Page MenuHomePhabricator
Create Task
Maniphest T360795

Set up a bitu instance for codfw1dev
Open, LowPublic
Actions

Description

As we deprecate account and ssh management in wikitech in favor of bitu, we need an equivalent for management in codfw1dev.

@SLyngshede-WMF thinks that this will be straightforward, we just have to find a place to install it.

Details

SubjectRepoBranchLines +/-
P:trafficserver::backend remove CloudIDM.operations/puppetproduction+0 -5
Customize query in gerrit

Related Objects
Search...

Event Timeline

Andrew created this task.Mar 22 2024, 4:33 PM
Peachey88 unsubscribed.Mar 22 2024, 8:52 PM
Andrew added a comment.Apr 2 2024, 9:14 PM

@SLyngshede-WMF, how is bitu currently deployed? Ganeti, k8s, somewhere else?

SLyngshede-WMF added a comment.Apr 3 2024, 6:21 AM

Bitu is currently installed as a .deb package on two Ganeti hosts.

Andrew added a subtask: T362128: Site: 1 VM for codfw1dev bitu deployment.Apr 9 2024, 1:41 AM
nshahquinn unsubscribed.Apr 9 2024, 5:53 AM
MoritzMuehlenhoff subscribed.Apr 10 2024, 5:33 PM

What is the intended use case here? We already have a staging instance for Bitu

bd808 added a comment.EditedApr 10 2024, 5:46 PM
In T360795#9704885, @MoritzMuehlenhoff wrote:

What is the intended use case here? We already have a staging instance for Bitu

Management of the LDAP directory used in the codfw1dev OpenStack deployment. This is the "staging cluster" for WMCS OpenStack changes. It uses a project local LDAP directory that has historically been managed with https://labtestwikitech.wikimedia.org, but as Bitu replaces Wikitech's Developer account LDAP management features we need an equivalent replacement in the staging cluster.

MoritzMuehlenhoff added a comment.Apr 10 2024, 6:01 PM

Ah, right. Forgot about the local LDAP data base on it.

SLyngshede-WMF added a comment.Apr 11 2024, 6:17 AM

Just to ensure that everyone agrees on what we need. This will be one Ganeti VM, running Bitu, and an LDAP instance.

Do we need to have do a data migration from the old setup?

MoritzMuehlenhoff added a comment.Apr 11 2024, 6:49 AM

The labtest LDAP currently runs on cloudservices2004/2005-dev. I think we have two options: Either a separate Ganeti VM for the labtest/Bitu instance or we simply install it on cloudservices2004/2005, given that Bitu can simply be installed via a deb and only pulls in some moderate dependencies.

Andrew added a comment.Apr 11 2024, 3:58 PM

I'd prefer that it go on its own ganeti VM, as I'm trying to pare down on the total number if weird things that run on cloudservices.

MoritzMuehlenhoff added a comment.Apr 12 2024, 6:44 AM
In T360795#9707776, @Andrew wrote:

I'd prefer that it go on its own ganeti VM, as I'm trying to pare down on the total number if weird things that run on cloudservices.

Fair enough. Do you have any preference on the name? cloudidm2001.codfw.wmnet, e.g.?

Andrew added a comment.Apr 12 2024, 2:42 PM

Fair enough. Do you have any preference on the name? cloudidm2001.codfw.wmnet, e.g.?

idm2001-dev.codfw.wmnet (or, possibly, cloudidm2001-dev.codfw.wmnet) is consistent with naming elsewhere. The attached subtask (T362128) has more details.

Quiddity unsubscribed.Apr 12 2024, 8:07 PM
Andrew reassigned this task from Andrew to SLyngshede-WMF.May 31 2024, 8:02 PM
Andrew added a comment.Aug 21 2024, 2:31 PM

@SLyngshede-WMF can this be closed now?

SLyngshede-WMF added a comment.Aug 22 2024, 6:09 AM

@Andrew Sorry, this is still pending. I need to figure out what to do about the Redis dependency. The correct solution would be to build a Redis container, but that's yet another thing to maintain, so I'll see if I can make it work without it.

TBurmeister unsubscribed.Aug 22 2024, 6:02 PM
fnegri mentioned this in T328289: update labtestwiki user and password.Sep 23 2024, 4:25 PM
Ladsgroup subscribed.Sep 23 2024, 4:41 PM

FWIW, getting this deployed simplifies a lot of database stack see T328289: update labtestwiki user and password for example.

Ladsgroup awarded a token.Sep 23 2024, 4:42 PM
fnegri mentioned this in T375723: Which team should receive alerts for cloudidm2001-dev?.Sep 26 2024, 9:31 AM
fnegri moved this task from Inbox to Watching on the cloud-services-team board.Oct 1 2024, 11:13 AM
gerritbot added a comment.Oct 9 2024, 8:54 AM

Change #1078895 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/puppet@production] P:trafficserver::backend remove CloudIDM.

https://gerrit.wikimedia.org/r/1078895

gerritbot added a project: Patch-For-Review.Oct 9 2024, 8:54 AM

Change #1078895 merged by Slyngshede:

[operations/puppet@production] P:trafficserver::backend remove CloudIDM.

https://gerrit.wikimedia.org/r/1078895

Maintenance_bot removed a project: Patch-For-Review.Oct 9 2024, 9:30 AM
SLyngshede-WMF closed subtask T376871: Decommission cloudidm2001-dev as Resolved.Oct 11 2024, 6:57 AM
fnegri added a project: Infrastructure-Foundations.Oct 30 2024, 4:06 PM
SLyngshede-WMF triaged this task as Low priority.Nov 4 2024, 2:55 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits