Page MenuHomePhabricator
Create Task
Maniphest T341553

Allow running one-off scripts manually
Open, Needs TriagePublic
Actions

Description

Our developers/deployers are used to be able to launch mediawiki maintenance scripts using mwscript as follows:

  • ssh to the maintenance server
  • run mwscript <script-name> --wiki <wiki> or mwscript <script-name> <wiki>

How can we get developers to run one-off scripts on kubernetes?

I would imagine it would go as follows:

  • Add a Job definition to the mediawiki chart. Make it possible to apply either the Deployment or a Job. The Job should allow values to inject the arguments to "mwscript".
  • Create a dedicated namespace to run these one offs
  • Each Job should be a separate helm release, if we want multiple Jobs to be launched in parallel - that's the only way these resources can share the same namespace. We need to check if it's possible to adapt our helmfile to accept arbitrary release names.
  • A small wrapper called something like mwscript-k8s should check the user name, generate a random release name, run helm(file) passing the arguments from CLI as a value we'll inject as args for the container.

Details

SubjectRepoBranchLines +/-
deployment_server: Label and annotation improvements for mwscript-k8soperations/puppetproduction+6 -3
mediawiki: Add a comment annotation for mwscript jobsoperations/deployment-chartsmaster+10 -1
mediawiki: Add mwscript labels to the job as well as the podsoperations/deployment-chartsmaster+6 -1
deployment_server: Typo fix in mwscript_k8s.pyoperations/puppetproduction+1 -1
deployment_server: Add missing env variables to mwscript_k8soperations/puppetproduction+2 -0
deployment_server: Add mwscript_k8soperations/puppetproduction+190 -0
Add helmfile for running MediaWiki one-off jobs.operations/deployment-chartsmaster+84 -0
mediawiki: Support one-off jobsoperations/deployment-chartsmaster+78 -2
admin_ng: Add mw-script namespaceoperations/deployment-chartsmaster+24 -0
hieradata: Add kubeconfig files for mw-scriptoperations/puppetproduction+4 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Joe created this task.Jul 11 2023, 8:58 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 11 2023, 8:58 AM
Joe mentioned this in T341555: Allow running periodic jobs for mw on k8s.Jul 11 2023, 9:10 AM
Clement_Goubert updated the task description. (Show Details)Jul 11 2023, 9:21 AM
jijiki added a parent task: T341560: Migrate mwmaint server functionality to mw-on-k8s.Jul 11 2023, 9:57 AM
Joe added a comment.Jul 11 2023, 10:25 AM

One update:

it should be possible to use helmfile to support arbitrary release names, with something like

releases:
 - name: job-{{ requiredEnv "NAME_TOKEN" }}
   <<: *default

and thus setting the env variable NAME_TOKEN from the wrapper.

Clement_Goubert subscribed.Jul 12 2023, 8:52 AM
akosiaris subscribed.Jul 14 2023, 10:36 AM
taavi subscribed.Jul 14 2023, 10:50 AM
Lucas_Werkmeister_WMDE subscribed.Jul 20 2023, 4:10 PM

I hope that mwscript-k8s will finish with the right kubectl logs --follow command, so that deployers can see the output.

But also: if this system allows any deployer to list the currently running maintenance scripts and list their output, then that would be a pretty big advantage over the current setup IMHO. Right now, long-running scripts are usually run from tmux or screen, and only the original deployer and roots can see the output then.

Clement_Goubert moved this task from Incoming 🐫 to 🌻Mediawiki on the serviceops board.Aug 1 2023, 11:56 AM
RLazarus claimed this task.Sep 14 2023, 12:40 AM
gerritbot added a comment.Sep 14 2023, 12:41 AM

Change 957375 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] hieradata: Add kubeconfig files for mw-script

https://gerrit.wikimedia.org/r/957375

gerritbot added a project: Patch-For-Review.Sep 14 2023, 12:41 AM
gerritbot added a comment.Sep 14 2023, 12:44 AM

Change 957375 merged by RLazarus:

[operations/puppet@production] hieradata: Add kubeconfig files for mw-script

https://gerrit.wikimedia.org/r/957375

Maintenance_bot removed a project: Patch-For-Review.Sep 14 2023, 1:10 AM
gerritbot added a comment.Sep 14 2023, 2:31 AM

Change 957377 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] admin_ng: Add mw-script namespace

https://gerrit.wikimedia.org/r/957377

gerritbot added a project: Patch-For-Review.Sep 14 2023, 2:31 AM
gerritbot added a comment.Sep 14 2023, 2:46 AM

Change 957377 merged by jenkins-bot:

[operations/deployment-charts@master] admin_ng: Add mw-script namespace

https://gerrit.wikimedia.org/r/957377

Maintenance_bot removed a project: Patch-For-Review.Sep 14 2023, 3:10 AM
RLazarus mentioned this in T348284: Handle sidecar containers in one-off Kubernetes jobs.Oct 5 2023, 10:37 PM
ABran-WMF subscribed.Oct 9 2023, 8:06 AM
Clement_Goubert moved this task from Backlog to In Progress on the MW-on-K8s board.Oct 9 2023, 11:56 AM
gerritbot added a comment.Jan 9 2024, 6:59 AM

Change 988849 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] mediawiki: Support one-off jobs

https://gerrit.wikimedia.org/r/988849

gerritbot added a project: Patch-For-Review.Jan 9 2024, 6:59 AM

Change 988850 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] Add helmfile for running MediaWiki one-off jobs.

https://gerrit.wikimedia.org/r/988850

gerritbot added a comment.Jan 9 2024, 7:00 AM

Change 988851 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] deployment_server: Add mwscript_k8s

https://gerrit.wikimedia.org/r/988851

RLazarus added a subscriber: JMeybohm.Jan 9 2024, 7:41 AM

@Joe @JMeybohm That's a lot of code review at once, across two tasks -- I posted it all for context, but no expectation you'll have time to look at all of it immediately. (It's all tested together from my homedir on deploy2002, and works.) Here's the suggested reviewing order:

  1. Sidecar controller (chart and helmfile): https://gerrit.wikimedia.org/r/988847 and https://gerrit.wikimedia.org/r/988848
  2. MW Job config (chart and helmfile): https://gerrit.wikimedia.org/r/988849 and https://gerrit.wikimedia.org/r/988850
  3. Python wrapper: https://gerrit.wikimedia.org/r/988851
bking subscribed.Feb 6 2024, 10:45 PM
bking mentioned this in T356803: Develop recovery/reindex procedures for new Search Update Pipeline.Feb 6 2024, 10:51 PM
RLazarus added a comment.Feb 12 2024, 1:35 AM

Surfacing @JMeybohm's reasonable concern from https://gerrit.wikimedia.org/r/c/988851/comments/3827b6cd_15427748:

Running jobs via helmfile will result in one helm release per job run which will never be cleaned up. While not an immediate problem, this will clutter the mw-scripts namespace over time, leaving one k8s secret object per job run around. I thing we should have an idea how to (automatically) clean those up

And my response:

That's true. A couple of options offhand: we could add a periodic cleanup cronjob (which could also handle the case of a maintenance script that gets wedged at runtime, and hangs around forever). Or we could modify the sidecar controller to perform some additional cleanup after shutting down each job.

I don't love the second option -- partly because it changes up the controller's semantics, and partly because we'd have to keep the controller around indefinitely, rather than dropping it at Kubernetes 1.29 which has job-sidecar logic built in.

