfg
-r--r--r--  1 root root  59K Nov  2 14:17 splash.png
-r--r--r--  1 root root   65 Nov  2 14:17 version.info
jmm@install3003:/srv/tftpboot/bookworm-installer$ cat version.info
Debian version:  12 (bookworm)
Installer build: 20230607+deb12u1

@jhathaway Since we don't currently sync the contents of Puppet 5 volatile with Puppet 7 volatile for any other data source, it's probably best if we keep it simple and just establish that all updates of d-i simply need to happen twice (once for P5 and P7) until all consumers of the tftpboo data are migrated to Puppet 7? We refresh d-i images not very often (basically only after Debian makes a point release or when we create custom images like the buster image with Linux 5.10). What do you think?

gerritbot added a comment.Feb 13 2024, 3:03 PM

Change 1003004 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] puppetserver: Also install the tool to update netboot images on puppet servers

https://gerrit.wikimedia.org/r/1003004

jhathaway added a subscriber: Muehlenhoff.Feb 13 2024, 11:10 PM

@Muehlenhoff I think that makes sense, are the updates run manually when Debian issues a release?

gerritbot added a comment.Feb 14 2024, 9:02 AM

Change 1003004 merged by Muehlenhoff:

[operations/puppet@production] puppetserver: Also install the tool to update netboot images on puppet servers

https://gerrit.wikimedia.org/r/1003004

MoritzMuehlenhoff added a comment.Feb 14 2024, 9:21 AM
In T341056#9540458, @jhathaway wrote:

@Muehlenhoff I think that makes sense,

Ack, thanks. Let's do that then.

are the updates run manually when Debian issues a release?

Yes, the netboot images don't contain firmware and since we need firmware very early for some NICs to even initiate the PXE boot, we hacked this script together to add them. And this use case will be needed for longer; while Debian created the new firmware-non-free section in the archive to allow regular installation media to include firmware, fixing the netboot image process to include is much more involved.
I think it's safe to say that the last person who ran that script before me was Faidon :-)

gerritbot added a comment.Feb 14 2024, 9:29 AM

Change 1003375 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] update-netboot-image: Update instructions for Puppet 7

https://gerrit.wikimedia.org/r/1003375

gerritbot added a comment.Feb 14 2024, 9:41 AM

Change 1003375 merged by Muehlenhoff:

[operations/puppet@production] update-netboot-image: Update instructions for Puppet 7

https://gerrit.wikimedia.org/r/1003375

jhathaway added a comment.Feb 14 2024, 3:37 PM

thanks for the additional context @Muehlenhoff!

Stashbot added a comment.Feb 16 2024, 10:58 AM

Mentioned in SAL (#wikimedia-operations) [2024-02-16T10:58:16Z] <moritzm> update bullseye/bookworm netboot images on the Puppet 7 volatile environment to the latest point releases (to bring in sync with volatile for Puppet 5) T341056

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits