Page MenuHomePhabricator
Create Task
Maniphest T364459

Migrate eqiad1 cloudnets to Neutron OVS agent
Closed, ResolvedPublic
Actions

Description

This task is for migrating the eqiad1 Neutron L3 routers to the OVS agent. This will cause some brief service outages, so it will need to be performed in a pre-announced maintenance window.

These should be done far in advance:

  • Prepare Puppet patches for the planned operations below, get them reviewed

These should be done just before the announced maintenance window:

  • Take the inactive cloudnet out of service (disable Puppet, stop Neutron services)
  • Reimage that host as a spare (this will need to use the no-firewall spare class)
  • Delete the Linuxbridge agent for the now-spare host from Neutron (openstack network agent delete)

At this point there is one spare host, and one active Linuxbridge host. Rollback plan at this point is to apply the previous role to the now-spare host.

Wait for announced maintenance window to begin.

  • Make the now-spare host as an OVS-based cloudnet in Puppet
  • Immediately disable Puppet and the Neutron services on the OVS host
    • sudo systemctl stop neutron-metadata-agent.service neutron-dhcp-agent.service neutron-l3-agent.service neutron-openvswitch-agent.service

At this point there is one active Linuxbridge host, and one inactive OVS host. Rollback plan at this point is to delete the new OVS agent from the Neutron database, and to reimage the now-OVS host back to a Linuxbridge host.

The following steps will cause some minor downtime (~30 sec in codfw1dev):

  • Disable Puppet and stop Neutron services on the active Linuxbridge host
    • sudo systemctl stop neutron-metadata-agent.service neutron-dhcp-agent.service neutron-l3-agent.service neutron-linuxbridge-agent.service
  • Update Neutron ports associated with any routers to use the OVS VIF type in the database (T358761#9780138)
    • sudo mariadb -u root neutron
    • SELECT * FROM ml2_port_bindings WHERE port_id IN (SELECT port_id FROM routerports WHERE router_id IN (SELECT id FROM routers))\G
    • UPDATE ml2_port_bindings SET vif_type = 'ovs' WHERE port_id IN (SELECT port_id FROM routerports WHERE router_id IN (SELECT id FROM routers));
    • to rollback: UPDATE ml2_port_bindings SET vif_type = 'bridge' WHERE port_id IN (SELECT port_id FROM routerports WHERE router_id IN (SELECT id FROM routers));
  • Start Neutron services on the new OVS host
    • sudo systemctl start neutron-metadata-agent.service neutron-dhcp-agent.service neutron-l3-agent.service neutron-openvswitch-agent.service

At this point there is one active OVS host and one inactive Linuxbridge host. Rollback plan at this point is to follow this section section but in the opposite direction (replace OVS with Linuxbridge and the other way around in the instructions).

  • Reimage old Linuxbridge host as a spare
  • Delete the old Linuxbridge agent from the Neutron database
  • Apply the OVS cloudnet role to the spare host

At this point there is one active OVS host and one standby OVS host. Rollback plan at this point is to follow this entire procedure but in the opposite direction.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
site: Move cloudnet1006 to net_ovsoperations/puppetproduction+1 -5
site: Move cloudnet1006 to insetup_nofermoperations/puppetproduction+1 -1
site: Move cloudnet1005 to OVS agentoperations/puppetproduction+1 -1
openstack: cloudnet: Add one-off cookbook for OVS migrationcloud/wmcs-cookbooksmain+134 -0
site: Move cloudnet1005 to insetup_noferm to prep for OVSoperations/puppetproduction+5 -1
O:wmcs::openstack: add eqiad1 net_ovs roleoperations/puppetproduction+35 -1
P:openstack: neutron: add ovs config to eqiad1 profilesoperations/puppetproduction+45 -12
Customize query in gerrit

Related Objects
Search...

