Page MenuHomePhabricator
Create Task
Maniphest T365798

Shutdown of Puppet 5 servers
Open, HighPublic
Actions

Description

This meta task tracks remaining steps which need to happen before we can retire the Puppet 5 servers

Details

SubjectRepoBranchLines +/-
Move update-netboot-image.sh to the puppetserver moduleoperations/puppetproduction+2 -4
Move puppetdb.tuning.conf templateoperations/puppetproduction+1 -3
swift::proxy: Limit access to swift ring sync to Puppet 7 serversoperations/puppetproduction+1 -2
Remove mcrouter CA setupoperations/puppetproduction+0 -390
Remove puppet checkout on pybaltestoperations/puppetproduction+0 -6
pontoon: Remove more puppet 5 leftoversoperations/puppetproduction+0 -11
thanos: Limit access to swift ring sync to Puppet 7 serversoperations/puppetproduction+1 -2
Stop syncing swift rings on Puppet 5 frontendsoperations/puppetproduction+0 -4
Remove Pontoon support for Puppet 5 puppet mastersoperations/puppetproduction+0 -500
puppetserver::git::private: Use wrapper from puppetserver moduleoperations/puppetproduction+1 -3
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT330490 Next steps for Puppet 7
 OpenNoneT365798 Shutdown of Puppet 5 servers
 OpenMoritzMuehlenhoffT357750 Phase out cergen
 ResolvedBTullisT360412 Phase out cergen for Data Platform services
 ResolvedDzahnT360413 Phase out cergen for Collaboration Services services
 Resolvedandrea.denisseT360414 Phase out cergen for Observability services
 In Progressandrea.denisseT356386 Move all o11y services to discovery.wmnet
 ResolvedBTullisT360439 Phase out cergen for Search Platform services
 ResolvedelukeyT356412 Consolidate TLS cert puppetry for ms and thanos swift frontends
 OpenNoneT360506 Migrate purged away from cergen-issued certificate
 OpenNoneT360636 Phase out cergen for ServiceOps services
 ResolvedMoritzMuehlenhoffT360778 Move maps/karthoterian to PKI/cfssl
 ResolvedJgreenT360779 Phase out cergen for Fundraising services
 OpenMoritzMuehlenhoffT364622 Review/cleanup content of /srv/private/modules/secret/secrets/ssl in the private repo
 In ProgressNoneT349619 Migrate roles to puppet7
 ResolvedjbondT350118 Investigate PKI errors
 ResolvedjbondT351181 syslog tls clients failing to connect to centrallog2002 post puppet7 migration
 ResolvedjbondT324623 Switch rsyslog from gtls to ossl
 OpenNoneT351710 ossl rsyslog errors post-migration
 ResolvedfgiunchediT352968 Stop sending swift access logs to centrallog for non state-changing requests
 OpenNoneT351624 Probes for centrallog hosts fail to validate with "x509: issuer name does not match subject from issuing certificate"
 OpenNoneT351643 Warning re: excessive directory entries on prometheus with puppet7
 ResolvedABran-WMFT352974 puppet7 on cumin breaks database connections
 DeclinedBTullisT354411 Revert dbstore migration from puppet7 to puppet5
 ResolvedLadsgroupT354719 Deploy grants for cumin1002
 In ProgressdcaroT309789 [ceph] Upgrade hosts to bullseye
 ResolvedbkingT354959 Migrate Search Platform-owned hosts to Puppet 7
 OpenNoneT365799 Revert back to fleet-wide acmechief config once all ACME consumers are on Puppet 7
 OpenNoneT366355 Migrate puppet merges to a cookbook
 OpenNoneT367399 Default to the Puppet 7 PCC CI test, make it voting and eventually remove the Puppet 5 one
 OpenNoneT368023 Move the private Puppet repository to puppetserver1001

Event Timeline

MoritzMuehlenhoff created this task.Fri, May 24, 10:38 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFri, May 24, 10:38 AM
MoritzMuehlenhoff added a subtask: T357750: Phase out cergen.Fri, May 24, 10:39 AM
MoritzMuehlenhoff added a subtask: T349619: Migrate roles to puppet7.
MoritzMuehlenhoff added a subtask: T364622: Review/cleanup content of /srv/private/modules/secret/secrets/ssl in the private repo.Fri, May 24, 3:14 PM
joanna_borun subscribed.Mon, May 27, 9:40 AM
MoritzMuehlenhoff triaged this task as High priority.Mon, May 27, 1:17 PM
gerritbot added a comment.Fri, May 31, 12:11 PM

Change #1037778 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] puppetserver::git::private: Use wrapper from puppetserver module

https://gerrit.wikimedia.org/r/1037778

gerritbot added a project: Patch-For-Review.Fri, May 31, 12:11 PM
gerritbot added a comment.Thu, Jun 13, 2:46 PM

Change #1037778 merged by Muehlenhoff:

[operations/puppet@production] puppetserver::git::private: Use wrapper from puppetserver module

https://gerrit.wikimedia.org/r/1037778

Maintenance_bot removed a project: Patch-For-Review.Thu, Jun 13, 3:31 PM
gerritbot added a comment.Thu, Jun 13, 3:42 PM

Change #1043128 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Stop syncing swift rings on Puppet 5 frontends

https://gerrit.wikimedia.org/r/1043128

gerritbot added a project: Patch-For-Review.Thu, Jun 13, 3:42 PM
gerritbot added a comment.Fri, Jun 14, 5:35 AM

Change #1043513 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] thanos: Limit access to swift ring sync to Puppet 7 servers

https://gerrit.wikimedia.org/r/1043513

gerritbot added a comment.Fri, Jun 14, 5:38 AM

Change #1043516 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] swift::proxy: Limit access to swift ring sync to Puppet 7 servers

https://gerrit.wikimedia.org/r/1043516

gerritbot added a comment.Fri, Jun 14, 10:17 AM

Change #1043699 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove mcrouter CA setup

https://gerrit.wikimedia.org/r/1043699

gerritbot added a comment.Fri, Jun 14, 12:24 PM

Change #1043757 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove Pontoon support for Puppet 5 puppet masters

https://gerrit.wikimedia.org/r/1043757

gerritbot added a comment.Mon, Jun 17, 6:59 AM

Change #1043757 merged by Muehlenhoff:

[operations/puppet@production] Remove Pontoon support for Puppet 5 puppet masters

https://gerrit.wikimedia.org/r/1043757

gerritbot added a comment.Wed, Jun 19, 12:16 PM

Change #1043128 merged by Muehlenhoff:

[operations/puppet@production] Stop syncing swift rings on Puppet 5 frontends

https://gerrit.wikimedia.org/r/1043128

gerritbot added a comment.Wed, Jun 19, 12:33 PM

Change #1043513 merged by Muehlenhoff:

[operations/puppet@production] thanos: Limit access to swift ring sync to Puppet 7 servers

https://gerrit.wikimedia.org/r/1043513

gerritbot added a comment.Wed, Jun 19, 12:41 PM

Change #1047495 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Move update-netboot-image.sh to the puppetserver module

https://gerrit.wikimedia.org/r/1047495

gerritbot added a comment.Wed, Jun 19, 1:07 PM

Change #1047498 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Move puppetdb.tuning.conf template

https://gerrit.wikimedia.org/r/1047498

gerritbot added a comment.Wed, Jun 19, 1:17 PM

Change #1047502 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] pontoon: Remove more puppet 5 leftovers

https://gerrit.wikimedia.org/r/1047502

gerritbot added a comment.Wed, Jun 19, 1:33 PM

Change #1047509 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppet checkout on pybaltest

https://gerrit.wikimedia.org/r/1047509

gerritbot added a comment.Thu, Jun 20, 9:53 AM

Change #1043699 merged by Muehlenhoff:

[operations/puppet@production] Remove mcrouter CA setup

https://gerrit.wikimedia.org/r/1043699

gerritbot added a comment.Thu, Jun 20, 11:07 AM

Change #1043516 merged by Muehlenhoff:

[operations/puppet@production] swift::proxy: Limit access to swift ring sync to Puppet 7 servers

https://gerrit.wikimedia.org/r/1043516

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL