Shutdown of Puppet 5 servers
Open, HighPublic
Actions

Assigned To

None

Authored By

	MoritzMuehlenhoff
	May 24 2024, 10:38 AM

Description

This meta task tracks remaining steps which need to happen before we can retire the Puppet 5 servers

Details

Related Changes in Gerrit:

Subject	Repo	Branch	Lines +/-
Move the puppetmaster puppetdb client class under puppet_compiler	operations/puppet	production	+5 -19
Remove puppetmaster::ca_server and related classes	operations/puppet	production	+0 -45
Revert "Remove puppetmaster::gitclone and related classes"	operations/puppet	production	+396 -0
Remove puppetmaster::gitclone and related classes	operations/puppet	production	+0 -387
Remove puppetmaster::web_frontend and related classes	operations/puppet	production	+0 -198
Remove puppetmaster::passenger and related files	operations/puppet	production	+0 -114
Remove puppetmaster:ssl	operations/puppet	production	+0 -62
Remove puppetmaster::rsync and related classes	operations/puppet	production	+0 -51
Remove puppetmaster::monitoring and related classes	operations/puppet	production	+0 -176
Remove puppetmaster::r10k	operations/puppet	production	+0 -47
puppetdb: Drop firewall rule for access to Puppet 5 servers	operations/puppet	production	+0 -12
profile::puppet::agent: Remove support for Buster	operations/puppet	production	+41 -52
Remove now obsolete Cumin aliases for Buster and Puppet 5	operations/puppet	production	+1 -2
sre.hosts.decommission: Hack to allow decommission of puppetmaster1001	operations/cookbooks	master	+2 -2
Remove puppetmaster::frontend role	operations/puppet	production	+0 -26
sre.puppet.sync-netbox-hiera: Remove support for Puppet 5	operations/cookbooks	master	+1 -18
sre.ganeti.makevm: Stop passing the puppetversion	operations/cookbooks	master	+1 -3
pcc_update_facts: Rename variables	operations/puppet	production	+14 -14
Remove puppetmaster2001 from active Puppet 5 servers	operations/puppet	production	+0 -3
Remove puppetmaster role from puppetmaster2001	operations/puppet	production	+5 -1
Stop running the IP reputation dump on the Puppet 5 servers	operations/puppet	production	+1 -1
Remove ip_reputation_vendors from puppetmasters	operations/puppet	production	+0 -19
Remove ip_reputation_vendors from Puppet 5 servers	operations/puppet	production	+0 -16
Remove puppetmaster::updatenetboot	operations/puppet	production	+0 -21
Remove Puppet 5 volatile directory from backups	operations/puppet	production	+0 -4
Copy yamllint into the puppetserver module and use it	operations/puppet	production	+10 -1
Remove remaining traces of profile::puppet::agent::force_puppet7	operations/puppet	production	+0 -8
Move validatecloudvpsfqdn.py out of the puppetmaster module	operations/puppet	production	+2 -2
Rename enc_client and move under puppetserver	operations/puppet	production	+8 -8
Remove puppetmaster spec files	operations/puppet	production	+0 -200
Remove profile::puppet::agent::force_puppet7 from traffic hosts	operations/puppet	production	+0 -17
Remove profile::puppet::agent::force_puppet7 from Data Platform roles	operations/puppet	production	+2 -60
Remove profile::puppet::agent::force_puppet7 from search roles	operations/puppet	production	+2 -29
Remove profile::puppet::agent::force_puppet7 for Cloud VPS	operations/puppet	production	+0 -8
Remove profile::puppet::agent::force_puppet7 from IF roles	operations/puppet	production	+0 -66
Remove profile::puppet::agent::force_puppet7 from serviceops roles	operations/puppet	production	+2 -41
Remove profile::puppet::agent::force_puppet7 from cloud roles	operations/puppet	production	+0 -35
Remove profile::puppet::agent::force_puppet7 from observability roles	operations/puppet	production	+0 -28
Remove profile::puppet::agent::force_puppet7 from collab roles	operations/puppet	production	+1 -32
Remove profile::puppet::agent::force_puppet7 from ML roles	operations/puppet	production	+1 -26
Remove profile::puppet::agent::force_puppet7 from DB hosts	operations/puppet	production	+0 -29
Remove profile::puppet::agent::force_puppet7 from Cassandra hosts	operations/puppet	production	+0 -7
Remove profile::puppet::agent::force_puppet7 from swift/ceph hosts	operations/puppet	production	+0 -9
Remove profile::puppet::agent::force_puppet7 from backup hosts	operations/puppet	production	+0 -18
Remove profile::puppet::agent::force_puppet7 from insetup roles	operations/puppet	production	+0 -20
puppet: Remove the force_puppet7 parameter	operations/puppet	production	+0 -5
Remove Puppet 5 settings from late_command.sh	operations/puppet	production	+31 -38
Rename puppetmaster::gitsync and move under puppetserver	operations/puppet	production	+5 -5
Rename stale_certs_exporter and move under puppetserver	operations/puppet	production	+2 -2
pontoon: Cleanup dead projects	operations/puppet	production	+0 -80
Remove puppetmaster::scripts	operations/puppet	production	+0 -74
Only select Puppet version based on the Debian release	operations/puppet	production	+2 -6
Remove now obsolete spec test for Puppet 5 facts upload	operations/puppet	production	+0 -11
Remove puppetmaster::backend role and related Hiera settings	operations/puppet	production	+1 -126
puppetdb: Remove access for puppetmaster1003	operations/puppet	production	+0 -1
Remove puppetmaster::backend role from puppetmaster1003	operations/puppet	production	+1 -1
Remove puppetmaster1003 from active Puppet 5 servers	operations/puppet	production	+0 -1
Remove puppetmaster2002 from allowed hosts	operations/puppet	production	+0 -1
Remove puppetmaster::backend role from puppetmaster2002	operations/puppet	production	+1 -1
Remove puppetmaster2002	operations/puppet	production	+0 -1
Stop using puppetmaster2002 for Blackbox smoke tests	operations/puppet	production	+1 -1
Remove one additional obsolete Puppet 5 for Cloud VPS class	operations/puppet	production	+0 -23
Remove obsolete WMCS Puppet 5 master classes no longer used/needed	operations/puppet	production	+0 -24
Remove obsolete puppetmaster::certmanager class	operations/puppet	production	+1 -28
Copy puppet git hooks to puppetserver module	operations/puppet	production	+21 -0
Puppetserver: Update hooks	operations/puppet	production	+3 -3
Move Puppet CA monitoring out of the puppetmaster module	operations/puppet	production	+5 -8
puppetdb: Move JVM config out of the puppetmaster module	operations/puppet	production	+1 -1
Remove puppet checkout on pybaltest	operations/puppet	production	+0 -6
pontoon: Remove more puppet 5 leftovers	operations/puppet	production	+0 -11
Move puppetdb.tuning.conf template	operations/puppet	production	+1 -3
Move update-netboot-image.sh to the puppetserver module	operations/puppet	production	+2 -4
swift::proxy: Limit access to swift ring sync to Puppet 7 servers	operations/puppet	production	+1 -2
Remove mcrouter CA setup	operations/puppet	production	+0 -390
thanos: Limit access to swift ring sync to Puppet 7 servers	operations/puppet	production	+1 -2
Stop syncing swift rings on Puppet 5 frontends	operations/puppet	production	+0 -4
Remove Pontoon support for Puppet 5 puppet masters	operations/puppet	production	+0 -500
puppetserver::git::private: Use wrapper from puppetserver module	operations/puppet	production	+1 -3

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T330490 Next steps for Puppet 7
Open		None	T335765 Migrate all CI jobs from buster to bullseye or later and drop buster testing support
Open		None	T365798 Shutdown of Puppet 5 servers
Open		MoritzMuehlenhoff	T357750 Phase out cergen
Resolved		BTullis	T360412 Phase out cergen for Data Platform services
Resolved		Dzahn	T360413 Phase out cergen for Collaboration Services services
Resolved		Dzahn	T369796 Puppet CA certificate phabricator.discovery.wmnet is about to expire
Resolved		andrea.denisse	T360414 Phase out cergen for Observability services
Resolved		BTullis	T360439 Phase out cergen for Search Platform services
Resolved		elukey	T356412 Consolidate TLS cert puppetry for ms and thanos swift frontends
Resolved		CDobbins	T360506 Migrate purged away from cergen-issued certificate
Resolved		MoritzMuehlenhoff	T360636 Phase out cergen for ServiceOps services
Resolved		MoritzMuehlenhoff	T360778 Move maps/karthoterian to PKI/cfssl
Resolved		Jgreen	T360779 Phase out cergen for Fundraising services
Resolved		MoritzMuehlenhoff	T364622 Review/cleanup content of /srv/git/private/modules/secret/secrets/ssl in the private repo
Resolved		MoritzMuehlenhoff	T349619 Migrate roles to puppet7
Resolved		jbond	T350118 Investigate PKI errors
Resolved		jbond	T351181 syslog tls clients failing to connect to centrallog2002 post puppet7 migration
Resolved		jbond	T324623 Switch rsyslog from gtls to ossl
Resolved		ABran-WMF	T352974 puppet7 on cumin breaks database connections
Declined		BTullis	T354411 Revert dbstore migration from puppet7 to puppet5
Resolved		Ladsgroup	T354719 Deploy grants for cumin1002
Resolved		dcaro	T309789 [ceph] Upgrade hosts to bullseye
Resolved		dcaro	T369026 [reimage,ceph] reimaging cloudcephosd hosts gets stuck in network configuration screen
Resolved		Andrew	T383817 partman vs cloudcephosd1012
Resolved		None	T396940 cloudcephosd1xxxx.private.eqiad.wikimedia.cloud
Resolved		bking	T354959 Migrate Search Platform-owned hosts to Puppet 7
Resolved		MoritzMuehlenhoff	T365799 Revert back to fleet-wide acmechief config once all ACME consumers are on Puppet 7
Resolved		MoritzMuehlenhoff	T367399 Default to the Puppet 7 PCC CI test, make it voting and eventually remove the Puppet 5 one
Resolved		elukey	T368023 Move the private Puppet repository to puppetserver1001
Resolved		elukey	T371252 conftool and pyparsing requirements
Resolved	Request	Jhancock.wm	T412783 decommission puppetmaster2002
Open		None	T415255 Remove Puppet 5 CA cert from wmf-certificates cert bundle

