Changes in puppet-sunet
We have created two separate branches in https://github.com/SUNET/puppet-sunet:
- sa-beta https://github.com/SUNET/puppet-sunet/tree/sa-beta
- sa-prod https://github.com/SUNET/puppet-sunet/tree/sa-prod
Reference case: https://jira.sunet.se/browse/SA-72 (when we did for the first time)
NOTE: Stop cosmos on affected servers and after bump-tag, run cosmos as test in few servers with redudnancy, then reboot and check that the service is working, there's no error in cosmos logs and no alarms in nagios.
in puppet-sunet
git checkout stable-2023v1 git pull git checkout sa-beta git diff HEAD..stable-2023v1 (checked the diffs) git merge stable-2023v1 git status (check if there are conflicts) git diff stable-2023v1:<file> HEAD:<file> (to check file with conflicts) fix conflicts locally or run git merge --abort && git merge stable-2023v1 -X theirs (to replace the conflicted files with those from stable-2023v1) ./bump-tag
Multiverse update
Reference case: https://jira.sunet.se/browse/SA-72 (when we did for the first time)
NOTE : Read the exceptions to know what may have happened in the last update.
in thiss-ops
Stop cosmos on affected servers and after bump-tag, run cosmos as test in few servers with redudnancy, then reboot and check that the service is working, there's no error in cosmos logs and no alarms in nagios.
git remote add multiverse git@github.com:SUNET/multiverse.git (If you don't already have it in your .git/config) git fetch --all git checkout multiverse (we already have a multiverse branch in remote, but in next update, we will create a new one) git merge multiverse/main (meged the local multiverse branch with upstream multivers's main branch) git push
Now we can check the diffs here https://github.com/TheIdentitySelector/thiss-ops/compare/master...multiverse
If there ar no conflicts
- create a Pull Request in Github
- double check the commits going in the merge
- confirm the merge
- run bump-tag from CLI
If there are conflicts, do not open a PR, use CLI to fix the conflicts by below manner
git checkout master git pull Fix conflicts locally or run git merge -X theirs multiverse (to replace the conflicted files with those from multiverse) ./bump-tag
Exceptions
01.07.2024
We have an accidental merge commit in PR performed on 01.07.2024. This is 43b07e2e6d286b7f1f61ab1603a732fd8e94eeda. We accidentaly merged master in multiverse and that commit was added with the PR into master. The PR was signed by a key that was not part of the thiss-ops. We fixed it in below manner.
git commit --amend --no-edit -s (created 2e0e07d47dc0f87d46fa15cfcb49c0281fba351c) ./bump-tag Fetching updates from git@github.com:TheIdentitySelector/thiss-ops.git ... fatal: Commit ac801cf does not have a GPG signature. WARNING: git pull did not exit successfully. EXITING the script. In order to tag your changes, investigate and then run bump-tag again. git pull Merge made by the 'ort' strategy (created 64a6cecd17672de0275884bfe88c69a68c69c06c) ./bump-tag
03.07.2024
Instead of a 'full merge' like mentioned above, we did 'cherry pick' on 03.07.2024
git remote add multiverse git@github.com:SUNET/multiverse.git (If you don't already have it in your .git/config) git fetch --all git checkout multiverse (we already have a multiverse branch in remote) git merge multiverse/main (meged the local multiverse branch with upstream multivers's main branch) git push git checkout master git fetch --all git cherry-pick e315282bc55025c199483fbb5c94d7a053d047f0 4b8b8887f62761759486940b81ea1142af6ae8bb git add global/overlay/usr/local/bin/sunet-fleetlock git cherry-pick --continue Then resolved conflicts by copying the file from multiverse and adding it. to get rid of <<<<<<< HEAD <<<<<<< HEAD
How often should we check and renew tags, update multiverse & update HAproxy image?
Once every six months