Page MenuHomePhabricator
Create Task
Maniphest T391151

Ensure our automation can ban not-yet-existing hosts
Closed, ResolvedPublic
Actions

Description

As we migrate from Elastic -> OpenSearch, we need to ban the OpenSearch hosts before they exist. That's because primary shards hosted by OpenSearch nodes cannot replicate to Elasticsearch nodes. However, our current ban cookbook can't ban any nodes that aren't already in the cluster.

Creating this ticket to:

  • create automation that can ban hosts not already in the cluster
  • confirm operation

Related Objects
Search...

Event Timeline

bking created this task.Apr 4 2025, 8:37 PM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptApr 4 2025, 8:38 PM
bking updated the task description. (Show Details)Apr 4 2025, 9:00 PM
Gehel triaged this task as High priority.Apr 7 2025, 1:36 PM
Gehel moved this task from needs triage to Ops / SRE on the Discovery-Search board.
bking changed the task status from Open to In Progress.Apr 7 2025, 2:01 PM
bking claimed this task.
bking mentioned this in T388610: Migrate production Elastic clusters to Opensearch.
Stashbot added a comment.Apr 7 2025, 4:08 PM

Mentioned in SAL (#wikimedia-operations) [2025-04-07T16:08:19Z] <bking@cumin2002> START - Cookbook sre.elasticsearch.ban Banning hosts: relforge1004* for test ban syntax - bking@cumin2002 - T391151

Stashbot added a comment.Apr 7 2025, 4:08 PM

Mentioned in SAL (#wikimedia-operations) [2025-04-07T16:08:22Z] <bking@cumin2002> END (PASS) - Cookbook sre.elasticsearch.ban (exit_code=0) Banning hosts: relforge1004* for test ban syntax - bking@cumin2002 - T391151

Stashbot added a comment.Apr 7 2025, 4:30 PM

Mentioned in SAL (#wikimedia-operations) [2025-04-07T16:30:10Z] <bking@cumin2002> START - Cookbook sre.elasticsearch.ban Banning hosts: relforge1003* for test ban syntax - bking@cumin2002 - T391151

Stashbot added a comment.Apr 7 2025, 4:30 PM

Mentioned in SAL (#wikimedia-operations) [2025-04-07T16:30:12Z] <bking@cumin2002> END (PASS) - Cookbook sre.elasticsearch.ban (exit_code=0) Banning hosts: relforge1003* for test ban syntax - bking@cumin2002 - T391151

bking added a comment.Apr 7 2025, 10:32 PM

I've written a playbook that can do the banning/unbanning.

We'll need to rewrite the ban cookbook at some point. That will involve a refactor of the elasticsearch.py library in Spicerack, as that code relies completely on information from the Elastic API and that won't work for this use case.

Gehel edited projects, added Data-Platform-SRE (2025.04.12 - 2025.05.02); removed Data-Platform-SRE (2025.03.22 - 2025.04.11).Apr 11 2025, 1:14 PM
bking renamed this task from Ensure ban.py cookbook can ban not-yet-existing hosts to Ensure our automation can ban not-yet-existing hosts.Apr 15 2025, 7:11 PM
bking updated the task description. (Show Details)
bking closed this task as Resolved.Apr 15 2025, 7:14 PM
bking moved this task from Backlog - project to Done on the Data-Platform-SRE (2025.04.12 - 2025.05.02) board.

Since we have a good-enough solution at the moment, I'm going to close this out. Long-term, we need to change our approach as the current Spicerack code is causing problems, and not just for us . I'll create a separate ticket for that issue. Closing...

bking mentioned this in T392015: Refactor/replace Search Platform-owned Elastic/OpenSearch cookbooks.Apr 15 2025, 7:24 PM
bking mentioned this in T383811: Ensure Search Platform-owned Elasticsearch cookbooks can handle Opensearch.Apr 15 2025, 8:37 PM
Gehel moved this task from Done to Reported on the Data-Platform-SRE (2025.04.12 - 2025.05.02) board.Apr 17 2025, 3:52 PM
Gehel edited projects, added Discovery-Search (2025.05.02 - 2025.05.23); removed Discovery-Search.May 16 2025, 12:18 PM
Gehel moved this task from Incoming to Reported on the Discovery-Search (2025.05.02 - 2025.05.23) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits