Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PL-132122 upgrade hardware to 24.11 #1122

Merged
merged 1,112 commits into from
Dec 20, 2024
Merged

PL-132122 upgrade hardware to 24.11 #1122

merged 1,112 commits into from
Dec 20, 2024

Conversation

ctheune
Copy link
Member

@ctheune ctheune commented Oct 8, 2024

@flyingcircusio/release-managers

Release process

Impact:

Changelog:

  • Port changes to support our physical infrastructure from the 21.05 release branch. (PL-132122)

PR release workflow (internal)

  • PR has internal ticket
  • internal issue ID (PL-…) part of branch name
  • internal issue ID mentioned in PR description text
  • ticket is on Platform agile board
  • ticket state set to Pull request ready
  • if ticket is more urgent than within the next few days, directly contact a member of the Platform team

Design notes

  • Provide a feature toggle if the change might need to be adjusted/reverted quickly depending on context. Consider whether the default should be on or off. Example: rate limiting.

n/a

  • All customer-facing features and (NixOS) options need to be discoverable from documentation. Add or update relevant documentation such that hosted and guided customers can understand it as well.

n/a

Security implications

zagy and others added 30 commits August 21, 2024 13:23
@zagy
Let gocept.net mail be handled by our main mail server.
bfed68a 
FC-23766
@sysvinit
pkgs: add script for monitoring kernel routing state integrity
1eefa9a 
PL-132595
@sysvinit
platform: add sensu checks for underlay network functions
e1e85ee 
PL-132595
@leona-ya
devhost: cleanup unused VMs (PL-132737)
01f946d
@ctheune @osnyx
implement check to monitor important parameters
df8beae
@osnyx
fc-luks check: establish sensu-check
b1c77fc 
Establish a regular sensu check on physical hosts that checks certain
LUKS header parameters of all encrypted devices, to discover unexpected
diversions.

- tie together the individual condition checks
- integrate checks into fc-luks tooling with discovery of encrypted
  volumes
- add sensu check
- extend checks with plausibility checks for proper dump input
- add unit and integration tests for checks with proper mocking
@osnyx
fc-luks check: integrate smoke test into NixOS tests
0b78072 
This makes sense to expose the check to potential changes in to output
format of `cryptsetup luksDump`.
Detailed unit tests are done against mock outputs only.
@osnyx
fc-luks check: only enable sensu check on hosts with keystick
52bb07f 
Not all physical machines actually have encrypted volumes as of now,
e.g. KVM hosts. The check does not need to run on them.
@osnyx
fc-luks check: fix sudoers rule for sensu check
6de0aee
@ctheune
Merge pull request #1086 from flyingcircusio/leona/PL-132737-devhost-…
3591d4c 
…cleanup-unused-vms

devhost: cleanup unused VMs (PL-132737)
@sysvinit
pkgs: add test script for handling ping on tap interfaces
647eb82 
PL-132595
@osnyx
fc-luks: read PATH from config file to fix sensu check run
e47b34b 
By running fc-luks commands as a sensu check, we suddenly do not inherit
the full system PATH anymore, breaking access to necessary external
tools used like `lvs`.
We can adopt the `fc-ceph.conf` approach already used by `fc-ceph`
subsystems, for now even the default PATH is sufficient.

Requires some extra mocking in unit tests; the NixOS integration test
now explicitly empties the path beforehands.
@osnyx
make nixd happy
241ad12
@osnyx
fc-ceph.conf: refactor to enable it on non-ceph client hosts for fc-luks
eee1ace
@osnyx
[formatting] remove unnecessary indentation
f5c854e
@sysvinit
tests/frr: refactor into subtest with configuration modules
fb2fbb7 
PL-132595
@ctheune
Merge pull request #1087 from flyingcircusio/PL-131325-fde-finalise
1d6e41d 
[21.05] full-disk encryption: finalisation, improvements, checks, routine tooling
@sysvinit
tests/frr: check that the fib/rib monitoring script works correctly
e431857 
This test artificially causes the FIB and RIB to get out of sync, and
checks that the sensu script correctly detects these problems.

PL-132595
@sysvinit
tests: add frr tests to default test suite
1a163b1 
PL-132595
@ctheune
Merge pull request #1088 from flyingcircusio/PL-132595-vxlan-monitor-…
fd93945 
…control-plane

[21.05] Sensu monitoring for EVPN control plane
@ctheune
Merge pull request #1083 from flyingcircusio/PL-132849-tmp-uuids-duri…
2fd6063 
…ng-restore

[21.05] restore-single-files: reduce chance of UUID collision
@sysvinit
Merge pull request #1080 from flyingcircusio/FC-23766-switch-mailserver
da1d3c6 
[21.05] Switch MX record for gocept.net
@ctheune
sensu: fix rabbitmq user updates
ac291d5 
Due to performance reasons we did not always change the passwords,
only for new users.

This caused inconsistencies more often than we can tolerate.

This now fixes it properly by parallelizing the updates, limiting to
CPU_COUNT-1 and also deleting superfluous users.

Fixes PL-132945
@osnyx
Merge pull request #1091 from flyingcircusio/PL-132945-fix-rabbitmq-u…
2d4df6f 
…ser-updates

[21.05] fix rabbitmq user updates for sensu
@osnyx
Merge branch 'fc-21.05-dev' into fc-21.05-staging
6e9c2f2
@ctheune
ceph/radosgw: improve health monitoring
0ad91df 
We've seen instances where the / endpoint was responding but the
radosgw was completely stuck.

We hope to notice those better now with checks that actually hit a
real object.

Re PL-132070
@osnyx
Merge pull request #1093 from flyingcircusio/PL-132070-improve-rgw-mo…
6c0c064 
…nitoring

ceph/radosgw: improve health monitoring
@osnyx
Merge branch 'fc-21.05-dev' into fc-21.05-staging
de8b9ab
@ctheune
router: use more generic netboot url and adapt menu item
49582e4 
Re PL-132254
@osnyx
vendor fc.util.directory from agent to fc-ceph code
75eb806
@osnyx osnyx force-pushed the PL-132122-upgrade-hardware-to-24.11 branch from 5970d8d to 1066610 Compare December 13, 2024 13:03
ctheune and others added 19 commits December 13, 2024 15:47
@ctheune
fix routing tests - clean up address collisions with upstream harness
ae315ca
@ctheune
testlib: make the net filter easier to understand
4953b21
@ctheune
get nfs tests working
d1085c0
@osnyx
nixpkgs: bump to include python wheel fix
2304be5
@osnyx
tests.network: correct remark on upstream behaviour
8e6eb98 
We cannot override the test harness node IDs as they are read-only.
@ctheune
frr: micro upgrade and make tests less flaky
3750781
@ctheune
mailserver: fix tests
6d490eb
@ctheune
frr/test: remove identical mac from bridge
ef977a7 
AFAICT this isn't how we set things up in production and it causes
spurious/flaky issues in the FIB.
@osnyx
nixpkgs: update
f985366
@osnyx
Merge branch 'fc-24.11-dev' into PL-132122-upgrade-hardware-to-24.11
5af0e60
@osnyx
Merge branch 'fc-21.05-dev' into PL-132122-upgrade-hardware-to-24.11
95b70e7
@osnyx
tests.nfs: increase shutdown timeout
24f1672 
We do not enforce or guarantee a certain specific reboot time. Under
load, the test slightly missed the 10 seconds timeout. During multiple
invocations I could not make out any specific structural problem with
NFS unmounts during shoutdown, so let's just be a bit more generous here
with the timeouts.
@ctheune
allow bootstrapping a dev environment from 21.05
30ba93e
@ctheune
physical: fix various smaller errors while testing on real hardware
7ba3e08
@ctheune
ensure more packages are built on hydra
8bb232f
@ctheune
downgrade consul
bb4bf55
@ctheune
qemu: get test in a better shape (not quite there yet)
9c1fc1b
@ctheune
add promtail to important packages
2daa4dd
@osnyx
important-packages: improve percona name references
c4653a7 
Since 24.11, the innovation and lts names are deprecated aliases.
@osnyx osnyx force-pushed the PL-132122-upgrade-hardware-to-24.11 branch from 3847caa to c4653a7 Compare December 20, 2024 09:38
@osnyx osnyx merged commit 615dd10 into fc-24.11-dev Dec 20, 2024
0 of 2 checks passed
@osnyx osnyx deleted the PL-132122-upgrade-hardware-to-24.11 branch December 20, 2024 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leona-ya leona-ya leona-ya left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ctheune @leona-ya @osnyx @zagy @sysvinit @Ma27 @chrschm