Event Timeline

taavi created this task.May 8 2024, 9:57 AM
taavi updated the task description. (Show Details)May 9 2024, 1:38 PM
taavi updated the task description. (Show Details)May 9 2024, 3:46 PM
taavi updated the task description. (Show Details)May 9 2024, 4:15 PM
taavi updated the task description. (Show Details)May 10 2024, 8:31 AM
taavi updated the task description. (Show Details)May 10 2024, 8:33 AM
taavi updated the task description. (Show Details)May 10 2024, 8:46 AM
taavi updated the task description. (Show Details)
dcaro subscribed.May 14 2024, 10:33 AM

I have some questions:

  • What tests will be run on each checkpoint? (linuxbridge active-ovs inactive, ovs active-linuxbridge inactive, ovs active-ovs inactive)
  • The outage will affect all the running VMs or only creating new ones?
    • If it affects all the running VMs, it will affect NFS servers too right? Will the announcement be for all services? (quarry/paws/toolforge/cloudvps/...)
      • Do you expect NFS in toolforge (specifically, though probably others) to come back up without issues?
  • Is the failover process the same with OVS? (we have some cookbooks that deal with it, do they need updating?)
  • Are there any changes needed in Netbox? (I'm guessing no, as they are not mentioned there xd, asking just in case)
taavi added a comment.May 14 2024, 10:55 AM
In T364459#9793907, @dcaro wrote:

I have some questions:

  • What tests will be run on each checkpoint? (linuxbridge active-ovs inactive, ovs active-linuxbridge inactive, ovs active-ovs inactive)

I need to check what exactly the network tests cookbook does, but possibly that. The main thing to look for is traffic getting in and out of the Neutron-managed VLAN and not getting duplicated.

  • The outage will affect all the running VMs or only creating new ones?

This will affect all traffic coming in and out of the Neutron-manage dvirtual network. Based on my tests in codfw1dev I expect the outage to last for about half a minute.

  • If it affects all the running VMs, it will affect NFS servers too right? Will the announcement be for all services? (quarry/paws/toolforge/cloudvps/...)

It will affect the dumps shares since those are hosted outside Cloud VPS, but not traffic from and to the virtualized NFS servers since that never leaves the Neutron VLAN. (I'm assuming the DNS outage for half a minute won't have an effect on existing NFS shares.)

  • Do you expect NFS in toolforge (specifically, though probably others) to come back up without issues?

See above, the Toolforge NFS server will not be affected. Toolforge K8s might see some issues with the dumps shares, but that is a) read-only and b) much less used, so while we should expect some things to get stuck I don't expect issues on the scale of a general NFS outage would create.

  • Is the failover process the same with OVS? (we have some cookbooks that deal with it, do they need updating?)

The general process is the same, with possible s/linuxbridge/openvswitch/ somewhere. I'll check the cookbooks.

  • Are there any changes needed in Netbox? (I'm guessing no, as they are not mentioned there xd, asking just in case)

No.

cmooney subscribed.May 14 2024, 11:12 AM

Thanks for the task @taavi. Looks well put together let me know the exact time you're starting and if feel free to ping me if there is anything you need checked from the physical network side of things (where MAC addresses are in the forwarding tables etc.)

taavi added a comment.May 14 2024, 12:12 PM

This operation is scheduled for 2024-05-21 starting at around 14:00 UTC: https://lists.wikimedia.org/hyperkitty/list/cloud@lists.wikimedia.org/thread/AYR45M4X2RFUVRDXBDEVT4P7LJRYHV6J/

taavi changed the task status from Open to In Progress.May 14 2024, 12:19 PM
taavi moved this task from Backlog to In progress on the cloud-services-team (FY2023/2024-Q3-Q4) board.
Don-vip subscribed.May 14 2024, 12:20 PM
gerritbot added a comment.May 16 2024, 8:13 AM

Change #1032388 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:openstack: neutron: add ovs config to eqiad1 profiles

https://gerrit.wikimedia.org/r/1032388

gerritbot added a project: Patch-For-Review.May 16 2024, 8:13 AM

Change #1032389 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] O:wmcs::openstack: add eqiad1 net_ovs role

https://gerrit.wikimedia.org/r/1032389

gerritbot added a comment.May 16 2024, 8:13 AM

Change #1032390 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] site: Move cloudnet1005 to insetup_noferm to prep for OVS

https://gerrit.wikimedia.org/r/1032390

gerritbot added a comment.May 16 2024, 8:13 AM

Change #1032391 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] site: Move cloudnet1005 to insetup_noferm to OVS agent

https://gerrit.wikimedia.org/r/1032391

gerritbot added a comment.May 16 2024, 11:04 AM

Change #1032388 merged by Majavah:

[operations/puppet@production] P:openstack: neutron: add ovs config to eqiad1 profiles

https://gerrit.wikimedia.org/r/1032388

gerritbot added a comment.May 16 2024, 11:09 AM

Change #1032389 merged by Majavah:

[operations/puppet@production] O:wmcs::openstack: add eqiad1 net_ovs role

https://gerrit.wikimedia.org/r/1032389

gerritbot added a comment.May 20 2024, 2:26 PM

Change #1034089 had a related patch set uploaded (by Majavah; author: Majavah):

[cloud/wmcs-cookbooks@main] openstack: cloudnet: Add one-off cookbook for OVS migration

https://gerrit.wikimedia.org/r/1034089

Stashbot added a comment.May 21 2024, 8:18 AM

Mentioned in SAL (#wikimedia-cloud) [2024-05-21T08:18:42Z] <taavi> stop neutron services on cloudnet1005 T364459

gerritbot added a comment.May 21 2024, 8:57 AM

Change #1032390 merged by Majavah:

[operations/puppet@production] site: Move cloudnet1005 to insetup_noferm to prep for OVS

https://gerrit.wikimedia.org/r/1032390

gerritbot added a comment.May 21 2024, 9:59 AM

Change #1034089 merged by jenkins-bot:

[cloud/wmcs-cookbooks@main] openstack: cloudnet: Add one-off cookbook for OVS migration

https://gerrit.wikimedia.org/r/1034089

taavi mentioned this in rCCKB1ac9268f0522: openstack: cloudnet: Add one-off cookbook for OVS migration.May 21 2024, 9:59 AM
taavi updated the task description. (Show Details)May 21 2024, 10:00 AM
gerritbot added a comment.May 21 2024, 11:05 AM

Change #1032391 merged by Majavah:

[operations/puppet@production] site: Move cloudnet1005 to OVS agent

https://gerrit.wikimedia.org/r/1032391

taavi updated the task description. (Show Details)May 21 2024, 11:10 AM
taavi updated the task description. (Show Details)May 21 2024, 11:27 AM
Maintenance_bot removed a project: Patch-For-Review.May 21 2024, 11:30 AM
gerritbot added a comment.May 21 2024, 11:31 AM

Change #1034468 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] site: Move cloudnet1006 to insetup_noferm

https://gerrit.wikimedia.org/r/1034468

gerritbot added a project: Patch-For-Review.May 21 2024, 11:31 AM

Change #1034469 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] site: Move cloudnet1006 to net_ovs

https://gerrit.wikimedia.org/r/1034469

gerritbot added a comment.May 21 2024, 11:32 AM

Change #1034468 merged by Majavah:

[operations/puppet@production] site: Move cloudnet1006 to insetup_noferm

https://gerrit.wikimedia.org/r/1034468

gerritbot added a comment.May 21 2024, 12:07 PM

Change #1034469 merged by Majavah:

[operations/puppet@production] site: Move cloudnet1006 to net_ovs

https://gerrit.wikimedia.org/r/1034469

taavi updated the task description. (Show Details)May 21 2024, 12:16 PM
Maintenance_bot removed a project: Patch-For-Review.May 21 2024, 12:30 PM
taavi closed this task as Resolved.May 21 2024, 1:44 PM
dcaro mentioned this in T365462: MetricsinfraAlertmanagerDown.May 22 2024, 8:40 AM
fnegri moved this task from In progress to Done on the cloud-services-team (FY2023/2024-Q3-Q4) board.Jun 10 2024, 2:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits