Page MenuHomePhabricator
Create Task
Maniphest T402259

Migrating esams to routed Ganeti
Closed, ResolvedPublic
Actions

Description

An intro on routed Ganeti can be found here: https://phabricator.wikimedia.org/phame/post/view/312/ganeti_on_modern_network_design/

Routed ganeti is already running in magru (and two test systems in codfw). Next we'll migrate esams to it

Esams currently consists of two separate Ganeti clusters in two different rows with two servers each.

row BY27: ganeti3005 and ganeti3007

  • atlas3001
  • bast3007
  • doh3003
  • durum3003
  • ncredir3003

row BW27: ganeti3006 and ganeti3008

  • doh3004
  • durum3004
  • install3003
  • ncredir3004
  • netflow3003
  • prometheus3003

When the migration is completed, we'll have a common four node Ganeti cluster spanning the two rows (and would also have flexibility in case of potential row changes at the DC).

The migration path will look like the following:

  • Announce that people move away from bast3007 and use the bastion in drmrs for now
  • Deploy https://gerrit.wikimedia.org/r/c/operations/puppet/+/1180085
  • Decom atlas3001 (will be re-added later)
  • Decom bast3007 (will be re-added later)
  • Move all VMs in ganeti3005 to ganeti3007
  • Switch BY27 VMs to plain disk storage, i.e. disable DRBD for them.

During this initial period, the BY27 VMs are no longer redundant

  • Allocate IPs for esams routed Ganeti - https://netbox.wikimedia.org/ipam/prefixes/?role_id=41&site_id=1
  • Add allocated IPs to modules/network/data/data.yaml in Puppet - https://gerrit.wikimedia.org/r/c/operations/puppet/+/1180083
  • Add ganeti "customer" to Homer with the esams ranges - https://gerrit.wikimedia.org/r/c/operations/homer/public/+/1180081
  • Manually create the first IPs in Netbox to be able to add the DNS PTRs includes
  • Reimage ganeti3005 with routed Ganeti T403375
  • Update ganeti3005 switch port to remove the trunked public vlan
  • Setup routing between ganeti3005 and its ToR switch
  • Create doh3005, durum3005 and ncredir3005 on routed Ganeti and fail over services
  • Decom ncredir3004, netflow3003, prometheus3003
  • Reimage ganeti3007 with routed Ganeti
  • Update ganeti3007 switch port to remove the trunked public vlan
  • Setup routing between ganeti3007 and its ToR switch
  • Remove esams01 from Netbox sync
  • Move all VMs on ganeti3006 to ganeti3008
  • Switch BW27 VMs to plain disk storage, i.e. disable DRBD for them.
  • Reimage ganeti3006 with routed Ganeti
  • Update ganeti3006 switch port to remove the trunked public vlan
  • Setup routing between ganeti3006 and its ToR switch
  • Create atlas3001 - T403580
  • Create bast3007 on routed Ganeti
  • Switch ncredir3005, durum3005, doh3005 to DRBD
  • Create doh3006 on routed Ganeti, when done decom doh3004
  • Create durum3006 on routed Ganeti, when done decom durum3004
  • Create ncredir3006 on routed Ganeti, when done decom ncredir3004
  • Create install3004 on routed Ganeti, when done decom install3004
  • Update DHCP relay config on the switches to point to the new install3004
  • Point webproxy to the new install3004
  • Create netflow3004 on routed Ganeti, when done decom netflow3003
  • Update netflow config on esams network equipment to point to the new netflow3004
  • Create prometheus3004 on routed Ganeti with insetup role and pass on to o11y to migrate existing metrics, when done decom prometheus3003
  • Remove esams02 from Netbox sync
  • When empty of running VMs, reimage ganeti3008 with routed Ganeti
  • Update ganeti3008 switch port to remove the trunked public vlan
  • Setup routing between ganeti3008 and its ToR switch

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Update Ganeti alias for esamsoperations/puppetproduction+1 -1
Add ganeti3008 to the routed Ganeti cluster in esamsoperations/puppetproduction+2 -5
Remove Ganeti role from ganeti3008operations/puppetproduction+1 -6
Remove ganeti02/esams from Netbox syncoperations/puppetproduction+0 -3
Apply config to enable new Bird release on the role/esams leveloperations/puppetproduction+0 -3
Update DHCP server in esamsoperations/homer/publicmaster+2 -2
Update DHCP server in esamsoperations/puppetproduction+1 -1
Point webproxy in esams to install3004operations/dnsmaster+1 -1
Add dummy keytab for install3004labs/privatemaster+0 -0
Apply installserver role to install3004operations/puppetproduction+1 -1
Remove ncredir3004operations/puppetproduction+0 -1
Make doh3006 a wikidough nodeoperations/puppetproduction+1 -4
Also enable new Bird for durum3006operations/puppetproduction+1 -0
Kafka: remove netflow3003 ACL before decomoperations/puppetproduction+0 -1
Make durum3006 a durum nodeoperations/puppetproduction+0 -4
esams: update netflow3003 to 3004operations/homer/publicmaster+1 -1
Apply netinsights role to netflow3004operations/puppetproduction+1 -4
Add ncredir3006operations/puppetproduction+1 -4
Add replacement insetup VMS for VMs currently running on esams02operations/puppetproduction+20 -0
Add ganeti3007 to the esams03 clusteroperations/puppetproduction+2 -5
Readd bast3007 as bastion nodeoperations/puppetproduction+3 -1
Drop esams01 cluster and reimage ganeti3007operations/puppetproduction+1 -6
Remove esams01 from Netbox syncoperations/puppetproduction+0 -3
Remove atlas3001 from monitoringoperations/puppetproduction+0 -7
Remove esams RIPE Atlas measurementsoperations/puppetproduction+0 -11
Remove ncredir3003operations/puppetproduction+0 -1
Add ganeti3005 to the esams03 clusteroperations/puppetproduction+3 -6
Apply the wikidough role on doh3005operations/puppetproduction+1 -4
esams routed ganeti: add v4 and v6 IP/rangeoperations/puppetproduction+4 -0
Apply the durum role on durum3005operations/puppetproduction+1 -4
Add ncredir3005 as ncredir nodeoperations/puppetproduction+1 -4
Add replacement insetup VMS for VMs currently running on esams01operations/puppetproduction+12 -0
Add esams03 to Netbox syncoperations/puppetproduction+3 -0
Remove ganeti3006 from ganeti02 cluster in esamsoperations/puppetproduction+5 -8
esams: add includes for routed ganeti rangesoperations/dnsmaster+15 -0
esams: add Ganeti "customer"operations/homer/publicmaster+14 -0
Remove ganeti3005 from esams01 clusteroperations/puppetproduction+3 -9
Add esams routed ganeti VM ranges to network/data/data.yamloperations/puppetproduction+6 -0
Remove bast3007 as bastion nodeoperations/puppetproduction+1 -3
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
ops-monitoring-bot added a comment.Sep 4 2025, 10:14 AM

Cookbook cookbooks.sre.hosts.reimage was started by jmm@cumin2002 for host bast3007.wikimedia.org with OS bookworm

gerritbot added a comment.Sep 4 2025, 10:21 AM

Change #1184062 merged by Muehlenhoff:

[operations/puppet@production] Remove ncredir3003

https://gerrit.wikimedia.org/r/1184062

Maintenance_bot removed a project: Patch-For-Review.Sep 4 2025, 10:31 AM
ops-monitoring-bot added a comment.Sep 4 2025, 10:36 AM

cookbooks.sre.hosts.decommission executed by jmm@cumin2002 for hosts: ncredir3003.esams.wmnet

  • ncredir3003.esams.wmnet (PASS)
    • Downtimed host on Icinga/Alertmanager
    • Found Ganeti VM
    • VM shutdown
    • Started forced sync of VMs in Ganeti cluster esams01 to Netbox
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB
    • VM removed
    • Started forced sync of VMs in Ganeti cluster esams01 to Netbox
gerritbot added a comment.Sep 4 2025, 10:38 AM

Change #1184734 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Drop esams01 cluster and reimage ganeti3007

https://gerrit.wikimedia.org/r/1184734

gerritbot added a project: Patch-For-Review.Sep 4 2025, 10:38 AM

Change #1184735 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove esams01 from Netbox sync

https://gerrit.wikimedia.org/r/1184735

ops-monitoring-bot added a comment.Sep 4 2025, 10:58 AM

Cookbook cookbooks.sre.hosts.reimage started by jmm@cumin2002 for host bast3007.wikimedia.org with OS bookworm completed:

  • bast3007 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202509041043_jmm_1995771_bast3007.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
gerritbot added a comment.Sep 4 2025, 11:06 AM

Change #1184742 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Readd bast3007 as bastion node

https://gerrit.wikimedia.org/r/1184742

gerritbot added a comment.Sep 4 2025, 11:29 AM

Change #1184735 merged by Muehlenhoff:

[operations/puppet@production] Remove esams01 from Netbox sync

https://gerrit.wikimedia.org/r/1184735

gerritbot added a comment.Sep 4 2025, 11:46 AM

Change #1184734 merged by Muehlenhoff:

[operations/puppet@production] Drop esams01 cluster and reimage ganeti3007

https://gerrit.wikimedia.org/r/1184734

gerritbot added a comment.Sep 4 2025, 12:26 PM

Change #1184742 merged by Muehlenhoff:

[operations/puppet@production] Readd bast3007 as bastion node

https://gerrit.wikimedia.org/r/1184742

Maintenance_bot removed a project: Patch-For-Review.Sep 4 2025, 12:31 PM
gerritbot added a comment.Sep 4 2025, 1:10 PM

Change #1184774 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add ganeti3007 to the esams03 cluster

https://gerrit.wikimedia.org/r/1184774

gerritbot added a project: Patch-For-Review.Sep 4 2025, 1:10 PM
gerritbot added a comment.Sep 4 2025, 1:28 PM

Change #1184774 merged by Muehlenhoff:

[operations/puppet@production] Add ganeti3007 to the esams03 cluster

https://gerrit.wikimedia.org/r/1184774

Maintenance_bot removed a project: Patch-For-Review.Sep 4 2025, 1:32 PM
MoritzMuehlenhoff updated the task description. (Show Details)Sep 4 2025, 1:37 PM
MoritzMuehlenhoff updated the task description. (Show Details)
ayounsi updated the task description. (Show Details)Sep 4 2025, 1:39 PM
MoritzMuehlenhoff updated the task description. (Show Details)Sep 4 2025, 1:49 PM
MoritzMuehlenhoff updated the task description. (Show Details)Sep 4 2025, 2:31 PM
ops-monitoring-bot added a comment.Sep 4 2025, 2:34 PM

VM ncredir3005.esams.wmnet switching disk type to drbd

MoritzMuehlenhoff updated the task description. (Show Details)Sep 4 2025, 2:37 PM
tappof closed subtask T403620: Migrate prometheus3003 to prometheus3004 as Resolved.Sep 4 2025, 6:02 PM
gerritbot added a comment.Sep 5 2025, 6:18 AM

Change #1184967 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add replacement insetup VMS for VMs currently running on esams02

https://gerrit.wikimedia.org/r/1184967

gerritbot added a project: Patch-For-Review.Sep 5 2025, 6:18 AM
gerritbot added a comment.Sep 5 2025, 6:23 AM

Change #1184967 merged by Muehlenhoff:

[operations/puppet@production] Add replacement insetup VMS for VMs currently running on esams02

https://gerrit.wikimedia.org/r/1184967

ops-monitoring-bot added a comment.Sep 5 2025, 6:56 AM

Cookbook cookbooks.sre.hosts.reimage was started by jmm@cumin2002 for host doh3006.wikimedia.org with OS bookworm

MoritzMuehlenhoff updated the task description. (Show Details)Sep 5 2025, 6:59 AM
MoritzMuehlenhoff updated the task description. (Show Details)
ops-monitoring-bot added a comment.Sep 5 2025, 7:42 AM

Cookbook cookbooks.sre.hosts.reimage started by jmm@cumin2002 for host doh3006.wikimedia.org with OS bookworm completed:

  • doh3006 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202509050723_jmm_2613787_doh3006.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
ops-monitoring-bot added a comment.Sep 5 2025, 7:46 AM

Draining ganeti3007.esams.wmnet of running VMs

ops-monitoring-bot added a comment.Sep 5 2025, 7:47 AM

Draining ganeti3007.esams.wmnet of running VMs

gerritbot added a comment.Sep 5 2025, 7:59 AM

Change #1185047 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Make doh3006 a wikidough node

https://gerrit.wikimedia.org/r/1185047

MoritzMuehlenhoff closed subtask T403375: ganeti3005 doesn't come back up during reimage as Resolved.Sep 5 2025, 9:06 AM
ops-monitoring-bot added a comment.Sep 5 2025, 12:28 PM

Cookbook cookbooks.sre.hosts.reimage was started by jmm@cumin2002 for host durum3006.esams.wmnet with OS bookworm

ops-monitoring-bot added a comment.Sep 5 2025, 1:10 PM

Cookbook cookbooks.sre.hosts.reimage started by jmm@cumin2002 for host durum3006.esams.wmnet with OS bookworm completed:

  • durum3006 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202509051252_jmm_2780597_durum3006.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
gerritbot added a comment.Sep 5 2025, 1:37 PM

Change #1185094 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Make durum3006 a durum node

https://gerrit.wikimedia.org/r/1185094

ops-monitoring-bot added a comment.Sep 5 2025, 1:47 PM

Cookbook cookbooks.sre.hosts.reimage was started by jmm@cumin2002 for host ncredir3006.esams.wmnet with OS bookworm

ops-monitoring-bot added a comment.Sep 5 2025, 2:26 PM

Cookbook cookbooks.sre.hosts.reimage started by jmm@cumin2002 for host ncredir3006.esams.wmnet with OS bookworm completed:

  • ncredir3006 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202509051413_jmm_2825207_ncredir3006.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
gerritbot added a comment.Sep 5 2025, 2:46 PM

Change #1185107 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add ncredir3006

https://gerrit.wikimedia.org/r/1185107

gerritbot added a comment.Sep 8 2025, 6:40 AM

Change #1185107 merged by Muehlenhoff:

[operations/puppet@production] Add ncredir3006

https://gerrit.wikimedia.org/r/1185107

gerritbot added a comment.Sep 8 2025, 7:11 AM

Change #1185709 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove ncredir3004

https://gerrit.wikimedia.org/r/1185709

gerritbot added a comment.Sep 8 2025, 7:19 AM

Change #1185710 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Apply netinsights role to netflow3004

https://gerrit.wikimedia.org/r/1185710

ops-monitoring-bot added a comment.Sep 8 2025, 7:54 AM

Cookbook cookbooks.sre.hosts.reimage was started by jmm@cumin2002 for host netflow3004.esams.wmnet with OS bookworm

ops-monitoring-bot added a comment.Sep 8 2025, 8:34 AM

Cookbook cookbooks.sre.hosts.reimage started by jmm@cumin2002 for host netflow3004.esams.wmnet with OS bookworm completed:

  • netflow3004 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202509080819_jmm_558602_netflow3004.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
gerritbot added a comment.Sep 8 2025, 8:39 AM

