Project

General

Profile

Feature #15513

Feature #15500: Update Puppet modules: 2018Q4 → 2019Q2 edition

Switch to the puppetlabs/mysql module

Added by intrigeri over 1 year ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
Start date:
04/09/2018
Due date:
% Done:

100%

Spent time:
Feature Branch:
puppet-lizard-manifests:feature15513
Type of work:
Sysadmin
Blueprint:
Starter:
Affected tool:


Related issues

Blocks Tails - Feature #13284: Core work: Sysadmin (Adapt our infrastructure) Confirmed 06/30/2017
Blocks Tails - Bug #16232: Run a nameserver for the {amnesia,tails}.boum.org sub-zones In Progress 12/18/2018

History

#1 Updated by intrigeri over 1 year ago

  • Blocks Feature #13284: Core work: Sysadmin (Adapt our infrastructure) added

#2 Updated by intrigeri over 1 year ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

Here's what we use from our current mysql module and how it could be ported:

  • mysql::server class: same name on both side but the puppetlabs' one seems to do more work
  • mysql::confoverride_options in mysql::server or /etc/mysql/conf.d
  • mysql_database, mysql_user and mysql_grantmysql::db, that can:
    • create a user and grant it some privileges
    • import data into the newly created DB which could nicely replace puppet-tails:files/monitoring/icingaweb2/scripts/install_icingaweb2_database

#3 Updated by intrigeri about 1 year ago

  • Target version changed from Tails_3.9 to Tails_3.10.1

#4 Updated by intrigeri 10 months ago

  • Target version changed from Tails_3.10.1 to Tails_3.11

#5 Updated by intrigeri 9 months ago

  • Parent task changed from #15499 to #15500

#6 Updated by intrigeri 9 months ago

  • Target version changed from Tails_3.11 to Tails_3.12

I've booked time to work on this around Dec 17-31.

#7 Updated by groente 7 months ago

  • Blocks Bug #16232: Run a nameserver for the {amnesia,tails}.boum.org sub-zones added

#8 Updated by intrigeri 7 months ago

  • Target version changed from Tails_3.12 to Tails_3.13

#9 Updated by groente 6 months ago

  • Priority changed from Normal to High

Adjusting the priority, as this blocks the creation of a secondary DNS (and not having one caused us some downtime today). Hope you'll find time for this soonish.

#10 Updated by intrigeri 6 months ago

Adjusting the priority, as this blocks the creation of a secondary DNS (and not having one caused us some downtime today). Hope you'll find time for this soonish.

Got it. And FTR: feel free to steal it from me if you want :)

#11 Updated by intrigeri 5 months ago

I've booked time next week to work on this.

#12 Updated by intrigeri 5 months ago

Affected systems, services and code:

  • buse (Redmine, via tails::redmine, which only uses mysql::server as the DB setup was not Puppetized; the Debian package does most of it anyway)
  • dns (PowerDNS, via the powerdns module, which uses mysql::server, mysql::server::account_security and mysql::db, except we temporarily disabled most of the code since it needs puppetlabs/mysql)
  • ecours (Icinga2 and Icingaweb2, via ::icingaweb2 — we disable all its DB setup code — and tails::monitoring::icingaweb2::mysql — which uses mysql_{database,user,grant} and runs the install_icingaweb2_database script)
  • survey (LimeSurvey via tails::limesurvey, which uses mysql_{database,user,grant})
  • translate (Weblate, via tails::weblate, which uses mysql::server, mysql::conf, and mysql_{database,user,grant})

#13 Updated by intrigeri 5 months ago

  • Feature Branch set to puppet-lizard-manifests:feature15513

Unfortunately, none of the affected code was developed locally and some of it is way to complex to reproduce locally. So my plan is to use a Puppet topic branch = environment to do the migration one node after the other, starting with the least critical systems. And once they're all done, I'll merge the topic branch into production and switch all these systems back to the production environment.

I had to introduce the simplest possible ENC (commit 05433f82c1e7093147aebb4f5552811154501ca3) and to adjust our Hiera config (c853a0f3addc1950e252df2c302ad85cb0281dd6) so I could use Puppet environments at all. Looks like last time I tried, I did everything else that was needed (e.g. on the puppet-sync front) but stopped short of these last needed bits. Here we go!

#14 Updated by intrigeri 5 months ago

Switched survey. Looks OK so far.

#15 Updated by intrigeri 5 months ago

Switched translate too. From now on I'll update #15513#note-12 when I'm done with a node, instead of adding a comment here, as long as there's nothing else to say than "done".

#16 Updated by intrigeri 5 months ago

  • Assignee changed from intrigeri to groente
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

Migrated each affected system to the environment that has puppetlabs/mysql, one after the other. LGTM => merged the topic branch into the production branch and assigned these systems back to the production environment.

Please review
git diff --submodule=diff ff4f78af9186386bf5e608bead87cff4ec4b52ff..b2294cf74223a6789be05ffbf1c998cc806a30fc
(you'll want to skip modules/mysql though :)

#17 Updated by intrigeri 5 months ago

  • Priority changed from High to Normal

(To get the parent ticket back to normal prio.)

#18 Updated by groente 4 months ago

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

Also available in: Atom PDF