Keeping that discussion open here.

gerritbot added a comment.Feb 23 2024, 5:53 PM

Change 988849 merged by jenkins-bot:

[operations/deployment-charts@master] mediawiki: Support one-off jobs

https://gerrit.wikimedia.org/r/988849

gerritbot added a comment.Feb 23 2024, 5:55 PM

Change 988850 merged by jenkins-bot:

[operations/deployment-charts@master] Add helmfile for running MediaWiki one-off jobs.

https://gerrit.wikimedia.org/r/988850

gerritbot added a comment.Feb 23 2024, 5:55 PM

Change 988851 merged by RLazarus:

[operations/puppet@production] deployment_server: Add mwscript_k8s

https://gerrit.wikimedia.org/r/988851

Maintenance_bot removed a project: Patch-For-Review.Feb 23 2024, 6:30 PM
gerritbot added a comment.Feb 27 2024, 1:37 AM

Change 1006607 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] deployment_server: Add missing env variables to mwscript_k8s

https://gerrit.wikimedia.org/r/1006607

gerritbot added a project: Patch-For-Review.Feb 27 2024, 1:37 AM
gerritbot added a comment.Feb 27 2024, 1:54 AM

Change 1006607 merged by RLazarus:

[operations/puppet@production] deployment_server: Add missing env variables to mwscript_k8s

https://gerrit.wikimedia.org/r/1006607

Maintenance_bot removed a project: Patch-For-Review.Feb 27 2024, 2:30 AM
Lucas_Werkmeister_WMDE added a comment.Mar 1 2024, 1:43 PM

Random idea: T315510 still needs a few more maintenance script runs (at least one on enwiki and one no viwiki), but is currently blocked on application errors; if this task is close to being done, and that other task gets unblocked soon, then maybe we could use those maintenance scripts as an opportunity to test this new feature.

gerritbot added a comment.Mar 5 2024, 11:50 PM

Change 1008975 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] deployment_server: Typo fix in mwscript_k8s.py

https://gerrit.wikimedia.org/r/1008975

gerritbot added a project: Patch-For-Review.Mar 5 2024, 11:51 PM
gerritbot added a comment.Mar 5 2024, 11:55 PM

Change 1008975 merged by RLazarus:

[operations/puppet@production] deployment_server: Typo fix in mwscript_k8s.py

https://gerrit.wikimedia.org/r/1008975

Maintenance_bot removed a project: Patch-For-Review.Mar 6 2024, 12:30 AM
gerritbot added a comment.Mar 7 2024, 2:08 AM

Change 1009373 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] mediawiki: Add mwscript labels to the job as well as the pods

https://gerrit.wikimedia.org/r/1009373

gerritbot added a project: Patch-For-Review.Mar 7 2024, 2:08 AM
gerritbot added a comment.Mar 20 2024, 12:33 AM

Change 1009373 merged by jenkins-bot:

[operations/deployment-charts@master] mediawiki: Add mwscript labels to the job as well as the pods

https://gerrit.wikimedia.org/r/1009373

Maintenance_bot removed a project: Patch-For-Review.Mar 20 2024, 1:30 AM
gerritbot added a comment.Mar 20 2024, 2:40 AM

Change 1012802 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] mediawiki: Add a comment annotation for mwscript jobs

https://gerrit.wikimedia.org/r/1012802

gerritbot added a project: Patch-For-Review.Mar 20 2024, 2:40 AM

Change 1012803 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] deployment_server: Label and annotation improvements for mwscript-k8s

https://gerrit.wikimedia.org/r/1012803

gerritbot added a comment.Mar 25 2024, 9:36 PM

Change #1012802 merged by jenkins-bot:

[operations/deployment-charts@master] mediawiki: Add a comment annotation for mwscript jobs

https://gerrit.wikimedia.org/r/1012802

gerritbot added a comment.Mar 25 2024, 9:39 PM

Change #1012803 merged by RLazarus:

[operations/puppet@production] deployment_server: Label and annotation improvements for mwscript-k8s

https://gerrit.wikimedia.org/r/1012803

Maintenance_bot removed a project: Patch-For-Review.Mar 25 2024, 10:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL