Page MenuHomePhabricator
Create Task
Maniphest T387302

Migrate prometheus LB VIPs to IPIP encapsulation
Closed, ResolvedPublic
Actions

Description

As part of the ongoing efforts to replace pybal with liberica we need to switch prometheus load balancer service to IPIP encapsulation and mh-port scheduler.

Migration to IPIP can be performed per DC and the scheduler update will happen on both DCs simultaneously

You can use the swift/swift-https commits as an example. The whole process can be orchestrated using the sre.loadbalancer.migrate-service-ipip cookbook:

$ sudo -i cookbook sre.loadbalancer.migrate-service-ipip --help
usage: cookbook [GLOBAL_ARGS] sre.loadbalancer.migrate-service-ipip [-h] --dc {eqiad,codfw} --role ROLE services [services ...]

Migrate existing LVS services to IPIP

    Performed steps:
    1. Asks the user to perform the required hiera changes
    2. Runs puppet on LVS and realservers
    3. Validates that realservers are able to handle incoming IPIP traffic
    4. Restarts pybal on affected loadbalancers

    Usage:
        cookbook sre.loadbalancer.migrate-service-ipip --dc codfw --role swift::proxy swift swift-https
    

positional arguments:
  services            Service(s) to be migrated

optional arguments:
  -h, --help          show this help message and exit
  --dc {eqiad,codfw}  Target datacenter. One of eqiad, codfw. (default: None)
  --role ROLE         Puppet role used by the realservers (default: None)

Cookbook owner team: Traffic

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
hiera,prometheus: Enable IPIP on prometheus(-https)?@eqiadoperations/puppetproduction+5 -3
hiera,prometheus: Enable IPIP on prometheus(-https)?@codfwoperations/puppetproduction+11 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Maintenance_bot created this task.Feb 26 2025, 11:30 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 26 2025, 11:30 AM
Maintenance_bot updated the task description. (Show Details)Feb 26 2025, 11:50 AM
Vgutierrez mentioned this in T373020: Remove katran blockers for low-traffic non-k8s based services.Feb 26 2025, 2:54 PM
lmata moved this task from Inbox to Radar on the observability board.Feb 26 2025, 3:10 PM
gerritbot added a comment.Feb 27 2025, 2:04 PM

Change #1123379 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera,prometheus: Enable IPIP on prometheus(-https)?@codfw

https://gerrit.wikimedia.org/r/1123379

gerritbot added a project: Patch-For-Review.Feb 27 2025, 2:04 PM

Change #1123380 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera,prometheus: Enable IPIP on prometheus(-https)?@eqiad

https://gerrit.wikimedia.org/r/1123380

gerritbot added a comment.Feb 27 2025, 2:20 PM

Change #1123379 merged by Vgutierrez:

[operations/puppet@production] hiera,prometheus: Enable IPIP on prometheus(-https)?@codfw

https://gerrit.wikimedia.org/r/1123379

Stashbot added a comment.Feb 27 2025, 3:13 PM

Mentioned in SAL (#wikimedia-operations) [2025-02-27T15:13:36Z] <vgutierrez@cumin1002> START - Cookbook sre.loadbalancer.restart-pybal rolling-restart of pybal on P{lvs2013.*,lvs2014.*} and A:lvs (T387302)

Stashbot added a comment.Feb 27 2025, 3:15 PM

Mentioned in SAL (#wikimedia-operations) [2025-02-27T15:14:59Z] <vgutierrez@cumin1002> END (PASS) - Cookbook sre.loadbalancer.restart-pybal (exit_code=0) rolling-restart of pybal on P{lvs2013.*,lvs2014.*} and A:lvs (T387302)

gerritbot added a comment.Feb 27 2025, 3:18 PM

Change #1123380 merged by Vgutierrez:

[operations/puppet@production] hiera,prometheus: Enable IPIP on prometheus(-https)?@eqiad

https://gerrit.wikimedia.org/r/1123380

Maintenance_bot removed a project: Patch-For-Review.Feb 27 2025, 3:30 PM
Vgutierrez closed this task as Resolved.Feb 27 2025, 4:02 PM
Vgutierrez claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits