Page MenuHomePhabricator
Create Task
Maniphest T372804

setup gerrit2003 with gerrit service (gerrit on bookworm)
Closed, ResolvedPublic
Actions

Description

gerrit2003 is new hardware and on bookworm

  • prepare hiera data and puppet code to allow applying the production gerrit role without starting any services / no influence on production
  • apply the gerrit production role and check for puppet issues / missing packages etc
  • determine if this is resolved once it's a warm standby host or if we switch production to this because it's newer hardware

Details

SubjectRepoBranchLines +/-
gerrit: add chown parameter to lfs data rsync, ensure daemon_user is usedoperations/puppetproduction+1 -0
gerrit: delete temp gerrit setup roleoperations/puppetproduction+0 -41
gerrit: remove Hiera keys on host gerrit2003 that are applied by roleoperations/puppetproduction+0 -27
site: apply gerrit role on gerrit2003operations/puppetproduction+1 -1
gerrit: sync lfs data also to new machineoperations/puppetproduction+1 -0
gerrit2003: move bind_service_ip Hiera key host name leveloperations/puppetproduction+7 -0
gerrit: set Hiera keys for nist_keys, nftablesoperations/puppetproduction+12 -0
Disable gerrit monitoring on gerrit2003operations/puppetproduction+4 -0
gerrit: comment out creation of site dir in migration profileoperations/puppetproduction+8 -3
gerrit: avoid duplicate declaration error on first setupoperations/puppetproduction+1 -3
gerrit: include gerrit profile in insetup::gerrit for testingoperations/puppetproduction+1 -1
gerrit: move passwords include from role to profileoperations/puppetproduction+1 -3
gerrit: make it possible to not bind the service IP on a gerrit serveroperations/puppetproduction+17 -3
gerrit: add acme_chief to gerrit-setup roleoperations/puppetproduction+12 -1
acme_chief: authorize new machine gerrit2003 to fetch gerrit certsoperations/puppetproduction+1 -0
gerrit::proxy: ensure /var/www/ exists before files under itoperations/puppetproduction+5 -0
gerrit::proxy: fix link target for gerrit logooperations/puppetproduction+1 -1
gerrit: add gerrit::proxy profile to insetup::gerrit roleoperations/puppetproduction+1 -0
gerrit: add backup::host, gerrit::migration etc to insetup roleoperations/puppetproduction+3 -0
site: add insetup-gerrit role to gerrit2003, remove gerrit1004 hieraoperations/puppetproduction+17 -23
gerrit: add firewall, java, scap, mail settings to Hiera for gerrit1004operations/puppetproduction+33 -0
gerrit: create a temp insetup role to test java install in bookwormoperations/puppetproduction+7 -1
gerrit: on gerrit2003, set firewall provider, admin groups, team owneroperations/puppetproduction+11 -0
gerrit: temp set a gerrit IP for testing, gerrit2003 onlyoperations/puppetproduction+4 -0
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

Dzahn created this task.Aug 19 2024, 5:25 PM
gerritbot added a comment.Aug 19 2024, 7:59 PM

Change #1063893 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] site: (WIP) try applying gerrit role on gerrit2003

https://gerrit.wikimedia.org/r/1063893

gerritbot added a project: Patch-For-Review.Aug 19 2024, 7:59 PM
gerritbot added a comment.Aug 19 2024, 8:24 PM

Change #1063896 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: temp set a gerrit IP for testing

https://gerrit.wikimedia.org/r/1063896

gerritbot added a comment.Aug 19 2024, 8:26 PM

Change #1063896 merged by Dzahn:

[operations/puppet@production] gerrit: temp set a gerrit IP for testing, gerrit2003 only

https://gerrit.wikimedia.org/r/1063896

gerritbot added a comment.Aug 19 2024, 8:33 PM

Change #1063898 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: on gerrit2003, set firewall provider, admin groups, team owner

https://gerrit.wikimedia.org/r/1063898

gerritbot added a comment.Aug 19 2024, 8:36 PM

Change #1063898 merged by Dzahn:

[operations/puppet@production] gerrit: on gerrit2003, set firewall provider, admin groups, team owner

https://gerrit.wikimedia.org/r/1063898

gerritbot added a comment.Aug 19 2024, 9:21 PM

Change #1063904 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: create a temp insetup role to test java install in bookworm

https://gerrit.wikimedia.org/r/1063904

gerritbot added a comment.Aug 21 2024, 4:16 PM

Change #1063904 merged by Dzahn:

[operations/puppet@production] gerrit: create a temp insetup role to test java install in bookworm

https://gerrit.wikimedia.org/r/1063904

gerritbot added a comment.Aug 21 2024, 4:24 PM

Change #1064412 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: add firewall, java, scap, mail settings to Hiera for gerrit1004

https://gerrit.wikimedia.org/r/1064412

gerritbot added a comment.Aug 21 2024, 9:04 PM

Change #1064412 merged by Dzahn:

[operations/puppet@production] gerrit: add firewall, java, scap, mail settings to Hiera for gerrit1004

https://gerrit.wikimedia.org/r/1064412

LSobanski triaged this task as Medium priority.Sep 4 2024, 9:04 AM
LSobanski moved this task from Incoming to Backlog on the collaboration-services board.
gerritbot added a comment.Sep 4 2024, 11:27 PM

Change #1070680 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] site: add insetup-gerrit role to gerrit2003, remove gerrit1004 hiera

https://gerrit.wikimedia.org/r/1070680

gerritbot added a comment.Sep 4 2024, 11:57 PM

Change #1070680 merged by Dzahn:

[operations/puppet@production] site: add insetup-gerrit role to gerrit2003, remove gerrit1004 hiera

https://gerrit.wikimedia.org/r/1070680

Dzahn changed the task status from Open to In Progress.Sep 5 2024, 12:03 AM
gerritbot added a comment.Sep 5 2024, 12:10 AM

Change #1070683 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: add backup::host, gerrit::migration etc to insetup role

https://gerrit.wikimedia.org/r/1070683

gerritbot added a comment.Sep 11 2024, 11:30 PM

Change #1070683 merged by Dzahn:

[operations/puppet@production] gerrit: add backup::host, gerrit::migration etc to insetup role

https://gerrit.wikimedia.org/r/1070683

gerritbot added a comment.Sep 12 2024, 12:12 AM

Change #1072323 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: add gerrit::proxy profile to insetup::gerrit role

https://gerrit.wikimedia.org/r/1072323

gerritbot added a comment.Sep 17 2024, 12:36 AM

Change #1072323 merged by Dzahn:

[operations/puppet@production] gerrit: add gerrit::proxy profile to insetup::gerrit role

https://gerrit.wikimedia.org/r/1072323

gerritbot added a comment.Sep 17 2024, 12:54 AM

Change #1073305 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit::proxy: files managed under /var/www/ require httpd

https://gerrit.wikimedia.org/r/1073305

gerritbot added a comment.Sep 17 2024, 1:08 AM

Change #1073308 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit::proxy: fix link target for gerrit logo

https://gerrit.wikimedia.org/r/1073308

gerritbot added a comment.Sep 19 2024, 6:21 PM

Change #1073308 merged by Dzahn:

[operations/puppet@production] gerrit::proxy: fix link target for gerrit logo

https://gerrit.wikimedia.org/r/1073308

gerritbot added a comment.Sep 19 2024, 7:58 PM

Change #1073305 merged by Dzahn:

[operations/puppet@production] gerrit::proxy: ensure /var/www/ exists before files under it

https://gerrit.wikimedia.org/r/1073305

gerritbot added a comment.Sep 19 2024, 10:00 PM

Change #1074275 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] acme_chief: authorize new machine gerrit2003 to fetch gerrit certs

https://gerrit.wikimedia.org/r/1074275

gerritbot added a comment.Sep 19 2024, 10:14 PM

Change #1074275 merged by Dzahn:

[operations/puppet@production] acme_chief: authorize new machine gerrit2003 to fetch gerrit certs

https://gerrit.wikimedia.org/r/1074275

gerritbot added a comment.Sep 20 2024, 4:35 PM

Change #1074477 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: include gerrit profile in insetup::gerrit for testing

https://gerrit.wikimedia.org/r/1074477

gerritbot added a comment.Sep 20 2024, 5:52 PM

Change #1074498 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: add acme_chief snippet to gerrit-setup role

https://gerrit.wikimedia.org/r/1074498

gerritbot added a comment.Sep 20 2024, 6:23 PM

Change #1074498 merged by Dzahn:

[operations/puppet@production] gerrit: add acme_chief to gerrit-setup role

https://gerrit.wikimedia.org/r/1074498

Dzahn added a comment.Sep 20 2024, 6:44 PM

gerrit2003 now has a working apache-based gerrit::proxy with certs, no puppet errors and everything.

except the actual gerrit application and we avoided adding any service IP

gerritbot added a comment.Oct 3 2024, 7:14 PM

Change #1077781 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: make it possible to not bind the service IP on a gerrit server

https://gerrit.wikimedia.org/r/1077781

gerritbot added a comment.Oct 4 2024, 6:01 PM

Change #1077781 merged by Dzahn:

[operations/puppet@production] gerrit: make it possible to not bind the service IP on a gerrit server

https://gerrit.wikimedia.org/r/1077781

gerritbot added a comment.Oct 8 2024, 8:00 PM

Change #1074477 merged by Dzahn:

[operations/puppet@production] gerrit: include gerrit profile in insetup::gerrit for testing

https://gerrit.wikimedia.org/r/1074477

gerritbot added a comment.Oct 8 2024, 8:40 PM

Change #1078748 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: move passwords include from role to profile

https://gerrit.wikimedia.org/r/1078748

gerritbot added a comment.Oct 8 2024, 8:48 PM

Change #1078748 merged by Dzahn:

[operations/puppet@production] gerrit: move passwords include from role to profile

https://gerrit.wikimedia.org/r/1078748

gerritbot added a comment.Oct 8 2024, 9:10 PM

Change #1078752 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: sync lfs data also to new machine

https://gerrit.wikimedia.org/r/1078752

Stashbot added a comment.Oct 8 2024, 9:34 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-08T21:34:38Z] <mutante> gerrit2003 - sudo -u gerrit-deploy /usr/bin/scap deploy-local --repo gerrit/gerrit -D log_json:False (for some reason this fails in puppet but works manually) T372804 T257317 T317412

Stashbot mentioned this in T317412: Automate Gerrit deployment steps.Oct 8 2024, 9:34 PM
Stashbot mentioned this in T257317: scap deploy --init on deployment server fails on first puppet run.
gerritbot added a comment.Oct 8 2024, 10:11 PM

Change #1078759 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: avoid duplicate declaration error on first setup

https://gerrit.wikimedia.org/r/1078759

gerritbot added a comment.Oct 8 2024, 10:42 PM

Change #1078759 merged by Dzahn:

[operations/puppet@production] gerrit: avoid duplicate declaration error on first setup

https://gerrit.wikimedia.org/r/1078759

gerritbot added a comment.Oct 9 2024, 10:25 PM

Change #1079026 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: comment out creation of site dir in migration profile

https://gerrit.wikimedia.org/r/1079026

gerritbot added a comment.Oct 9 2024, 11:19 PM

Change #1079026 merged by Dzahn:

[operations/puppet@production] gerrit: comment out creation of site dir in migration profile

https://gerrit.wikimedia.org/r/1079026

Dzahn added a comment.Oct 9 2024, 11:44 PM

For the first time puppet runs just fine on the new hardware now, before it is in production.

