Page MenuHomePhabricator
Create Task
Maniphest T384595

Upgrade Collab hosts to Bookworm
Open, MediumPublic
Actions

Description

To be upgraded:

Upgraded:

  • etherpad2002
  • etherpad1004
  • gerrit2003
  • lists1004
  • lists2001
  • people2003
  • people1004
  • phab1005
  • planet2003
  • planet1003
  • stewards2001
  • stewards1001
  • vrts2002
  • vrts1003

Pending deprecation, won't be upgraded

Details

Related Changes in Gerrit:
Show related patches Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
Bump CI image to bookworm (followup)repos/releng/gitlab-trusted-runner!128dancymain-I8148ef92cba017f8657b83dd62042e5ad7c93281main
Bump CI image to bookwormrepos/releng/gitlab-trusted-runner!127dancymain-I921bcef9c2899e171874f63da63909aa84493821main
Bump CI image to bookwormrepos/releng/gitlab-trusted-runner!126dancymain-I921bcef9c2899e171874f63da63909aa84493821main
Draft: bump CI image to bookwormrepos/releng/gitlab-trusted-runner!125jeltoci-bookwormmain
Customize query in GitLab

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT407557 OpenSSH 10.1+ warns that Wikimedia SSH does not use post-quantum key exchange algorithm
 OpenNoneT407844 Gerrit ssh daemon does not offer post-quantum kex leading to a warning with OpenSSH 10
 OpenNoneT387831 Standardize failover procedures for Collab services
 ResolvedNoneT393239 ProbeDown
 OpenNoneT392448 Upgrade to Gerrit 3.12
 OpenNoneT379714 Upgrade to Gerrit 3.11
 OpenNoneT392465 Switch Gerrit from Java 17 to Java 21
 OpenNoneT384595 Upgrade Collab hosts to Bookworm
 ResolvedDzahnT385777 moscovium and RT sunset
 ResolvedjcrespoT385901 mysqldump of RT database
 DuplicateMarosteguiT388432 Drop RT database from m1
ResolvedDzahnT336320 scrape RT ticket HTML files
 ResolvedMarosteguiT388437 drop RT database and mysql grants
 ResolvedDzahnT392127 upgrade releases hosts to bookworm
 ResolvedDzahnT391590 PuppetFailure - releases2003
 ResolvedDzahnT410422 SystemdUnitFailed - rsync-srv-org-wikimedia-releases
 ResolvedArnoldokothT392128 upgrade aphlict hosts to bookworm
 ResolvedDzahnT392480 PuppetDisabled (aphlict2001)
 ResolvedArnoldokothT392130 upgrade doc hosts to bookworm
 ResolvedArnoldokothT395275 SystemdUnitFailed - doc1003 - rsync-doc-host-data-sync
 OpenNoneT392464 Upgrade Gerrit hosts from Bullseye to Bookworm
 In ProgressABran-WMFT387833 Gerrit switchover process
 OpenNoneT388507 Investigate missing commit from old changes
 ResolvedABran-WMFT260666 Create a cookbook to automate gerrit's switchover
 ResolvedABran-WMFT393050 ProbeDown
 ResolvedMatthewVernonT392186 Grant Gerrit admin to arnaudb
 ResolvedLSobanskiT393034 Investigate out of date refs following gerrit switchover
 ResolvedABran-WMFT395440 Gerrit read-only plugin test
 OpenABran-WMFT406334 Gerrit switchover between secondary instances
 ResolvedLSobanskiT406482 SystemdUnitFailed (jenkins.service on contint1002)
 ResolvedhasharT406762 gerrit2003 is trying to backup incrementally 3.5 million files every hour, clogging backus and filling in available disk space
 ResolvedABran-WMFT411583 Gerrit backups are growing
 ResolvedhasharT406856 Reduce size of analytics/superset/deploy.git Gerrit repo
Restricted Task
 OpenABran-WMFT412779 Gerrit failover process
 ResolvedDzahnT372804 setup gerrit2003 with gerrit service (gerrit on bookworm)
 In ProgressABran-WMFT338470 Rename gerrit2 unix user to gerrit and assign a fixed uid
 ResolvedDzahnT379213 PuppetFailure - gerrit2003
 OpenNoneT333143 Move Gerrit data out of root partition
 ResolvedMarosteguiT388785 SSH on gerrit2003 is CRITICAL: CRITICAL
 ResolvedDzahnT374899 PuppetFailure - gerrit2003
 OpenNoneT257317 scap deploy --init on deployment server fails on first puppet run
 ResolvedJeltoT398628 Upgrade WMCS Shared GitLab Runners to bookworm
 ResolvedJeltoT399306 upgrade gitlab hosts to bookworm
 OpenNoneT399714 GitLab partman config is unreliable
 ResolvedABran-WMFT400121 Gitlab-replica switchover (gitlab1004 → gitlab1003)
 ResolvedJeltoT400252 Gitlab switchover (gitlab2002 → gitlab1004)
 ResolvedNoneT400663 SystemdUnitFailed (config-backup.service on gitlab2002)
 ResolvedJeltoT400695 Remove home_page_url from gitlab-settings
 ResolvedJeltoT400789 PuppetFailure (releases hosts)
 ResolvedJeltoT400816 SystemdUnitFailed (prometheus-nft-throttling-denylist)
 ResolvedABran-WMFT400971 Troubleshoot GitLab nftables throttling after switchover
 ResolvedBUG REPORTJeltoT401535 Uploading artifacts does not work anymore
Restricted Task
 ResolvedDzahnT402847 ProbeDown - gerrit1003
 ResolvedABran-WMFT403347 ProbeDown
 ResolvedABran-WMFT403963 ProbeDown - http_gerrit_tls_ip4 gerrit2003
 ResolvedABran-WMFT404070 ProbeDown - http_gerrit_tls_ip4 gerrit2003.
 ResolvedDzahnT401191 SystemdUnitFailed - wmf_auto_restart_ssh-gitlab.service on gitlab2002
 ResolvedJeltoT401261 SystemdUnitFailed (rsync-data-backup-gitlab2002)

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Apr 15 2025, 4:50 PM

Change #1136765 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] jenkins: ensure systemd service dir exists before override

https://gerrit.wikimedia.org/r/1136765

gerritbot added a comment.Apr 15 2025, 6:28 PM

Change #1135994 abandoned by Dzahn:

[operations/puppet@production] jenkins: fix puppet error, systemd override requires systemd service

Reason:

continue at https://gerrit.wikimedia.org/r/c/operations/puppet/+/1136765

https://gerrit.wikimedia.org/r/1135994

gerritbot added a comment.Apr 15 2025, 11:12 PM

Change #1136765 merged by Dzahn:

[operations/puppet@production] jenkins: ensure systemd service dir exists before override

https://gerrit.wikimedia.org/r/1136765

Dzahn added a subtask: T391590: PuppetFailure - releases2003.Apr 15 2025, 11:26 PM
Dzahn closed subtask T391590: PuppetFailure - releases2003 as Resolved.
ops-monitoring-bot added a comment.Apr 16 2025, 11:51 AM

Icinga downtime and Alertmanager silence (ID=fd8d0c80-cd7d-469a-8105-f184bc41f4f2) set by aokoth@cumin1002 for 2 days, 0:00:00 on 1 host(s) and their services with reason: Bookworm Re-image

aphlict2001.codfw.wmnet
ops-monitoring-bot added a comment.Apr 16 2025, 11:52 AM

Cookbook cookbooks.sre.hosts.reimage was started by aokoth@cumin1002 for host aphlict2001.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.Apr 16 2025, 12:37 PM

Cookbook cookbooks.sre.hosts.reimage started by aokoth@cumin1002 for host aphlict2001.codfw.wmnet with OS bookworm completed:

  • aphlict2001 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202504161211_aokoth_152128_aphlict2001.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Dzahn removed a subtask: T391590: PuppetFailure - releases2003.Apr 16 2025, 5:03 PM
Dzahn added a comment.Apr 16 2025, 5:12 PM

miscweb2003/miscweb1003 can probably be removed from the list since we are not planning to keep running them (soonish).

Arnoldokoth updated the task description. (Show Details)Apr 16 2025, 5:13 PM
LSobanski raised the priority of this task from Low to Medium.Apr 17 2025, 10:47 AM
Dzahn closed subtask T385777: moscovium and RT sunset as Resolved.Apr 18 2025, 9:36 PM
MoritzMuehlenhoff updated the task description. (Show Details)Apr 23 2025, 9:22 AM
MoritzMuehlenhoff added a subtask: T392464: Upgrade Gerrit hosts from Bullseye to Bookworm.
ops-monitoring-bot added a comment.Apr 23 2025, 8:45 PM

Icinga downtime and Alertmanager silence (ID=89d0151d-5211-42af-a90d-110fc29b52da) set by aokoth@cumin1002 for 2 days, 0:00:00 on 1 host(s) and their services with reason: Bookworm Re-image

aphlict2001.codfw.wmnet
Dzahn added a subtask: T372804: setup gerrit2003 with gerrit service (gerrit on bookworm).Apr 24 2025, 12:32 AM
ops-monitoring-bot added a comment.Apr 28 2025, 6:30 PM

Icinga downtime and Alertmanager silence (ID=af8c7478-bbf4-41a4-acbf-2af5fb14ee0e) set by aokoth@cumin1002 for 1 day, 0:00:00 on 1 host(s) and their services with reason: Bookworm Reboot

aphlict2001.codfw.wmnet
Arnoldokoth updated the task description. (Show Details)Apr 29 2025, 7:45 PM
Arnoldokoth closed subtask T392128: upgrade aphlict hosts to bookworm as Resolved.May 7 2025, 6:26 PM
ops-monitoring-bot added a comment.May 20 2025, 6:52 PM

Cookbook cookbooks.sre.hosts.reimage was started by aokoth@cumin1002 for host doc1004.eqiad.wmnet with OS bookworm

ops-monitoring-bot added a comment.May 20 2025, 7:20 PM

Cookbook cookbooks.sre.hosts.reimage started by aokoth@cumin1002 for host doc1004.eqiad.wmnet with OS bookworm completed:

  • doc1004 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202505201905_aokoth_3979640_doc1004.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.May 20 2025, 8:01 PM

Cookbook cookbooks.sre.hosts.reimage was started by dzahn@cumin1002 for host zuul2002.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.May 20 2025, 8:37 PM

Cookbook cookbooks.sre.hosts.reimage started by dzahn@cumin1002 for host zuul2002.codfw.wmnet with OS bookworm completed:

  • zuul2002 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202505202021_dzahn_3988586_zuul2002.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.May 20 2025, 9:21 PM

Cookbook cookbooks.sre.hosts.reimage was started by dzahn@cumin1002 for host zuul2003.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.May 20 2025, 9:58 PM

Cookbook cookbooks.sre.hosts.reimage started by dzahn@cumin1002 for host zuul2003.codfw.wmnet with OS bookworm completed:

  • zuul2003 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202505202141_dzahn_4003773_zuul2003.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
LSobanski updated the task description. (Show Details)Jun 2 2025, 3:19 PM
LSobanski updated the task description. (Show Details)Jun 2 2025, 3:21 PM
LSobanski updated the task description. (Show Details)Jun 2 2025, 3:27 PM
ops-monitoring-bot added a comment.Jun 3 2025, 8:30 AM

Cookbook cookbooks.sre.hosts.reimage was started by jelto@cumin1002 for host gitlab-runner1002.eqiad.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jun 3 2025, 9:43 AM

Cookbook cookbooks.sre.hosts.reimage started by jelto@cumin1002 for host gitlab-runner1002.eqiad.wmnet with OS bookworm completed:

  • gitlab-runner1002 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Checked BIOS boot parameters are back to normal
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202506030925_jelto_3346180_gitlab-runner1002.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Jelto updated the task description. (Show Details)Jun 3 2025, 9:52 AM
Jelto subscribed.Jun 3 2025, 9:54 AM

I reimaged gitlab-runner1002 to bookworm. So far the runner looks good and healthy. But I'll monitor the jobs and metrics.

I'll also replace the devtools test-runners with bookworm VMs and one of the VMs in gitlab-runner WMCS project (runner-1021).

hashar reopened subtask T372804: setup gerrit2003 with gerrit service (gerrit on bookworm) as Open.Jun 3 2025, 3:04 PM
LSobanski updated the task description. (Show Details)Jun 3 2025, 3:11 PM
bd808 updated the task description. (Show Details)Jun 3 2025, 9:00 PM
LSobanski updated the task description. (Show Details)Jun 4 2025, 5:30 AM
ops-monitoring-bot added a comment.Jun 16 2025, 8:44 AM

Cookbook cookbooks.sre.hosts.reimage was started by jelto@cumin1002 for host gitlab-runner1003.eqiad.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jun 16 2025, 9:23 AM

Cookbook cookbooks.sre.hosts.reimage started by jelto@cumin1002 for host gitlab-runner1003.eqiad.wmnet with OS bookworm completed:

  • gitlab-runner1003 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Checked BIOS boot parameters are back to normal
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202506160904_jelto_2258786_gitlab-runner1003.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Jelto updated the task description. (Show Details)Jun 16 2025, 9:24 AM
ops-monitoring-bot added a comment.Jun 16 2025, 11:37 AM

Cookbook cookbooks.sre.hosts.reimage was started by jelto@cumin1002 for host gitlab-runner1004.eqiad.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jun 16 2025, 12:15 PM

Cookbook cookbooks.sre.hosts.reimage started by jelto@cumin1002 for host gitlab-runner1004.eqiad.wmnet with OS bookworm completed:

  • gitlab-runner1004 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Checked BIOS boot parameters are back to normal
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202506161157_jelto_2430088_gitlab-runner1004.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Jelto updated the task description. (Show Details)Jun 16 2025, 12:15 PM
ops-monitoring-bot added a comment.Jun 16 2025, 1:24 PM

Cookbook cookbooks.sre.hosts.reimage was started by jelto@cumin1002 for host gitlab-runner2002.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jun 16 2025, 2:05 PM

Cookbook cookbooks.sre.hosts.reimage started by jelto@cumin1002 for host gitlab-runner2002.codfw.wmnet with OS bookworm completed:

  • gitlab-runner2002 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Checked BIOS boot parameters are back to normal
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202506161345_jelto_2542161_gitlab-runner2002.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Jelto updated the task description. (Show Details)Jun 16 2025, 2:10 PM
ops-monitoring-bot added a comment.Jun 17 2025, 7:26 AM

Cookbook cookbooks.sre.hosts.reimage was started by jelto@cumin1002 for host gitlab-runner2003.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jun 17 2025, 8:07 AM

Cookbook cookbooks.sre.hosts.reimage started by jelto@cumin1002 for host gitlab-runner2003.codfw.wmnet with OS bookworm completed:

  • gitlab-runner2003 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Checked BIOS boot parameters are back to normal
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202506170748_jelto_3201448_gitlab-runner2003.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Jelto updated the task description. (Show Details)Jun 17 2025, 8:07 AM
ops-monitoring-bot added a comment.Jun 17 2025, 8:09 AM

Cookbook cookbooks.sre.hosts.reimage was started by jelto@cumin1002 for host gitlab-runner2004.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jun 17 2025, 8:52 AM

Cookbook cookbooks.sre.hosts.reimage started by jelto@cumin1002 for host gitlab-runner2004.codfw.wmnet with OS bookworm completed:

  • gitlab-runner2004 (PASS)
    • Downtimed on Icinga/Alertmanager
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via IPMI
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Checked BIOS boot parameters are back to normal
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • Removed previous downtime on Alertmanager (old OS)
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202506170833_jelto_3209289_gitlab-runner2004.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
Jelto updated the task description. (Show Details)Jun 17 2025, 8:54 AM

All Trusted GitLab runners were upgraded to bookworm.

gerritbot added a comment.Jun 17 2025, 12:17 PM

Change #1160119 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] gitlab-runner: upgrade default image to bookworm

https://gerrit.wikimedia.org/r/1160119

gerritbot added a comment.Jun 17 2025, 12:17 PM

Change #1160120 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] gitlab-runner: upgrade default image to bookworm on Trusted Runners

https://gerrit.wikimedia.org/r/1160120

Dzahn added a comment.Jun 17 2025, 4:02 PM

doc2002 and doc1003 are already replaced with doc2003 and doc1004 by @Arnoldokoth

So they just need decom at this point.

gerritbot added a comment.Jun 18 2025, 12:08 PM

Change #1160119 merged by Jelto:

[operations/puppet@production] gitlab-runner: upgrade default image to bookworm

https://gerrit.wikimedia.org/r/1160119

Dzahn added a comment.Jun 18 2025, 4:18 PM

In T377889 we now managed to deploy phabricator with scap now..and installed PHP 8.

This let's us confirm if Phabricator works on bookworm and with PHP8.. which should unblock the upgrades of the phab hosts here.

gerritbot added a comment.Jun 19 2025, 7:42 AM

Change #1160120 merged by Jelto:

[operations/puppet@production] gitlab-runner: upgrade default image to bookworm on Trusted Runners

https://gerrit.wikimedia.org/r/1160120

gerritbot added a comment.Jun 26 2025, 2:02 PM

Change #1164222 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] devtools: update hiera config for new bookworm hosts

https://gerrit.wikimedia.org/r/1164222

gerritbot added a comment.Jun 26 2025, 2:06 PM

Change #1164222 merged by Jelto:

[operations/puppet@production] devtools: update hiera config for new bookworm hosts

https://gerrit.wikimedia.org/r/1164222

Jelto added a comment.Jun 27 2025, 7:22 AM

All devtools runners were upgraded to bookworm. I also updated one of the WMCS shared runners runner-1031.gitlab-runners.eqiad1.wikimedia.cloud to bookwom. I'll covert the others next week. Meanwhile I also updated the documentation for adding new WMCS runners.

The new WMCS runners also have a new flavor with a second 90GB disk, which should give /var/lib/docker a bit more space.

Scott_French mentioned this in T378128: Upgrade httpd images to bullseye or bookworm.Jun 30 2025, 2:22 PM
Arnoldokoth closed subtask T392130: upgrade doc hosts to bookworm as Resolved.Jul 1 2025, 8:34 AM
Jelto mentioned this in T398628: Upgrade WMCS Shared GitLab Runners to bookworm.Jul 3 2025, 1:28 PM
Jelto closed subtask T398628: Upgrade WMCS Shared GitLab Runners to bookworm as Resolved.Jul 7 2025, 1:49 PM
Dzahn updated the task description. (Show Details)Jul 8 2025, 10:16 PM
Dzahn updated the task description. (Show Details)

doc hosts checked off the list, linked to resolved ticket for them

gerritbot added a comment.Jul 10 2025, 2:15 PM

Change #1167871 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] aptrepo: add gitlab package for bookworm

https://gerrit.wikimedia.org/r/1167871

gerritbot added a comment.Jul 10 2025, 6:00 PM

Change #1167871 merged by Dzahn:

[operations/puppet@production] aptrepo: add gitlab package for bookworm

https://gerrit.wikimedia.org/r/1167871

Jelto added a comment.Jul 11 2025, 1:15 PM

gitlab-ce is available for bookworm now:

jelto@apt1002:~$ sudo -i reprepro lsbycomponent gitlab-ce
gitlab-ce | 18.0.4-ce.0 | bullseye-wikimedia | thirdparty/gitlab-bullseye | amd64
gitlab-ce | 18.0.4-ce.0 | bookworm-wikimedia | thirdparty/gitlab-bookworm | amd64

For the next steps of the upgrade I'll add a subtask (the upgrade also involves a switchover between the GitLab hosts).

Jelto updated the task description. (Show Details)Jul 14 2025, 9:47 AM
Jelto updated the task description. (Show Details)Jul 15 2025, 11:47 AM
Jelto updated the task description. (Show Details)Jul 18 2025, 7:31 AM
CodeReviewBot added a comment.Jul 30 2025, 12:42 PM

jelto opened https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/125

bump CI image to bookworm

CodeReviewBot added a comment.Jul 30 2025, 4:02 PM

dancy opened https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/126

Bump CI image to bookworm

CodeReviewBot added a comment.Jul 30 2025, 4:05 PM

dancy merged https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/126

Bump CI image to bookworm

CodeReviewBot added a comment.Jul 30 2025, 4:15 PM

dancy opened https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/127

Bump CI image to bookworm

CodeReviewBot added a comment.Jul 30 2025, 4:16 PM

dancy closed https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/127

Bump CI image to bookworm

CodeReviewBot added a comment.Jul 30 2025, 4:16 PM

dancy opened https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/128

Bump CI image to bookworm (followup)

CodeReviewBot added a comment.Jul 30 2025, 5:26 PM

dancy merged https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/128

Bump CI image to bookworm (followup)

CodeReviewBot added a comment.Jul 30 2025, 5:26 PM

dancy closed https://gitlab.wikimedia.org/repos/releng/gitlab-trusted-runner/-/merge_requests/125

Draft: bump CI image to bookworm

Jelto updated the task description. (Show Details)Aug 5 2025, 2:03 PM
Jelto closed subtask T399306: upgrade gitlab hosts to bookworm as Resolved.Aug 6 2025, 7:19 AM
Dzahn updated the task description. (Show Details)Aug 12 2025, 10:33 PM
Dzahn updated the task description. (Show Details)
Dzahn changed the status of subtask T372804: setup gerrit2003 with gerrit service (gerrit on bookworm) from Open to In Progress.Sep 26 2025, 4:00 PM
Dzahn changed the status of subtask T392127: upgrade releases hosts to bookworm from Open to In Progress.Nov 13 2025, 9:07 PM
Dzahn closed subtask T392127: upgrade releases hosts to bookworm as Resolved.Wed, Nov 19, 8:06 PM
Dzahn updated the task description. (Show Details)
Dzahn closed subtask T372804: setup gerrit2003 with gerrit service (gerrit on bookworm) as Resolved.Thu, Dec 4, 11:23 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits