Feature #15513

Switch to the puppetlabs/mysql module

Added by intrigeri 2018-04-09 15:15:51 . Updated 2019-11-21 10:52:25 .

Status:
Resolved
Priority:
Normal
Assignee:
groente
Category:
Infrastructure
Target version:
Start date:
2018-04-09
Due date:
% Done:

100%

Feature Branch:
puppet-lizard-manifests:feature15513
Type of work:
Sysadmin
Blueprint:

Starter:
Affected tool:
Deliverable for:


Subtasks


Related issues

Blocks Tails - Feature #13284: Core work: Sysadmin (Adapt our infrastructure) Confirmed 2017-06-30
Blocks Tails - Bug #16232: Run a nameserver for the {amnesia,tails}.boum.org sub-zones Resolved 2018-12-18

History

#1 Updated by intrigeri 2018-04-09 15:16:04

  • blocks Feature #13284: Core work: Sysadmin (Adapt our infrastructure) added

#2 Updated by intrigeri 2018-04-09 15:43:12

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

Here’s what we use from our current mysql module and how it could be ported:

  • mysql::server class: same name on both side but the puppetlabs’ one seems to do more work
  • mysql::confoverride_options in mysql::server or /etc/mysql/conf.d
  • mysql_database, mysql_user and mysql_grantmysql::db, that can:
    • create a user and grant it some privileges
    • import data into the newly created DB which could nicely replace puppet-tails:files/monitoring/icingaweb2/scripts/install_icingaweb2_database

#3 Updated by intrigeri 2018-06-05 11:05:39

  • Target version changed from Tails_3.9 to Tails_3.10.1

#4 Updated by intrigeri 2018-09-30 14:29:32

  • Target version changed from Tails_3.10.1 to Tails_3.11

#5 Updated by intrigeri 2018-10-12 12:02:59

#6 Updated by intrigeri 2018-10-12 14:15:42

  • Target version changed from Tails_3.11 to Tails_3.12

I’ve booked time to work on this around Dec 17-31.

#7 Updated by groente 2018-12-21 20:03:41

  • blocks Bug #16232: Run a nameserver for the {amnesia,tails}.boum.org sub-zones added

#8 Updated by intrigeri 2019-01-02 05:00:27

  • Target version changed from Tails_3.12 to Tails_3.13

#9 Updated by groente 2019-01-09 17:51:49

  • Priority changed from Normal to High

Adjusting the priority, as this blocks the creation of a secondary DNS (and not having one caused us some downtime today). Hope you’ll find time for this soonish.

#10 Updated by intrigeri 2019-01-09 17:59:10

> Adjusting the priority, as this blocks the creation of a secondary DNS (and not having one caused us some downtime today). Hope you’ll find time for this soonish.

Got it. And FTR: feel free to steal it from me if you want :)

#11 Updated by intrigeri 2019-02-07 09:42:57

I’ve booked time next week to work on this.

#12 Updated by intrigeri 2019-02-10 09:26:49

Affected systems, services and code:

  • buse (Redmine, via tails::redmine, which only uses mysql::server as the DB setup was not Puppetized; the Debian package does most of it anyway)
  • dns (PowerDNS, via the powerdns module, which uses mysql::server, mysql::server::account_security and mysql::db, except we temporarily disabled most of the code since it needs puppetlabs/mysql)
  • ecours (Icinga2 and Icingaweb2, via ::icingaweb2 — we disable all its DB setup code — and tails::monitoring::icingaweb2::mysql — which uses mysql_{database,user,grant} and runs the install_icingaweb2_database script)
  • survey (LimeSurvey via tails::limesurvey, which uses mysql_{database,user,grant})
  • translate (Weblate, via tails::weblate, which uses mysql::server, mysql::conf, and mysql_{database,user,grant})

#13 Updated by intrigeri 2019-02-10 11:09:02

  • Feature Branch set to puppet-lizard-manifests:feature15513

Unfortunately, none of the affected code was developed locally and some of it is way to complex to reproduce locally. So my plan is to use a Puppet topic branch = environment to do the migration one node after the other, starting with the least critical systems. And once they’re all done, I’ll merge the topic branch into production and switch all these systems back to the production environment.

I had to introduce the simplest possible ENC (commit 05433f82c1e7093147aebb4f5552811154501ca3) and to adjust our Hiera config (c853a0f3addc1950e252df2c302ad85cb0281dd6) so I could use Puppet environments at all. Looks like last time I tried, I did everything else that was needed (e.g. on the puppet-sync front) but stopped short of these last needed bits. Here we go!

#14 Updated by intrigeri 2019-02-10 11:43:57

Switched survey. Looks OK so far.

#15 Updated by intrigeri 2019-02-10 12:13:20

Switched translate too. From now on I’ll update Feature #15513#note-12 when I’m done with a node, instead of adding a comment here, as long as there’s nothing else to say than “done”.

#16 Updated by intrigeri 2019-02-10 14:01:15

  • Assignee changed from intrigeri to groente
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

Migrated each affected system to the environment that has puppetlabs/mysql, one after the other. LGTM => merged the topic branch into the production branch and assigned these systems back to the production environment.

Please review
git diff --submodule=diff ff4f78af9186386bf5e608bead87cff4ec4b52ff..b2294cf74223a6789be05ffbf1c998cc806a30fc
(you’ll want to skip modules/mysql though :)

#17 Updated by intrigeri 2019-02-10 14:05:17

  • Priority changed from High to Normal

(To get the parent ticket back to normal prio.)

#18 Updated by groente 2019-03-19 14:19:51

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass