Changes in puppet-sunet

We have created two separate branches in https://github.com/SUNET/puppet-sunet:

Reference case: https://jira.sunet.se/browse/SA-72 (when we did for the first time)

NOTE: Stop cosmos on affected servers and after bump-tag, run cosmos as test in few servers with redudnancy, then reboot and check that the service is working, there's no error in cosmos logs and no alarms in nagios.

in puppet-sunet

git checkout stable-2023v1
git pull
git checkout sa-beta
git diff HEAD..stable-2023v1 (checked the diffs)
git merge stable-2023v1
git status (check if there are conflicts)
git diff stable-2023v1:<file> HEAD:<file> (to check file with conflicts) 
fix conflicts locally or run git merge --abort && git merge stable-2023v1 -X theirs (to replace the conflicted files with those from stable-2023v1)
./bump-tag

Multiverse update

Reference case: https://jira.sunet.se/browse/SA-72 (when we did for the first time)
NOTE : Read the exceptions to know what may have happened in the last update.

in thiss-ops


Stop cosmos on affected servers and after bump-tag, run cosmos as test in few servers with redudnancy, then reboot and check that the service is working, there's no error in cosmos logs and no alarms in nagios.


git remote add multiverse git@github.com:SUNET/multiverse.git (If you don't already have it in your .git/config)
git fetch --all
git checkout multiverse (we already have a multiverse branch in remote, but in next update, we will create a new one)
git merge multiverse/main (meged the local multiverse branch with upstream multivers's main branch)
git push

Now we can check the diffs here https://github.com/TheIdentitySelector/thiss-ops/compare/master...multiverse 

If there ar no conflicts

  • create a Pull Request in Github
  • double check the commits going in the merge
  • confirm the merge
  • run bump-tag from CLI

If there are conflicts, do not open a PR, use CLI to fix the conflicts by below manner


git checkout master
git pull
Fix conflicts locally or run git merge -X theirs multiverse (to replace the conflicted files with those from multiverse)
./bump-tag



Exceptions

 01.07.2024

We have an accidental merge commit in PR  performed on 01.07.2024. This is 43b07e2e6d286b7f1f61ab1603a732fd8e94eeda. We accidentaly merged master in multiverse and that commit was added with the PR  into master. The PR was signed by a key that was not part of the thiss-ops. We fixed it in below manner.

git commit --amend --no-edit -s (created 2e0e07d47dc0f87d46fa15cfcb49c0281fba351c)

./bump-tag 
Fetching updates from git@github.com:TheIdentitySelector/thiss-ops.git ...

fatal: Commit ac801cf does not have a GPG signature.
WARNING: git pull did not exit successfully.

EXITING the script. In order to tag your changes,
investigate and then run bump-tag again.

git pull
Merge made by the 'ort' strategy (created 64a6cecd17672de0275884bfe88c69a68c69c06c)

 ./bump-tag  



03.07.2024

Instead of a 'full merge' like mentioned above, we did 'cherry pick' on 03.07.2024

git remote add multiverse git@github.com:SUNET/multiverse.git (If you don't already have it in your .git/config)
git fetch --all
git checkout multiverse (we already have a multiverse branch in remote)
git merge multiverse/main (meged the local multiverse branch with upstream multivers's main branch)
git push
git checkout master
git fetch --all
git cherry-pick e315282bc55025c199483fbb5c94d7a053d047f0 4b8b8887f62761759486940b81ea1142af6ae8bb
git add global/overlay/usr/local/bin/sunet-fleetlock
git cherry-pick --continue
Then resolved conflicts by copying the file from multiverse and adding it. to get rid of <<<<<<< HEAD
<<<<<<< HEAD


How often should we check and renew tags, update multiverse & update HAproxy image?

Once every six months

  • No labels