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Change #1224687 merged by Muehlenhoff:

[operations/puppet@production] Rename stale_certs_exporter and move under puppetserver

https://gerrit.wikimedia.org/r/1224687

Change #1224689 merged by Muehlenhoff:

[operations/puppet@production] Rename puppetmaster::gitsync and move under puppetserver

https://gerrit.wikimedia.org/r/1224689

Change #1224722 merged by Muehlenhoff:

[operations/puppet@production] Remove Puppet 5 settings from late_command.sh

https://gerrit.wikimedia.org/r/1224722

Change #1224605 merged by Muehlenhoff:

[operations/puppet@production] puppet: Remove the force_puppet7 parameter

https://gerrit.wikimedia.org/r/1224605

Change #1225502 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from insetup roles

https://gerrit.wikimedia.org/r/1225502

Change #1225502 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from insetup roles

https://gerrit.wikimedia.org/r/1225502

Change #1225519 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from backup hosts

https://gerrit.wikimedia.org/r/1225519

Change #1225522 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from swift/ceph hosts

https://gerrit.wikimedia.org/r/1225522

Change #1225524 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from traffic hosts

https://gerrit.wikimedia.org/r/1225524

Change #1225525 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from Cassandra hosts

https://gerrit.wikimedia.org/r/1225525

Mentioned in SAL (#wikimedia-operations) [2026-01-12T12:17:30Z] <moritzm> revoked legacy default-staging-certificate certificate T365798

Mentioned in SAL (#wikimedia-operations) [2026-01-12T12:19:16Z] <moritzm> revoked legacy ganeti02.svc.esams certificate T365798

Mentioned in SAL (#wikimedia-operations) [2026-01-12T12:26:37Z] <moritzm> revoked legacy linkrecommendation discovery certificate T365798

Change #1225519 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from backup hosts

https://gerrit.wikimedia.org/r/1225519

Change #1225522 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from swift/ceph hosts

https://gerrit.wikimedia.org/r/1225522

Change #1225576 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from DB hosts

https://gerrit.wikimedia.org/r/1225576

Change #1225525 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from Cassandra hosts

https://gerrit.wikimedia.org/r/1225525

Change #1225576 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from DB hosts

https://gerrit.wikimedia.org/r/1225576

Change #1226175 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from collab roles

https://gerrit.wikimedia.org/r/1226175

Change #1226176 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from ML roles

https://gerrit.wikimedia.org/r/1226176

Change #1226178 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from observability roles

https://gerrit.wikimedia.org/r/1226178

Mentioned in SAL (#wikimedia-operations) [2026-01-13T10:06:50Z] <moritzm> revoked legacy similar-users discovery certificate T365798

Change #1226176 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from ML roles

https://gerrit.wikimedia.org/r/1226176

Change #1226175 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from collab roles

https://gerrit.wikimedia.org/r/1226175

Mentioned in SAL (#wikimedia-operations) [2026-01-13T15:11:31Z] <moritzm> revoked legacy restbase discovery certificate T365798

Change #1226178 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from observability roles

https://gerrit.wikimedia.org/r/1226178

Change #1227261 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from serviceops roles

https://gerrit.wikimedia.org/r/1227261

Change #1227264 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from cloud roles

https://gerrit.wikimedia.org/r/1227264

Change #1227270 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from search roles

https://gerrit.wikimedia.org/r/1227270

Change #1227264 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from cloud roles

https://gerrit.wikimedia.org/r/1227264

Change #1227261 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from serviceops roles

https://gerrit.wikimedia.org/r/1227261

Change #1227292 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from IF roles

https://gerrit.wikimedia.org/r/1227292

Change #1227292 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from IF roles

https://gerrit.wikimedia.org/r/1227292

Change #1227313 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from Data Platform roles

https://gerrit.wikimedia.org/r/1227313

Change #1227322 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 for Cloud VPS

https://gerrit.wikimedia.org/r/1227322

Change #1227322 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 for Cloud VPS

https://gerrit.wikimedia.org/r/1227322

Change #1227270 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from search roles

https://gerrit.wikimedia.org/r/1227270

Change #1227313 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from Data Platform roles

https://gerrit.wikimedia.org/r/1227313

Change #1225524 merged by Muehlenhoff:

[operations/puppet@production] Remove profile::puppet::agent::force_puppet7 from traffic hosts

https://gerrit.wikimedia.org/r/1225524

Change #1227616 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove remaining traces of profile::puppet::agent::force_puppet7

https://gerrit.wikimedia.org/r/1227616

Change #1227618 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Rename enc_client and move under puppetserver

https://gerrit.wikimedia.org/r/1227618

Change #1227694 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Move validatecloudvpsfqdn.py out of the puppetmaster module

https://gerrit.wikimedia.org/r/1227694

Change #1227698 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster spec files

https://gerrit.wikimedia.org/r/1227698

Change #1227702 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Copy yamllint into the puppetserver module and use it

https://gerrit.wikimedia.org/r/1227702

Change #1227734 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] pcc_update_facts: Rename variables

https://gerrit.wikimedia.org/r/1227734

Change #1227698 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster spec files

https://gerrit.wikimedia.org/r/1227698

Change #1227618 merged by Muehlenhoff:

[operations/puppet@production] Rename enc_client and move under puppetserver

https://gerrit.wikimedia.org/r/1227618

Change #1227694 merged by Muehlenhoff:

[operations/puppet@production] Move validatecloudvpsfqdn.py out of the puppetmaster module

https://gerrit.wikimedia.org/r/1227694

Change #1227616 merged by Muehlenhoff:

[operations/puppet@production] Remove remaining traces of profile::puppet::agent::force_puppet7

https://gerrit.wikimedia.org/r/1227616

Change #1227702 merged by Muehlenhoff:

[operations/puppet@production] Copy yamllint into the puppetserver module and use it

https://gerrit.wikimedia.org/r/1227702

Change #1229107 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::updatenetboot

https://gerrit.wikimedia.org/r/1229107

Change #1229110 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove Puppet 5 volatile directory from backups

https://gerrit.wikimedia.org/r/1229110

Change #1229110 merged by Muehlenhoff:

[operations/puppet@production] Remove Puppet 5 volatile directory from backups

https://gerrit.wikimedia.org/r/1229110

Change #1229107 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::updatenetboot

https://gerrit.wikimedia.org/r/1229107

MoritzMuehlenhoff created subtask T415255: Remove Puppet 5 CA cert from wmf-certificates cert bundle.Thu, Jan 22, 12:11 PM

Change #1230331 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster role from puppetmaster2001

https://gerrit.wikimedia.org/r/1230331

Change #1230332 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster2001 from active Puppet 5 servers

https://gerrit.wikimedia.org/r/1230332

Change #1230912 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Stop running the IP reputation dump on the Puppet 5 servers

https://gerrit.wikimedia.org/r/1230912

Change #1230913 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove ip_reputation_vendors from Puppet 5 servers

https://gerrit.wikimedia.org/r/1230913

Change #1230914 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove ip_reputation_vendors from puppetmasters

https://gerrit.wikimedia.org/r/1230914

Change #1230913 abandoned by Muehlenhoff:

[operations/puppet@production] Remove ip_reputation_vendors from Puppet 5 servers

Reason:

dupe

https://gerrit.wikimedia.org/r/1230913

Mentioned in SAL (#wikimedia-operations) [2026-02-04T12:53:00Z] <moritzm> remove legacy eventstreams-internal discovery certificate T365798

Mentioned in SAL (#wikimedia-operations) [2026-02-04T13:00:21Z] <moritzm> remove legacy wdqs-internal discovery certificate T365798

Mentioned in SAL (#wikimedia-operations) [2026-02-04T14:27:52Z] <moritzm> remove legacy kibana discovery certificate T365798

Change #1230331 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster role from puppetmaster2001

https://gerrit.wikimedia.org/r/1230331

cookbooks.sre.hosts.decommission executed by jmm@cumin2002 for hosts: puppetmaster2001.codfw.wmnet

puppetmaster2001.codfw.wmnet (PASS)
- Downtimed host on Icinga/Alertmanager
- Found physical host
- Downtimed management interface on Alertmanager
- Wiped all swraid, partition-table and filesystem signatures
- Powered off
- [Netbox] Set status to Decommissioning, deleted all non-mgmt IPs, updated switch interfaces (disabled, removed vlans, etc)
- Configured the linked switch interface(s)
- Removed from DebMonitor
- Removed from Puppet master and PuppetDB

Change #1230332 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster2001 from active Puppet 5 servers

https://gerrit.wikimedia.org/r/1230332

Change #1237942 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/cookbooks@master] sre.ganeti.makevm: Stop passing the puppetversion

https://gerrit.wikimedia.org/r/1237942

Change #1237942 merged by Muehlenhoff:

[operations/cookbooks@master] sre.ganeti.makevm: Stop passing the puppetversion

https://gerrit.wikimedia.org/r/1237942

Change #1239314 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/cookbooks@master] sre.hosts.decommission: Hack to allow decommission of puppetmaster1001

https://gerrit.wikimedia.org/r/1239314

cookbooks.sre.hosts.decommission executed by jmm@cumin2002 for hosts: puppetmaster1001.eqiad.wmnet

puppetmaster1001.eqiad.wmnet (PASS)
- Downtimed host on Icinga/Alertmanager
- Found physical host
- Downtimed management interface on Alertmanager
- Wiped all swraid, partition-table and filesystem signatures
- Powered off
- [Netbox] Set status to Decommissioning, deleted all non-mgmt IPs, updated switch interfaces (disabled, removed vlans, etc)
- Configured the linked switch interface(s)
- Removed from DebMonitor
- Removed from Puppet master and PuppetDB

COMMON_STEPS (FAIL)
- Failed to run the sre.dns.netbox cookbook, run it manually

ERROR: some step on some host failed, check the bolded items above

Change #1239638 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/cookbooks@master] sre.puppet.sync-netbox-hiera: Remove support for Puppet 5

https://gerrit.wikimedia.org/r/1239638

Change #1239638 merged by Muehlenhoff:

[operations/cookbooks@master] sre.puppet.sync-netbox-hiera: Remove support for Puppet 5

https://gerrit.wikimedia.org/r/1239638

Change #1239647 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] puppetdb: Drop firewall rule for access to Puppet 5 servers

https://gerrit.wikimedia.org/r/1239647

Change #1239648 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove now obsolete Cumin aliases for Buster and Puppet 5

https://gerrit.wikimedia.org/r/1239648

Change #1239676 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::frontend role

https://gerrit.wikimedia.org/r/1239676

Change #1239676 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::frontend role

https://gerrit.wikimedia.org/r/1239676

Change #1239314 abandoned by Muehlenhoff:

[operations/cookbooks@master] sre.hosts.decommission: Hack to allow decommission of puppetmaster1001

https://gerrit.wikimedia.org/r/1239314

Change #1239749 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] profile::puppet::agent: Remove support for Buster

https://gerrit.wikimedia.org/r/1239749

Change #1239648 merged by Muehlenhoff:

[operations/puppet@production] Remove now obsolete Cumin aliases for Buster and Puppet 5

https://gerrit.wikimedia.org/r/1239648

Change #1239749 merged by Muehlenhoff:

[operations/puppet@production] profile::puppet::agent: Remove support for Buster

https://gerrit.wikimedia.org/r/1239749

Change #1239891 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::monitoring and related classes

https://gerrit.wikimedia.org/r/1239891

Change #1239895 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::gitclone and related classes

https://gerrit.wikimedia.org/r/1239895

Change #1239897 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::r10k

https://gerrit.wikimedia.org/r/1239897

Change #1239898 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::rsync and related classes

https://gerrit.wikimedia.org/r/1239898

Change #1239899 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::web_frontend and related classes

https://gerrit.wikimedia.org/r/1239899

Change #1239907 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::passenger and related files

https://gerrit.wikimedia.org/r/1239907

Change #1239908 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] This was only used with Puppet 5.

https://gerrit.wikimedia.org/r/1239908

MoritzMuehlenhoff closed subtask T364622: Review/cleanup content of /srv/git/private/modules/secret/secrets/ssl in the private repo as Resolved.Tue, Feb 17, 11:28 AM

Change #1239897 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::r10k

https://gerrit.wikimedia.org/r/1239897

Change #1239891 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::monitoring and related classes

https://gerrit.wikimedia.org/r/1239891

Change #1239898 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::rsync and related classes

https://gerrit.wikimedia.org/r/1239898

Change #1239908 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster:ssl

https://gerrit.wikimedia.org/r/1239908

Change #1239907 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::passenger and related files

https://gerrit.wikimedia.org/r/1239907

Change #1239899 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::web_frontend and related classes

https://gerrit.wikimedia.org/r/1239899

Change #1239895 merged by Muehlenhoff:

[operations/puppet@production] Remove puppetmaster::gitclone and related classes

https://gerrit.wikimedia.org/r/1239895

Change #1240242 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Revert "Remove puppetmaster::gitclone and related classes"

https://gerrit.wikimedia.org/r/1240242

Change #1240242 merged by Muehlenhoff:

[operations/puppet@production] Revert "Remove puppetmaster::gitclone and related classes"

https://gerrit.wikimedia.org/r/1240242

Change #1240268 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove puppetmaster::ca_server and related classes

https://gerrit.wikimedia.org/r/1240268

Change #1240278 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Move the puppetmaster puppetdb client class under puppet_compiler

https://gerrit.wikimedia.org/r/1240278

Shutdown of Puppet 5 serversOpen, HighPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

Shutdown of Puppet 5 servers
Open, HighPublic
Actions

Related Objects
Search...