Also gerrit is deployed there already. Everything is in place minus "no service IP is bound to the NIC", we don't sync lfs-data yet and ?.

Dzahn added a comment.Oct 9 2024, 11:45 PM

Notably this also means gerrit on bookworm seems to work. Since no more puppet issues, app deployed, same Java version.

Stashbot added a comment.Oct 10 2024, 7:32 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-10T07:32:23Z] <hashar> Stopped gerrit service on gerrit2003.codfw.wmnet since it is not starting up properly | T372804

hashar subscribed.Oct 10 2024, 7:38 AM

The gerrit process on gerrit2003 does not start properly and is flapping:

Oct 10 07:29:21 gerrit2003 systemd[1]: gerrit.service: Scheduled restart job, restart counter is at 19328.
Oct 10 07:29:30 gerrit2003 systemd[1]: gerrit.service: Scheduled restart job, restart counter is at 19329.
Oct 10 07:29:38 gerrit2003 systemd[1]: gerrit.service: Scheduled restart job, restart counter is at 19330.
Oct 10 07:29:47 gerrit2003 systemd[1]: gerrit.service: Scheduled restart job, restart counter is at 19331.
Oct 10 07:29:56 gerrit2003 systemd[1]: gerrit.service: Scheduled restart job, restart counter is at 19332.
Oct 10 07:30:04 gerrit2003 systemd[1]: gerrit.service: Scheduled restart job, restart counter is at 19333.
Oct 10 07:30:13 gerrit2003 systemd[1]: gerrit.service: Scheduled restart job, restart counter is at 19334.

I tried to stop it manually, but of course Puppet bring it back up. That is causing alerts as the service goes up and down continuously. The service and its monitoring should be disabled until it s ready.

As a side track, I don't know what gerrit2003 is for. Is that a hardware refresh for gerrit2002?

LSobanski moved this task from Backlog to Work in Progress on the collaboration-services board.Oct 10 2024, 7:42 AM
gerritbot added a comment.Oct 10 2024, 7:46 AM

Change #1079206 had a related patch set uploaded (by Hashar; author: Hashar):

[operations/puppet@production] Disable gerrit monitoring on gerrit2003

https://gerrit.wikimedia.org/r/1079206

gerritbot added a comment.Oct 10 2024, 8:05 AM

Change #1079206 abandoned by Hashar:

[operations/puppet@production] Disable gerrit monitoring on gerrit2003

Reason:

Thank you for having set the downtime!

https://gerrit.wikimedia.org/r/1079206

gerritbot added a comment.Oct 10 2024, 8:42 PM

Change #1079206 restored by Dzahn:

[operations/puppet@production] Disable gerrit monitoring on gerrit2003

https://gerrit.wikimedia.org/r/1079206

gerritbot added a comment.Oct 10 2024, 8:43 PM

Change #1079206 merged by Dzahn:

[operations/puppet@production] Disable gerrit monitoring on gerrit2003

https://gerrit.wikimedia.org/r/1079206

gerritbot added a comment.Oct 10 2024, 9:02 PM

Change #1079358 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: set Hiera keys for nist_keys, nftables

https://gerrit.wikimedia.org/r/1079358

gerritbot added a comment.Oct 10 2024, 9:50 PM

Change #1079358 merged by Dzahn:

[operations/puppet@production] gerrit: set Hiera keys for nist_keys, nftables

https://gerrit.wikimedia.org/r/1079358

gerritbot added a comment.Oct 10 2024, 10:01 PM

Change #1079363 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit2003: move bind_serviceIP Hiera key host name level

https://gerrit.wikimedia.org/r/1079363

gerritbot added a comment.Oct 10 2024, 10:10 PM

Change #1079363 merged by Dzahn:

[operations/puppet@production] gerrit2003: move bind_service_ip Hiera key host name level

https://gerrit.wikimedia.org/r/1079363

gerritbot added a comment.Oct 10 2024, 10:17 PM

Change #1078752 merged by Dzahn:

[operations/puppet@production] gerrit: sync lfs data also to new machine

https://gerrit.wikimedia.org/r/1078752

gerritbot added a comment.Oct 15 2024, 9:03 PM

Change #1063893 merged by Dzahn:

[operations/puppet@production] site: apply gerrit role on gerrit2003

https://gerrit.wikimedia.org/r/1063893

gerritbot added a comment.Oct 15 2024, 9:15 PM

Change #1080379 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: remove Hiera keys on host gerrit2003 that are applied by role

https://gerrit.wikimedia.org/r/1080379

gerritbot added a comment.Oct 15 2024, 9:23 PM

Change #1080379 merged by Dzahn:

[operations/puppet@production] gerrit: remove Hiera keys on host gerrit2003 that are applied by role

https://gerrit.wikimedia.org/r/1080379

Dzahn changed the task status from In Progress to Stalled.Oct 17 2024, 5:42 PM

Basically done.

All that is missing is we haven't assigned a service IP to this machine.

In puppet it is just set to not bind a service IP and the service is masked.

But it could be enabled now whenever we like. Also lfs data is already synced from prod server.

To be determined how exactly we use it next.

One way would be to assign like "gerrit-replica-b" to it.

Another would be to fail-over to this machine as the new production gerrit (since it's newer hardware and also newer OS version!) and then make the previous prod server a replica.

gerritbot added a comment.Oct 21 2024, 5:23 PM

Change #1074488 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: delete temp gerrit setup role

https://gerrit.wikimedia.org/r/1074488

gerritbot added a comment.Oct 21 2024, 5:24 PM

Change #1074488 merged by Dzahn:

[operations/puppet@production] gerrit: delete temp gerrit setup role

https://gerrit.wikimedia.org/r/1074488

Dzahn changed the task status from Stalled to In Progress.Oct 21 2024, 5:26 PM
Dzahn closed this task as Resolved.Oct 21 2024, 5:34 PM
Dzahn added a subscriber: Jelto.

Discussed in today's team meeting. This server is up and running with the production role on it now, so the task to setup the service on this machine is considered done.

There is just no service name name attached to it and the gerrit service is masked. Monitoring is disabled.

How to use it will be determined in the upcoming work regarding Gerrit failover strategies.

But as has been pointed out by @Jelto the current Gerrit prod server is not that old either. The current replica is older.

It might make the most sense to turn this into a new replica, leave the current prod host as is and also keep using the current old replica, to have 3 Gerrit machines at the same time.

Dzahn added a comment.EditedOct 21 2024, 5:36 PM

LFS data syncing from the prod server is also already setup and happened via the puppetized timer:

root@gerrit2003:/srv/gerrit/data/lfs# du -hs .
31G
Dzahn mentioned this in T354688: Request a spare host for Collab services (Phorge, Gerrit, Contint).Oct 22 2024, 6:22 PM
Dzahn renamed this task from setup gerrit2003 with gerrit service to setup gerrit2003 with gerrit service (gerrit on bookworm).Oct 24 2024, 12:42 AM
Dzahn added a subtask: T338470: Rename gerrit2 unix user to gerrit and assign a fixed uid.
Dzahn added a subtask: T333143: Move Gerrit data out of root partition.
Dzahn added a comment.Oct 24 2024, 10:10 PM

https://gerrit.wikimedia.org/r/c/operations/puppet/+/1082846 in relation to T315942

gerritbot added a comment.Nov 6 2024, 8:35 PM

Change #1087967 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gerrit: add chown parameter to lfs data rsync, ensure daemon_user is used

https://gerrit.wikimedia.org/r/1087967

gerritbot added a comment.Nov 7 2024, 6:05 PM

Change #1087967 merged by Dzahn:

[operations/puppet@production] gerrit: add chown parameter to lfs data rsync, ensure daemon_user is used

https://gerrit.wikimedia.org/r/1087967

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits