Page MenuHomePhabricator
Create Task
Maniphest T387294

Migrate docker-registry LB VIPs to IPIP encapsulation
Closed, ResolvedPublic
Actions

Description

As part of the ongoing efforts to replace pybal with liberica we need to switch docker-registry load balancer service to IPIP encapsulation and mh-port scheduler.

Migration to IPIP can be performed per DC and the scheduler update will happen on both DCs simultaneously

You can use the swift/swift-https commits as an example. The whole process can be orchestrated using the sre.loadbalancer.migrate-service-ipip cookbook:

$ sudo -i cookbook sre.loadbalancer.migrate-service-ipip --help
usage: cookbook [GLOBAL_ARGS] sre.loadbalancer.migrate-service-ipip [-h] --dc {eqiad,codfw} --role ROLE services [services ...]

Migrate existing LVS services to IPIP

    Performed steps:
    1. Asks the user to perform the required hiera changes
    2. Runs puppet on LVS and realservers
    3. Validates that realservers are able to handle incoming IPIP traffic
    4. Restarts pybal on affected loadbalancers

    Usage:
        cookbook sre.loadbalancer.migrate-service-ipip --dc codfw --role swift::proxy swift swift-https
    

positional arguments:
  services            Service(s) to be migrated

optional arguments:
  -h, --help          show this help message and exit
  --dc {eqiad,codfw}  Target datacenter. One of eqiad, codfw. (default: None)
  --role ROLE         Puppet role used by the realservers (default: None)

Cookbook owner team: Traffic

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
hiera,docker_registry_ha: Enable IPIP on docker-registry@codfwoperations/puppetproduction+3 -2
hiera,docker_registry_ha: Enable IPIP on docker-registry@eqiadoperations/puppetproduction+8 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Maintenance_bot created this task.Feb 26 2025, 11:30 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 26 2025, 11:30 AM
Maintenance_bot updated the task description. (Show Details)Feb 26 2025, 11:49 AM
Vgutierrez mentioned this in T373020: Remove katran blockers for low-traffic non-k8s based services.Feb 26 2025, 2:54 PM
gerritbot added a comment.Feb 27 2025, 5:01 PM

Change #1123413 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera,docker_registry_ha: Enable IPIP on docker-registry@codfw

https://gerrit.wikimedia.org/r/1123413

gerritbot added a project: Patch-For-Review.Feb 27 2025, 5:01 PM

Change #1123414 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera,docker_registry_ha: Enable IPIP on docker-registry@eqiad

https://gerrit.wikimedia.org/r/1123414

gerritbot added a comment.Mar 3 2025, 9:05 AM

Change #1123413 merged by Vgutierrez:

[operations/puppet@production] hiera,docker_registry_ha: Enable IPIP on docker-registry@eqiad

https://gerrit.wikimedia.org/r/1123413

gerritbot added a comment.Mar 3 2025, 9:38 AM

Change #1123414 merged by Vgutierrez:

[operations/puppet@production] hiera,docker_registry_ha: Enable IPIP on docker-registry@codfw

https://gerrit.wikimedia.org/r/1123414

Vgutierrez closed this task as Resolved.Mar 3 2025, 9:47 AM
Vgutierrez claimed this task.
Maintenance_bot removed a project: Patch-For-Review.Mar 3 2025, 10:30 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits