Difference between revisions of "Meetings/InfraTeamMeeting"
< Meetings
Clark Boylan (talk | contribs) (→Agenda for next meeting) |
Clark Boylan (talk | contribs) (→Agenda for next meeting) |
||
| Line 10: | Line 10: | ||
* Announcements | * Announcements | ||
| − | + | ** OpenStack release is scheduled to happen April 1. https://releases.openstack.org/gazpacho/schedule.html | |
| − | ** OpenStack release is scheduled to happen April 1 | ||
* Actions from last meeting | * Actions from last meeting | ||
| Line 18: | Line 17: | ||
* Topics | * Topics | ||
| − | |||
| − | |||
| − | |||
| − | |||
** Upgrading Old Servers (clarkb 20230627) | ** Upgrading Old Servers (clarkb 20230627) | ||
*** https://etherpad.opendev.org/p/opendev-server-upgrade-planning Central tracking document which may link to more host specific documents | *** https://etherpad.opendev.org/p/opendev-server-upgrade-planning Central tracking document which may link to more host specific documents | ||
| Line 39: | Line 34: | ||
*** Ansible 9 also fixes problems with the use of pkg_resources in the Ansible ip module | *** Ansible 9 also fixes problems with the use of pkg_resources in the Ansible ip module | ||
*** Any concerns with proceeding with the upgrade since tests look good? | *** Any concerns with proceeding with the upgrade since tests look good? | ||
| + | ** Gerrit Account Cleanups (clarkb 20260317) | ||
| + | *** Since the upgrade to Gerrit notedb we've had account inconsistencies that prevent us from push to the external ids ref/table directly. | ||
| + | *** clarkb did a bunch of work to get the number down from hundreds to about 33 consistency errors before stalling out. | ||
| + | *** The tail was the most difficult as it wasn't clear what the more appropriate fix for each account would be | ||
| + | *** Since then it has been years and those accounts are likely inactive and unused. We can rerun the Gerrit consistency check, feed the info back through our audit script then decide if we need to be careful with any of these accounts | ||
| + | *** Chances are we can simply disable them all and remove the conflicting external ids. | ||
| + | *** If we take good notes we can reconstruct the accounts as appropriate after the fact without Gerrit downtime should one of these users show up and wonder what happened. | ||
** Gerrit 3.12 and 3.13 Upgrade Planning (clarkb 20260310) | ** Gerrit 3.12 and 3.13 Upgrade Planning (clarkb 20260310) | ||
*** Targeting April 5/6 and April 12/13 for upgrade to 3.12 and 3.13 respectively. | *** Targeting April 5/6 and April 12/13 for upgrade to 3.12 and 3.13 respectively. | ||
| Line 46: | Line 48: | ||
**** The big risk currently on the radar is that H2 is upgraded from v1 to v2 in 3.12. But will need to do more digging through release notes as well as testing. | **** The big risk currently on the radar is that H2 is upgraded from v1 to v2 in 3.12. But will need to do more digging through release notes as well as testing. | ||
** Purging backups on the smaller backup server (clarkb 20260310) | ** Purging backups on the smaller backup server (clarkb 20260310) | ||
| − | *** | + | *** Purging review02 and paste01 backups did free up some additional space |
| − | + | *** Should we do the same for eavesdrop01 and refstack01 backups? | |
| − | |||
| − | *** | ||
* Open discussion | * Open discussion | ||
Revision as of 18:13, 16 March 2026
Contents
Weekly Project Infrastructure team meeting
The OpenDev Team holds public weekly meetings in #opendev-meeting on OFTC, Tuesdays at 1900 UTC. Everyone interested in infrastructure and process surrounding automated testing and deployment is encouraged to attend.
Please feel free to add agenda items (and your IRC nick in parenthesis).
Agenda for next meeting
- Announcements
- OpenStack release is scheduled to happen April 1. https://releases.openstack.org/gazpacho/schedule.html
- Actions from last meeting
- Specs Review
- Topics
- Upgrading Old Servers (clarkb 20230627)
- https://etherpad.opendev.org/p/opendev-server-upgrade-planning Central tracking document which may link to more host specific documents
- Next on the list are graphite and backup servers
- Can probably spin up new backup servers alongside the old ones then migrate the old volumes off the old servers to the new ones and finally delete the old servers. Just need to double check borg version support matrix details and also what adding new backup servers will do to our cron job setups for backups.
- In addition to the backups servers and graphite, clarkb can work with mnasiadka to do some of the outstanding cleanup for the mirror nodes.
- Remember to use launch-node's --config-drive flag when booting new Noble nodes in Rax Classic
- Adding Bad Crawler Honeypots to our Sites (clarkb 20251216)
- A DDoS against static hosted sites resulted in new WAF rules and approaches on static02
- It is possible we may wish to apply similar approaches to sites like lists though the specific details will be different
- https://review.opendev.org/q/hashtag:%22apache-waf%22+status:open
- There was also discussion about subscribing to common mod security rulesets that are already packaged and available via Ubuntu repos.
- Upgrade Ansible to v9 (clarkb 20260310)
- https://docs.ansible.com/projects/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
- https://review.opendev.org/c/opendev/system-config/+/976282
- Based on Ansible's python support Matrix Ansible 9 gives us a good deal of flexibility for bridge and remote nodes
- Ansible 9 also fixes problems with the use of pkg_resources in the Ansible ip module
- Any concerns with proceeding with the upgrade since tests look good?
- Gerrit Account Cleanups (clarkb 20260317)
- Since the upgrade to Gerrit notedb we've had account inconsistencies that prevent us from push to the external ids ref/table directly.
- clarkb did a bunch of work to get the number down from hundreds to about 33 consistency errors before stalling out.
- The tail was the most difficult as it wasn't clear what the more appropriate fix for each account would be
- Since then it has been years and those accounts are likely inactive and unused. We can rerun the Gerrit consistency check, feed the info back through our audit script then decide if we need to be careful with any of these accounts
- Chances are we can simply disable them all and remove the conflicting external ids.
- If we take good notes we can reconstruct the accounts as appropriate after the fact without Gerrit downtime should one of these users show up and wonder what happened.
- Gerrit 3.12 and 3.13 Upgrade Planning (clarkb 20260310)
- Targeting April 5/6 and April 12/13 for upgrade to 3.12 and 3.13 respectively.
- Goal is to catch back up to being only one release behind Gerrit upstream. 3.14 is expected to release in May
- Will probably need to start building 3.13 images earlier than usual and test both the 3.11 -> 3.12 and 3.12 ->3.13 upgrades
- Would rather not do them all in one go to simplify rollbacks if necessary and reduce the total downtime as >1 release upgrade requires offline reindexing.
- The big risk currently on the radar is that H2 is upgraded from v1 to v2 in 3.12. But will need to do more digging through release notes as well as testing.
- Purging backups on the smaller backup server (clarkb 20260310)
- Purging review02 and paste01 backups did free up some additional space
- Should we do the same for eavesdrop01 and refstack01 backups?
- Upgrading Old Servers (clarkb 20230627)
- Open discussion
Upcoming Project Renames
(any additions should mention original->new full names and link to the corresponding project-config rename change in Gerrit) Changes should have their topic set to project-rename.
- Rename example/foo -> example/bar: https://review.opendev.org/c/openstack/project-config/+/123456
Previous meetings
Previous meetings, with their notes and logs, can be found at http://eavesdrop.openstack.org/meetings/infra/ and earlier at http://eavesdrop.openstack.org/meetings/ci/