Page MenuHomePhabricator

Update puppet-dev project puppetmaster
Closed, ResolvedPublic

Description

All of cloud vps is being upgraded to puppet7 with new puppet infra. Each puppetmaster needs to be replaced with a version 7 puppetmaster, and then VMs upgraded to puppet7.

Your project contains the following v5 puppetmaster:

project-pm.puppet-dev.eqiad1.wikimedia.cloud

Please take a moment to consider whether or not you stlil need this project puppetmaster. If you do, migrate with the following steps. Do not hesitate to ask for help from @Andrew or @taavi on IRC if you run into trouble.

In order to migrate:

  1. Make sure you have available quota to create a new g3.cores1.ram2.disk20 VM. If you need more space please open a quota ticket.
  1. Create a 5GB cinder volume (named <projectname>-puppetserver or similar) and mount it as /srv on the existing puppetmaster. Them on the existing puppetmaster:
$ sudo cp -a /var/lib/git /srv
$ mkdir /srv/puppet
$ sudo cp -a /var/lib/puppet/server /srv/puppet
  1. Unmount and detach the cinder volume
  2. Create a new VM for the v7 puppet server, using a flavor with at least 2GB of RAM and Debian Bookworm and a name with 'puppetserver' in it (rather than the deprecated 'puppetmaster'
  3. Mount the previously-created cinder volume at /srv on the new server
  4. Make the new VM a puppetserver by following directions at https://wikitech.wikimedia.org/wiki/Help:Project_puppetserver#Step_1:_Setup_a_puppetserver.

Puppet classes:

role::puppetserver::cloud_vps_project

hiera:

profile::puppet::agent::force_puppet7: true
puppetmaster: puppet
  1. Adjust ownership on the new puppetserver:
$ sudo chown -R gitpuppet /srv/git; chgrp -R gitpuppet /srv/git
$ sudo chown -R puppet /srv/puppet; chgrp -R puppet /srv/puppet
$ sudo run-puppet-agent; sudo run-puppet-agent
$ sudo systemctl restart puppetserver
$ sudo puppetserver-deploy-code 
  1. Assuming that puppet is now running cleanly on the new puppetserver, move existing VMs to the new host with the hiera setting
puppetmaster: <new puppetserver fqdn>
  1. Finally, update clients of the new puppetserver with the hiera setting
profile::puppet::agent::force_puppet7: true

Debian Buster hosts will complain about not being able to install puppet7 but the warning is harmless for now.

Event Timeline

Andrew claimed this task.

10:28 AM taavi, jhathaway, moritzm, is the puppet-dev project effectively defunct now that jbond has departed? It's unmarked on the purge page and also has https://phabricator.wikimedia.org/T361593 with no response
10:29 AM
<moritzm> Moritz Mühlenhoff let me have a look
10:31 AM I haven't used it for ages and I think it was mostly used to stage/test the puppet 7. from my PoV it can be phased out unless Jesse or Taavi still use it
10:32 AM <andrewbogott> Andrew Bogott ok, thanks moritzm, let's see if anyone else has an opinion :)
10:34 AM
<jhathaway> Jesse Hathaway I agree with moritzm, I would like to keep the project around, but the instances can be removed
10:35 AM <andrewbogott> Andrew Bogott great, shall I delete things right now?
10:37 AM
<jhathaway> Jesse Hathaway fine by me, unless taavi objects
10:37 AM
<jbond> John Bond ftw also good with me
10:37 AM
<taavi> Taavi Väänänen no objections from me