Change #1185859 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/homer/public@master] esams: update netflow3003 to 3004

https://gerrit.wikimedia.org/r/1185859

gerritbot added a comment.Sep 8 2025, 8:52 AM

Change #1185710 merged by Muehlenhoff:

[operations/puppet@production] Apply netinsights role to netflow3004

https://gerrit.wikimedia.org/r/1185710

gerritbot added a comment.Sep 8 2025, 9:29 AM

Change #1185859 merged by jenkins-bot:

[operations/homer/public@master] esams: update netflow3003 to 3004

https://gerrit.wikimedia.org/r/1185859

gerritbot added a comment.Sep 8 2025, 9:51 AM

Change #1185094 merged by Muehlenhoff:

[operations/puppet@production] Make durum3006 a durum node

https://gerrit.wikimedia.org/r/1185094

gerritbot added a comment.Sep 8 2025, 9:56 AM

Change #1185873 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/puppet@production] Kafka: remove netflow3003 ACL before decom

https://gerrit.wikimedia.org/r/1185873

gerritbot added a comment.Sep 8 2025, 9:58 AM

Change #1185873 merged by Ayounsi:

[operations/puppet@production] Kafka: remove netflow3003 ACL before decom

https://gerrit.wikimedia.org/r/1185873

ayounsi updated the task description. (Show Details)Sep 8 2025, 10:04 AM
gerritbot added a comment.Sep 8 2025, 10:06 AM

Change #1185876 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Also enable new Bird for durum3006

https://gerrit.wikimedia.org/r/1185876

ops-monitoring-bot added a comment.Sep 8 2025, 10:08 AM

cookbooks.sre.hosts.decommission executed by ayounsi@cumin1003 for hosts: netflow3003.esams.wmnet

  • netflow3003.esams.wmnet (PASS)
    • Downtimed host on Icinga/Alertmanager
    • Found Ganeti VM
    • VM shutdown
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB
    • VM removed
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
gerritbot added a comment.Sep 8 2025, 10:08 AM

Change #1185876 merged by Muehlenhoff:

[operations/puppet@production] Also enable new Bird for durum3006

https://gerrit.wikimedia.org/r/1185876

ops-monitoring-bot added a comment.Sep 8 2025, 10:11 AM

Cookbook cookbooks.sre.hosts.reimage was started by jmm@cumin2002 for host install3004.wikimedia.org with OS bookworm

gerritbot added a comment.Sep 8 2025, 11:02 AM

Change #1185047 merged by Muehlenhoff:

[operations/puppet@production] Make doh3006 a wikidough node

https://gerrit.wikimedia.org/r/1185047

ops-monitoring-bot added a comment.Sep 8 2025, 11:08 AM

Cookbook cookbooks.sre.hosts.reimage started by jmm@cumin2002 for host install3004.wikimedia.org with OS bookworm completed:

  • install3004 (PASS)
    • Removed from Puppet and PuppetDB if present and deleted any certificates
    • Removed from Debmonitor if present
    • Forced PXE for next reboot
    • Host rebooted via gnt-instance
    • Host up (Debian installer)
    • Add puppet_version metadata (7) to Debian installer
    • Set boot media to disk
    • Host up (new fresh bookworm OS)
    • Generated Puppet certificate
    • Signed new Puppet certificate
    • Run Puppet in NOOP mode to populate exported resources in PuppetDB
    • Found Nagios_host resource for this host in PuppetDB
    • Downtimed the new host on Icinga/Alertmanager
    • First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202509081053_jmm_613442_install3004.out
    • configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
    • Rebooted
    • Automatic Puppet run was successful
    • Forced a re-check of all Icinga services for the host
    • Icinga status is optimal
    • Icinga downtime removed
    • Updated Netbox data from PuppetDB
gerritbot added a comment.Sep 8 2025, 11:14 AM

Change #1185709 merged by Muehlenhoff:

[operations/puppet@production] Remove ncredir3004

https://gerrit.wikimedia.org/r/1185709

ops-monitoring-bot added a comment.Sep 8 2025, 11:31 AM

cookbooks.sre.hosts.decommission executed by jmm@cumin2002 for hosts: ncredir3004.esams.wmnet

  • ncredir3004.esams.wmnet (PASS)
    • Downtimed host on Icinga/Alertmanager
    • Found Ganeti VM
    • VM shutdown
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB
    • VM removed
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
ops-monitoring-bot added a comment.Sep 8 2025, 11:35 AM

VM durum3005.esams.wmnet switching disk type to drbd

gerritbot added a comment.Sep 8 2025, 12:02 PM

Change #1185898 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Apply installserver role to install3004

https://gerrit.wikimedia.org/r/1185898

ops-monitoring-bot added a comment.Sep 8 2025, 12:30 PM

VM doh3005.wikimedia.org switching disk type to drbd

MoritzMuehlenhoff updated the task description. (Show Details)Sep 8 2025, 12:43 PM
gerritbot added a comment.Sep 8 2025, 12:47 PM

Change #1185898 merged by Muehlenhoff:

[operations/puppet@production] Apply installserver role to install3004

https://gerrit.wikimedia.org/r/1185898

gerritbot added a comment.Sep 8 2025, 12:52 PM

Change #1185918 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/dns@master] Point webproxy in esams to install3004

https://gerrit.wikimedia.org/r/1185918

gerritbot added a comment.Sep 8 2025, 1:05 PM

Change #1185924 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[labs/private@master] Add dummy keytab for install3004

https://gerrit.wikimedia.org/r/1185924

gerritbot added a comment.Sep 8 2025, 1:09 PM

Change #1185924 merged by Muehlenhoff:

[labs/private@master] Add dummy keytab for install3004

https://gerrit.wikimedia.org/r/1185924

ops-monitoring-bot added a comment.Sep 8 2025, 1:33 PM

cookbooks.sre.hosts.decommission executed by jmm@cumin2002 for hosts: durum3004.esams.wmnet

  • durum3004.esams.wmnet (PASS)
    • Downtimed host on Icinga/Alertmanager
    • Found Ganeti VM
    • VM shutdown
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB
    • VM removed
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
gerritbot added a comment.Sep 8 2025, 1:38 PM

Change #1185938 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Apply config to enable new Bird release on the role/esams level

https://gerrit.wikimedia.org/r/1185938

gerritbot added a comment.Sep 8 2025, 1:49 PM

Change #1185940 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/homer/public@master] Update DHCP server in esams

https://gerrit.wikimedia.org/r/1185940

ops-monitoring-bot added a comment.Sep 8 2025, 1:50 PM

cookbooks.sre.hosts.decommission executed by jmm@cumin2002 for hosts: doh3004.wikimedia.org

  • doh3004.wikimedia.org (PASS)
    • Downtimed host on Icinga/Alertmanager
    • Found Ganeti VM
    • VM shutdown
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB
    • VM removed
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
gerritbot added a comment.Sep 8 2025, 1:51 PM

Change #1185941 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Update DHCP server in esams

https://gerrit.wikimedia.org/r/1185941

MoritzMuehlenhoff updated the task description. (Show Details)Sep 8 2025, 3:15 PM
gerritbot added a comment.Sep 9 2025, 6:36 AM

Change #1185918 merged by Muehlenhoff:

[operations/dns@master] Point webproxy in esams to install3004

https://gerrit.wikimedia.org/r/1185918

gerritbot added a comment.Sep 9 2025, 6:41 AM

Change #1185941 merged by Muehlenhoff:

[operations/puppet@production] Update DHCP server in esams

https://gerrit.wikimedia.org/r/1185941

gerritbot added a comment.Sep 9 2025, 6:41 AM

Change #1185940 merged by Muehlenhoff:

[operations/homer/public@master] Update DHCP server in esams

https://gerrit.wikimedia.org/r/1185940

MoritzMuehlenhoff updated the task description. (Show Details)Sep 9 2025, 6:44 AM
gerritbot added a comment.Sep 9 2025, 7:57 AM

Change #1185938 merged by Muehlenhoff:

[operations/puppet@production] Apply config to enable new Bird release on the role/esams level

https://gerrit.wikimedia.org/r/1185938

MoritzMuehlenhoff updated the task description. (Show Details)Sep 9 2025, 8:33 AM
gerritbot added a comment.Sep 9 2025, 8:42 AM

Change #1186438 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove Ganeti role from ganeti3008

https://gerrit.wikimedia.org/r/1186438

gerritbot added a comment.Sep 9 2025, 8:42 AM

Change #1186439 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove ganeti02/esams from Netbox sync

https://gerrit.wikimedia.org/r/1186439

ops-monitoring-bot added a comment.Sep 9 2025, 8:51 AM

cookbooks.sre.hosts.decommission executed by jmm@cumin2002 for hosts: install3003.wikimedia.org

  • install3003.wikimedia.org (PASS)
    • Downtimed host on Icinga/Alertmanager
    • Found Ganeti VM
    • VM shutdown
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB
    • VM removed
    • Started forced sync of VMs in Ganeti cluster esams02 to Netbox
gerritbot added a comment.Sep 9 2025, 9:16 AM

Change #1186439 merged by Muehlenhoff:

[operations/puppet@production] Remove ganeti02/esams from Netbox sync

https://gerrit.wikimedia.org/r/1186439

MoritzMuehlenhoff updated the task description. (Show Details)Sep 9 2025, 9:19 AM
gerritbot added a comment.Sep 9 2025, 9:23 AM

Change #1186438 merged by Muehlenhoff:

[operations/puppet@production] Remove Ganeti role from ganeti3008

https://gerrit.wikimedia.org/r/1186438

MoritzMuehlenhoff updated the task description. (Show Details)Sep 9 2025, 9:47 AM
ayounsi updated the task description. (Show Details)Sep 9 2025, 10:09 AM
gerritbot added a comment.Sep 9 2025, 2:02 PM

Change #1186516 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add ganeti3008 to the routed Ganeti cluster in esams

https://gerrit.wikimedia.org/r/1186516

gerritbot added a comment.Sep 9 2025, 2:46 PM

Change #1186516 merged by Muehlenhoff:

[operations/puppet@production] Add ganeti3008 to the routed Ganeti cluster in esams

https://gerrit.wikimedia.org/r/1186516

MoritzMuehlenhoff updated the task description. (Show Details)Sep 9 2025, 3:10 PM
MoritzMuehlenhoff closed this task as Resolved.Sep 9 2025, 3:12 PM
MoritzMuehlenhoff claimed this task.

esams is fully migrated to routed Ganeti!

Stashbot added a comment.Sep 10 2025, 5:46 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T05:46:49Z] <moritzm> rebalance ganeti03 in esams T402259

gerritbot added a comment.Sep 10 2025, 7:55 AM

Change #1186925 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Update Ganeti alias for esams

https://gerrit.wikimedia.org/r/1186925

gerritbot added a comment.Sep 10 2025, 8:00 AM

Change #1186925 merged by Muehlenhoff:

[operations/puppet@production] Update Ganeti alias for esams

https://gerrit.wikimedia.org/r/1186925

MoritzMuehlenhoff added a comment.Sep 16 2025, 12:05 PM

There was a small issue with install3004, it lacked the global ipv6 address, which caused failing ipv6 probes to Squid. The relevant config snippet for /etc/network/interfaces gets added in the late-setup script of the installer. It's unclear why it failed, but the VM was created on the day after the Bookworm 12.12 point release, so possibly the VM creation was made before the netboot-image had been updated and that caused some silent failure. I've fixed up /e/n/i manually and now ipv6 connectivity works fine again.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits