Page MenuHomePhabricator
Create Task
Maniphest T397293

Create dse-k8s-etcd cluster in codfw
Closed, ResolvedPublic
Actions

Description

We are building a dse-k8s-codfw Kubernetes cluster, so we will need an etcd cluster for it.

This will comprise three Ganeti VMs, just like the cluster in eqiad.

Follow the guidelines here: https://wikitech.wikimedia.org/wiki/Kubernetes/Clusters/New#etcd

Note that DRBD should be disabled on the VMs

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
dse-k8s: disable dse-k8s-codfw bootstrapoperations/puppetproduction+0 -3
dse-k8s: bootstrap dse-k8s-codfw clusteroperations/puppetproduction+0 -2
dse-k8s: Add dse-k8s-codfw etcd cluster configurationoperations/puppetproduction+1 -0
dse-k8s: Add dse-k8s-codfw k8s configurationoperations/puppetproduction+38 -0
Add dse-k8s-codfw site definitionoperations/puppetproduction+1 -0
dse-k8s: deploy etcd serviceoperations/puppetproduction+1 -1
dns: Add a VIP for dse-k8s-ctrl.svc.codfw.wmnetoperations/dnsmaster+2 -2
dse-k8s: bootstrap dse-k8s-codfw clusteroperations/puppetproduction+3 -0
dns: Add dse-k8s codfw SRV recordsoperations/dnsmaster+8 -0
Add the new dse-k8s hosts to site.pp so that we can create the VMsoperations/puppetproduction+12 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

BTullis created this task.Jun 18 2025, 9:54 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 18 2025, 9:54 AM
BTullis moved this task from Backlog - project to Backlog - operations on the Data-Platform-SRE (2025.06.13 - 2025.07.04) board.Jun 18 2025, 9:55 AM
BTullis mentioned this in T397301: Bootstrap the dse-k8s-codfw cluster.Jun 18 2025, 10:18 AM
Stevemunene claimed this task.Jun 24 2025, 9:24 AM
BTullis edited projects, added Data-Platform-SRE (2025.07.05 - 2025.07.25); removed Data-Platform-SRE (2025.06.13 - 2025.07.04).Jul 4 2025, 3:59 PM
BTullis moved this task from Backlog - project to In Progress on the Data-Platform-SRE (2025.07.05 - 2025.07.25) board.Jul 4 2025, 4:20 PM
MoritzMuehlenhoff subscribed.Jul 8 2025, 10:32 AM

Please use A, B and D for the new nodes. I recently added a feature to the sre.ganeti.makevm cookbook to directly request plain storage by passing "--storage_type plain", previously it was always usinng DRBD and then the disk type had to be changed retroactively.

gerritbot added a comment.Jul 8 2025, 12:33 PM

Change #1167209 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Add the new dse-k8s hosts to site.pp so that we can create the VMs

https://gerrit.wikimedia.org/r/1167209

gerritbot added a project: Patch-For-Review.Jul 8 2025, 12:33 PM
gerritbot added a comment.Jul 8 2025, 12:37 PM

Change #1167209 merged by Btullis:

[operations/puppet@production] Add the new dse-k8s hosts to site.pp so that we can create the VMs

https://gerrit.wikimedia.org/r/1167209

ops-monitoring-bot added a comment.Jul 8 2025, 1:14 PM

Cookbook cookbooks.sre.hosts.reimage was started by btullis@cumin1003 for host dse-k8s-etcd2001.codfw.wmnet with OS bookworm

Maintenance_bot removed a project: Patch-For-Review.Jul 8 2025, 1:30 PM
ops-monitoring-bot added a comment.Jul 8 2025, 2:39 PM

Cookbook cookbooks.sre.hosts.reimage started by btullis@cumin1003 for host dse-k8s-etcd2001.codfw.wmnet with OS bookworm completed:

  • dse-k8s-etcd2001 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202507081421_btullis_816983_dse-k8s-etcd2001.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Jul 8 2025, 2:52 PM

Cookbook cookbooks.sre.hosts.reimage was started by btullis@cumin1003 for host dse-k8s-etcd2003.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jul 8 2025, 3:12 PM

Cookbook cookbooks.sre.hosts.reimage was started by btullis@cumin1003 for host dse-k8s-etcd2002.codfw.wmnet with OS bookworm

ops-monitoring-bot added a comment.Jul 8 2025, 3:38 PM

Cookbook cookbooks.sre.hosts.reimage started by btullis@cumin1003 for host dse-k8s-etcd2003.codfw.wmnet with OS bookworm completed:

  • dse-k8s-etcd2003 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202507081521_btullis_836567_dse-k8s-etcd2003.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Jul 8 2025, 3:48 PM

Cookbook cookbooks.sre.hosts.reimage started by btullis@cumin1003 for host dse-k8s-etcd2002.codfw.wmnet with OS bookworm completed:

  • dse-k8s-etcd2002 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202507081531_btullis_834139_dse-k8s-etcd2002.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
BTullis added a comment.Jul 17 2025, 12:26 PM

@Stevemunene - You'll see that I provisioned these three VMs for you, to save a bit of time. I was able to use the --storage_type plain option when creating them, so they are ready to go.
I think that you can follow these guidelines to make the cluster itself. https://wikitech.wikimedia.org/wiki/Etcd and with reference to https://github.com/wikimedia/operations-puppet/blob/production/hieradata/role/common/etcd/v3/dse_k8s_etcd.yaml

BTullis triaged this task as High priority.Jul 17 2025, 12:56 PM
gerritbot added a comment.Jul 17 2025, 2:44 PM

Change #1170364 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/dns@master] dns: Add dse-k8s codfw urls

https://gerrit.wikimedia.org/r/1170364

gerritbot added a project: Patch-For-Review.Jul 17 2025, 2:44 PM
Stevemunene added a comment.Jul 18 2025, 6:03 AM
In T397293#11013033, @BTullis wrote:

@Stevemunene - You'll see that I provisioned these three VMs for you, to save a bit of time. I was able to use the --storage_type plain option when creating them, so they are ready to go.
I think that you can follow these guidelines to make the cluster itself. https://wikitech.wikimedia.org/wiki/Etcd and with reference to https://github.com/wikimedia/operations-puppet/blob/production/hieradata/role/common/etcd/v3/dse_k8s_etcd.yaml

Since we have https://github.com/wikimedia/operations-puppet/blob/production/hieradata/role/common/etcd/v3/dse_k8s_etcd.yaml#L4 already which needs to be profile::etcd::v3::cluster_bootstrap: true

Could we have the cluster as a new one dse_k8s_etcd_codfw for the setup? and a Kubernetes POD IP delegation?

BTullis added a comment.Jul 18 2025, 8:56 AM

I think that the simplest way to handle this is to override the profile::etcd::v3::cluster_bootstrap value at the host level in hiera, while you are bootstrapping the cluster.

If we look at one of the other similar clusters, e.g. aux-k8s-etcd then we can see that this was the approach taken:

This patch set the three hosts into bootstrap mode: https://gerrit.wikimedia.org/r/c/operations/puppet/+/1117219
Then it was reverted in: https://gerrit.wikimedia.org/r/c/operations/puppet/+/1117235

Hope that helps.

gerritbot added a comment.Jul 18 2025, 10:00 AM

Change #1170514 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/puppet@production] dse-k8s: bootstrap dse-k8s-codefw cluster

https://gerrit.wikimedia.org/r/1170514

gerritbot added a comment.Jul 18 2025, 11:12 AM

Change #1170364 merged by Stevemunene:

[operations/dns@master] dns: Add dse-k8s codfw SRV records

https://gerrit.wikimedia.org/r/1170364

gerritbot added a comment.Jul 18 2025, 11:23 AM

Change #1170514 merged by Stevemunene:

[operations/puppet@production] dse-k8s: bootstrap dse-k8s-codfw cluster

https://gerrit.wikimedia.org/r/1170514

Maintenance_bot removed a project: Patch-For-Review.Jul 18 2025, 11:31 AM
gerritbot added a comment.Jul 22 2025, 1:46 PM

Change #1171584 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/puppet@production] dse-k8s: deploy etcd service

https://gerrit.wikimedia.org/r/1171584

gerritbot added a project: Patch-For-Review.Jul 22 2025, 1:46 PM
gerritbot added a comment.Jul 22 2025, 2:37 PM

Change #1171592 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/dns@master] dns: Add a VIP for dse-k8s-ctrl.svc.codfw.wmnet

https://gerrit.wikimedia.org/r/1171592

gerritbot added a comment.Jul 25 2025, 8:29 AM

Change #1171592 merged by Stevemunene:

[operations/dns@master] dns: Add a VIP for dse-k8s-ctrl.svc.codfw.wmnet

https://gerrit.wikimedia.org/r/1171592

gerritbot added a comment.Jul 25 2025, 11:21 AM

Change #1171584 merged by Stevemunene:

[operations/puppet@production] dse-k8s: deploy etcd service

https://gerrit.wikimedia.org/r/1171584

Maintenance_bot removed a project: Patch-For-Review.Jul 25 2025, 11:31 AM
gerritbot added a comment.Jul 25 2025, 11:33 AM

Change #1172617 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/puppet@production] Add dse-k8s-codfw site

https://gerrit.wikimedia.org/r/1172617

gerritbot added a project: Patch-For-Review.Jul 25 2025, 11:33 AM
gerritbot added a comment.Jul 25 2025, 11:36 AM

Change #1172617 merged by Stevemunene:

[operations/puppet@production] Add dse-k8s-codfw site definition

https://gerrit.wikimedia.org/r/1172617

gerritbot added a comment.Jul 25 2025, 11:53 AM

Change #1172619 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/puppet@production] Add dse-k8s-codfw etcd configuration

https://gerrit.wikimedia.org/r/1172619

gerritbot added a comment.Jul 25 2025, 4:27 PM

Change #1172619 merged by Bking:

[operations/puppet@production] dse-k8s: Add dse-k8s-codfw k8s configuration

https://gerrit.wikimedia.org/r/1172619

Maintenance_bot removed a project: Patch-For-Review.Jul 25 2025, 4:31 PM
BTullis edited projects, added Data-Platform-SRE (2025.07.26 - 2025.08.15); removed Data-Platform-SRE (2025.07.05 - 2025.07.25).Jul 28 2025, 4:47 PM
BTullis moved this task from Backlog - project to In Progress on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.
gerritbot added a comment.Jul 29 2025, 10:24 AM

Change #1173914 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/puppet@production] dse-k8s: Add dse-k8s-codfw etcd cluster configuration

https://gerrit.wikimedia.org/r/1173914

gerritbot added a project: Patch-For-Review.Jul 29 2025, 10:24 AM
gerritbot added a comment.Jul 29 2025, 2:26 PM

Change #1173914 merged by Stevemunene:

[operations/puppet@production] dse-k8s: Add dse-k8s-codfw etcd cluster configuration

https://gerrit.wikimedia.org/r/1173914

Maintenance_bot removed a project: Patch-For-Review.Jul 29 2025, 2:31 PM
gerritbot added a comment.Aug 13 2025, 11:36 AM

Change #1178526 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/puppet@production] dse-k8s: bootstrap dse-k8s-codfw cluster

https://gerrit.wikimedia.org/r/1178526

gerritbot added a project: Patch-For-Review.Aug 13 2025, 11:36 AM
gerritbot added a comment.Aug 13 2025, 12:17 PM

Change #1178526 merged by Stevemunene:

[operations/puppet@production] dse-k8s: bootstrap dse-k8s-codfw cluster

https://gerrit.wikimedia.org/r/1178526

Maintenance_bot removed a project: Patch-For-Review.Aug 13 2025, 12:31 PM
gerritbot added a comment.Aug 13 2025, 12:41 PM

Change #1178534 had a related patch set uploaded (by Stevemunene; author: Stevemunene):

[operations/puppet@production] dse-k8s: dibable dse-k8s-codfw bootstrap

https://gerrit.wikimedia.org/r/1178534

gerritbot added a project: Patch-For-Review.Aug 13 2025, 12:41 PM
gerritbot added a comment.Aug 14 2025, 8:45 AM

Change #1178534 merged by Stevemunene:

[operations/puppet@production] dse-k8s: disable dse-k8s-codfw bootstrap

https://gerrit.wikimedia.org/r/1178534

Stevemunene closed subtask T400037: Determine dse-k8s-codfw Kubernetes IP ranges as Resolved.Aug 14 2025, 9:16 AM
Maintenance_bot removed a project: Patch-For-Review.Aug 14 2025, 9:31 AM
Stevemunene closed this task as Resolved.Aug 14 2025, 10:05 AM
Stevemunene moved this task from In Progress to Done on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.

The etcd cluster is bootstrapped, moving on to Createing helmfile.d/admin_ng structure required to bootstrap the dse-k8s-codfw cluster on T397297

Stevemunene added a comment.Aug 18 2025, 9:23 AM

To bootstrap the etcd cluster the following steps were followed.

  1. Deploying the srv DNS records to allow the nodes to know about each other dns: Add dse-k8s codfw SRV records and adding a VIP for dse-k8s-ctrl dns: Add a VIP for dse-k8s-ctrl.svc.codfw.wmnet
  2. Adding the hosts to the role(etcd::v3::dse_k8s_etcd)
  3. 1172617: Add dse-k8s-codfw site definition | https://gerrit.wikimedia.org/r/c/operations/puppet/+/1172617
  4. 1172619: dse-k8s: Add dse-k8s-codfw k8s configuration | https://gerrit.wikimedia.org/r/c/operations/puppet/+/1172619
  5. Bootstrapping the cluster by assigning the profile profile::etcd::v3 to the servers roles, the cluster_bootstrap value must be set to true for the initial run profile::etcd::v3::cluster_bootstrap: true which was done on 1178526: dse-k8s: bootstrap dse-k8s-codfw cluster | https://gerrit.wikimedia.org/r/c/operations/puppet/+/1178526

Once merged, run puppet on the new hosts then set the boostrap flag back to true by reverting the change 1178534: dse-k8s: disable dse-k8s-codfw bootstrap | https://gerrit.wikimedia.org/r/c/operations/puppet/+/1178534

BTullis moved this task from Done to Reported on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.Aug 20 2025, 10:32 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits