Change Details

While working on improving the automation of Gerrit failover after the last [[ https://www.wikimediastatus.net/incidents/711dt40sdvrj | incident ]] we had; we opened the conversation to challenge the way we are synchronizing data across Gerrit instances. In [[ https://gerrit.wikimedia.org/r/c/operations/cookbooks/+/1145208/comments/98ef1309_38f85dfc | this conversation ]], the idea of using Gerrit's [[ https://gerrit.googlesource.com/plugins/readonly | read-only plugin ]] emerged as a potential solution to simplify the way we are handling things. The best case scenario would be to be able to stop contributions from coming-in while embedded replication finishes its jobs, switch-over to the other instance and wait for the proper conditions to be satisfied to open the service again for writes. [x] ensure of it is still maintained as [[ https://gerrit.googlesource.com/plugins/readonly/+/de07a6b95d94ef4124fba9c3ded89d83fe2adc01 | the last commit ]] is old enough to raise the question. [x] explore the capabilities and compatibility of the read-only plugin to ensure it would fit our use case [] test the solution [] implement in production [] update gerrit failover cookbook

While working on improving the automation of Gerrit failover after the last [[ https://www.wikimediastatus.net/incidents/711dt40sdvrj | incident ]] we had; we opened the conversation to challenge the way we are synchronizing data across Gerrit instances. In [[ https://gerrit.wikimedia.org/r/c/operations/cookbooks/+/1145208/comments/98ef1309_38f85dfc | this conversation ]], the idea of using Gerrit's [[ https://gerrit.googlesource.com/plugins/readonly | read-only plugin ]] emerged as a potential solution to simplify the way we are handling things. The best case scenario would be to be able to stop contributions from coming-in while embedded replication finishes its jobs, switch-over to the other instance and wait for the proper conditions to be satisfied to open the service again for writes. [x] ensure of it is still maintained as [[ https://gerrit.googlesource.com/plugins/readonly/+/de07a6b95d94ef4124fba9c3ded89d83fe2adc01 | the last commit ]] is old enough to raise the question. [x] explore the capabilities and compatibility of the read-only plugin to ensure it would fit our use case [x] test the solution [x] implement in production [x] update gerrit failover cookbook

While working on improving the automation of Gerrit failover after the last [[ https://www.wikimediastatus.net/incidents/711dt40sdvrj | incident ]] we had; we opened the conversation to challenge the way we are synchronizing data across Gerrit instances. In [[ https://gerrit.wikimedia.org/r/c/operations/cookbooks/+/1145208/comments/98ef1309_38f85dfc | this conversation ]], the idea of using Gerrit's [[ https://gerrit.googlesource.com/plugins/readonly | read-only plugin ]] emerged as a potential solution to simplify the way we are handling things. The best case scenario would be to be able to stop contributions from coming-in while embedded replication finishes its jobs, switch-over to the other instance and wait for the proper conditions to be satisfied to open the service again for writes. [x] ensure of it is still maintained as [[ https://gerrit.googlesource.com/plugins/readonly/+/de07a6b95d94ef4124fba9c3ded89d83fe2adc01 | the last commit ]] is old enough to raise the question. [x] explore the capabilities and compatibility of the read-only plugin to ensure it would fit our use case [x] test the solution [x] implement in production [x] update gerrit failover cookbook