You are browsing a read-only backup copy of Wikitech. The primary site can be found at

Debmonitor: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
m (→‎Manually remove an image from DebMonitor: Fix formatting and auto-discovery of the path)
(Krinkle moved page Debmonitor to DebMonitor: match casing used on the site itself and in docs)
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[File:Wikimedia + Debian.svg|thumb]]
#REDIRECT [[DebMonitor]]
DebMonitor is a Debian package tracker website and tool developed at the Wikimedia Foundation and used to track installed and upgradable packages across the fleet. It has multiple components.
=== [ DebMonitor website] ===
The DebMonitor website is a Django-based application installed in an active/passive setup with <code>uwsgi</code> and <code>nginx</code> on two dedicated Ganeti VMs and deployed via [[Scap]]. The application has two different virtual hosts, one on port <code>80</code> for [[Varnish]] and one on port <code>443</code> for the DebMonitor client (see below). The data is stored on a MySQL database hosted by the <code>m2</code> cluster.
There is a weekly crontab on each host to run a garbage collection script twice a week to remove orphan objects from the database (e.g. package versions not installed anymore in any host).
=== DebMonitor client ===
The <code>debmonitor-client</code> Debian package is installed on all the clients and reports the installed packages to the DebMonitor active server. It reports them in three different ways:
* A dpkg hook triggered on <code>Dpkg::Pre-Install-Pkgs</code> to report any change to packages. It doesn't block package actions on failure.
* An APT hook triggered on <code>APT::Update::Post-Invoke</code> to report any upgradable packages. It doesn't block <code>apt-get update</code> on failure.
* A daily crontab to report all installed and upgradable packages to reconcile the data in case any of the above failed.
The client authenticate with the DebMonitor server via mutual authentication using the Puppet certificate, and the server authorize the connecting host to modify only its own data.
=== Common commands ===
{{Note||content=Be sure to use '''debmonitor.discovery.wmnet''' as host.
Copy-Paste from your browser will lead to HTTP 403 "Client certificate validation failed".}}
==== Manually remove a host from DebMonitor ====
From one of the <code>cluster::management</code> hosts (<code>cumin[12]001,cumin2002</code> as of May. 2021) run the <code>sre.debmonitor.remove-hosts</code> cookbook. See also [[Spicerack/Cookbooks#Run_a_single_Cookbook]].
Alternatively it can be done manually running:<syntaxhighlight lang="bash">
sudo curl -X DELETE "https://debmonitor.discovery.wmnet/hosts/${HOST_FQDN}" --cert "/etc/debmonitor/ssl/debmonitor_$(hostname -f | tr '.' '_').pem" --key "/etc/debmonitor/ssl/debmonitor_$(hostname -f | tr '.' '_')-key.pem"
==== Manually remove an image from DebMonitor ====
This will remove all tags of this image from DebMonitor.
From one of the <code>builder</code> hosts (<code>deneb</code> as of May 2021) run:<syntaxhighlight lang="bash">
sudo curl -X DELETE "https://debmonitor.discovery.wmnet/images/${IMAGE_NAME}" --cert "/etc/debmonitor/ssl/debmonitor__$(hostname -f | tr '.' '_').pem" --key "/etc/debmonitor/ssl/debmonitor__$(hostname -f | tr '.' '_')-key.pem"

Latest revision as of 21:01, 27 October 2022

Redirect to: