You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Heterogeneous deployment/Train deploys: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Thcipriani
imported>Krinkle
No edit summary
 
(90 intermediate revisions by 18 users not shown)
Line 1: Line 1:
[[File:Train wreck at Montparnasse 1895.jpg|frameless|right|400px]]
{{Navigation MediaWiki deployment}}[[File:Trainbows_Not_Painbows1.svg|frameless|none|500px]]
== Tuesday: New branch creation and deploy ==
<br>__TOC__


=== Create the new branch in gerrit ===
== Pairing on the Train  ==
The new branch can be created in Gerrit from anywhere. It is often faster to do this step on a host in the cluster to minimize the time needed to clone from gerrit. 


The script is run as your regular user member of the <tt>wikidev</tt> group (as of Feb 16th 2016). You have to configure git:
As of October 2019, there are two people assigned to each week's train:  One as primary, and one as backup.  These are rough guidelines for sharing the work, and should be improved as we learn more.


* <tt>git config --global user.name "FIRST NAME LAST NAME"</tt>
* On Monday, communicate with your partner and establish how you'll collaborate over the course of the week.
* <tt>git config --global user.email "youremail@example.org"</tt>
** Updates on IRC while your partner is working and updates on the train blocker ticket if they're offline seems to be a useful pattern.
** Liberal use of video chat for pairing on hard problems is encouraged.
** It seems to work well to have the primary do the work of cutting the branch, syncing wikis, etc., while the backup keeps an eye on logs, works on improvements to deploy tooling, and is generally an extra pair of eyes for the whole process.
** If you are in doubt about any part of the process and it's during your partner's working hours, consult them first and get their help in resolving your questions.
* If one member of the pair is in the European window and one is in the American window, both train deployment windows should be reserved on the [[Deployments]] calendar.  This gives a backup deployer a defined window for moving the train forward outside the primary's working hours, if it becomes necessary.
* If the train is blocked or there are any other issues, communicate the transfer of responsibility on the train blocker ticket by assigning it to the responsible party and leaving a note.
 
== Initial setup==
 
SSH into '''deploy1002.eqiad.wmnet''' and run
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ git clone https://gerrit.wikimedia.org/r/mediawiki/tools/release
</syntaxhighlight>
 
==Breakage==
 
There will be times when this process does not go smoothly. There are [[Deployments/Holding_the_train|guidelines]] for what do to when that happens.
 
In general, '''if there is an unexplained error that occurs within 1 hour of a train deployment — always roll back the train'''. Rolling back the train to eliminate it as the cause of unexplained breakage can be especially important if there are many ongoing possible causes for issues as this helps to eliminate one of those causes as the source of problems.
 
===Rollback===
 
To rollback a wikiversion change, it should be pretty quick. Go ahead and rollback production before you send patches up to gerrit since waiting on Jenkins may take a while:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1001:/srv/mediawiki-staging$ git revert $(git log -1 --format=%H -- wikiversions.json)
USERNAME@deploy1001:/srv/mediawiki-staging$ scap sync-wikiversions 'Revert "group[0|1] wikis to [VERSION]"'
 
# Now that you've synced the revert, push patches up to gerrit, you have to run git commit --amend to get the changeid
# Ideally, you should also add the train blocker task id to the Bug: field for this commit
USERNAME@deploy1001:/srv/mediawiki-staging$ git commit --amend
USERNAME@deploy1001:/srv/mediawiki-staging$ git push origin HEAD:refs/for/master%topic=[VERSION],l=Code-Review+2
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1001:/srv/mediawiki-staging$ git push origin HEAD:refs/for/master%topic=1.34.0-wmf.0,l=Code-Review+2
</syntaxhighlight>
 
*Wait for the patch to merge and the fetch back down to the deployment server
 
*[[#Update roadmap]].
 
===Places to Watch for Breakage===
 
Train deployers should check for breakage as they are rolling out the train as they are effectively the first line of defense for train deploys. Some of the places to watch for breakage:
 
*IRC
**Primary channel is {{irc|wikimedia-operations}}
**Useful channels are {{irc|mediawiki-core}} {{irc|wikimedia-dev}}
**For more channels see [[mw:MediaWiki_on_IRC|MediaWiki on IRC]] and [[metawiki:IRC/Channels|IRC/Channels]]
*Logs
**[[mwlog1001]]:
***[[Wikimedia_binaries#logspam-watch|logspam-watch]]
*** logfiles in <code>/srv/mw-log</code>
**Logstash [https://logstash.wikimedia.org/app/dashboards#/view/mediawiki-errors mediawiki-errors] dashboard
**Logstash "mediawiki-new-errors" dashboard (linked from logstash front page)
**See the [[phab:tag/wikimedia-production-error/|Wikimedia-production-error workboard]] for known issues
**Logstash [https://logstash.wikimedia.org/app/dashboards#/view/AXDBY8Qhh3Uj6x1zCF56 mw-client-errors] dashboard
***New errors appearing more than 1000 times in a 12 hour period should be considered blockers
***See also [https://grafana.wikimedia.org/d/000000566/overview?viewPanel=16&orgId=1 Grafana dashboard] with summary of average error rate over time
*[https://grafana.wikimedia.org/ Grafana]
**[https://grafana.wikimedia.org/d/000000503/varnish-http-errors?refresh=5m&orgId=1 Varnish http-errors dashboard] (HTTP 5XX % should have 3+ 0s after the decimal point, e.g. 0.0001%)
**[https://grafana.wikimedia.org/d/000000612/frontend-responses-nginx-vs-varnish?orgId=1&from=now-15m&to=now Frontend Responses NGINX vs Varnish]
**[https://grafana.wikimedia.org/d/000000102/production-logging Production Logging]
**[https://grafana.wikimedia.org/d/000000566/overview?panelId=15&fullscreen&orgId=1&from=now-7d&to=now Minerva Client Errors] - Browser JS errors count (only wikipedias on mobile)
**[https://grafana.wikimedia.org/d/RIA1lzDZk/application-servers-red-dashboard?orgId=1&from=now-1h&to=now&refresh=30s Application Servers RED Dashboard]
 
===If the train is blocked===
 
*A task will be assigned to you, for example [[phab:T191059|T191059]] (1.32.0-wmf.13 deployment blockers) (you can see that week's task at https://train-blockers.toolforge.org)
*Any open subtasks block the train from moving forward. This means no further deployments until the blockers are resolved.
 
'''Checklist'''
 
If there are blocking tasks, please do the following:
 
* Make sure all tasks blocking train are set to <code>UBN!</code> priority in phabricator
*Comment on the task asking for an ETA or if this can be solved by reverting a recent commit.
*Send e-mail to:
**[[mail:ops|ops@lists.wikimedia.org]]
**[[mail:wikitech-l|wikitech-l@lists.wikimedia.org]]
** Ping private [https://app.slack.com/client/T024KLHS4/C01R06P8D1B/ #engineering-all Slack channel]
**Subject: <code>[Train] {version} status update</code>
**Body<syntaxhighlight lang="text">The {version} version of MediaWiki is blocked[0].
 
The new version is deployed to {group(s){0,1,2}}[1], but can proceed no
further until these issues are resolved:
 
* {Phab task name} - {phab task link}
 
Once these issues are resolved train can resume. If these issues are
resolved on a Friday the train will resume Monday.
 
Thank you for your help resolving these issues!
 
-- Your humble train toiler
 
[0]. <{link to phab task for train}>
[1]. <https://versions.toolforge.org/></syntaxhighlight>
*Add relevant people (see [[mw:Developers/Maintainers|Developers/Maintainers]]) to the blocking task
*Ping relevant people in IRC
*Once train is unblocked be sure to thank the folks who helped unblock it
 
==Weekly steps==
 
=== Monday: Sync up with your deployment partner===
 
See the [[#Pairing on the Train|train pairing]] section above.
 
===Tuesday: New branch creation and deploy===
====Before the deploy window====
 
Depending on how practiced you are and where you choose to run commands (full clones of mediawiki-core from outside the cluster can take a while), the steps will typically take 45 to 90 minutes.
 
; Short-form instructions
{| class="wikitable"
! colspan="2" |Step
!host
! command
!example
|-
| P-0
|'''Verify branch cut job worked'''
|Your laptop
| colspan="2" |The branch cut is performed by a Jenkins job that runs on Tuesdays at 02:00 UTC on the [https://releases-jenkins.wikimedia.org/ releases-jenkins] instance.  The job creates and merges the wmf/* branch.  It also builds and posts the changelog.
 
Navigate to [[gerrit:#/q/owner:%2522TrainBranchBot+%253Cmmodell%252Btrainbranchbot%2540wikimedia.org%253E%2522+%2522Branch+commit%2522|Gerrit]] to find the branch commit that the job created.  If there is no commit for the current train branch shown in Gerrit, you can troubleshoot via the [https://releases-jenkins.wikimedia.org/job/Automatic%20branch%20cut/ releases-jenkins job].
|-
|P-3
|'''Enter screen (or tmux if you prefer)'''
 
 
Note<ref>If you need to leave in the middle you can do <code>ctrl-a d</code> to detach and <code>screen -r train</code> to attach.</ref>
|'''deploy1002.eqiad.wmnet'''
| colspan="2" |<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ screen -D -RR train
</syntaxhighlight>
|-
|P-4
|'''Set local ssh-agent in session'''
|deploy1002
| colspan="2" |<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ eval $(ssh-agent)
USERNAME@deploy1002:~$ ssh-add .ssh/id_ed25519
</syntaxhighlight>
|-
|P-5
|'''Clone new branch in production, apply patches, deploy to test-wikis, and cleanup old versions'''
🐌 Note: this step takes > 1 hour.
|deploy1002
|<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ scap stage-train [VERSION]
</syntaxhighlight>
|<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ scap stage-train 1.34.0-wmf.0
</syntaxhighlight>
You can also run this command with the <code>--dry-run</code> option to see all the commands it will try to run:
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ scap stage-train --dry-run 1.34.0-wmf.0
</syntaxhighlight>
|-
! colspan="5" |'''Wait for the deploy window'''
|}
 
;Full instructions
<div class="mw-collapsible mw-collapsed" style="margin:1em; border: 1px dashed grey; padding: 2em 1em;">
=====Setup=====
 
The script to cut a branch is run on your local machine (as of Jan 2020).
 
'''Local <code>.netrc</code> setup'''
 
Create a .netrc file in your home directory with the following content.
 
<syntaxhighlight lang="shell-session">
you@yourlaptop:~$ vim .netrc
machine gerrit.wikimedia.org login [USERNAME] password [PASSWORD]
</syntaxhighlight>
 
Username and password can obtained from Gerrit:
 
*In the new UI go to [[gerrit:settings/#HTTPCredentials|HTTP Credentials]], copy Username and click Generate new password to generate new password.
*In the old UI, go to [[gerrit:#/settings/http-password|HTTP Password]], copy Username and click Generate Password to generate new password.
 
{{note|type=error|Generated password in both cases is different from your Gerrit password.}}
 
Make sure .netrc file is only readable by you.
 
<syntaxhighlight lang="shell-session">
you@yourlaptop:~$ chmod go-rwx .netrc
</syntaxhighlight>
 
'''Clone or update <code>mediawiki/tools/release</code>.'''
 
<syntaxhighlight lang="shell-session">
USERNAME@yourlaptop:~$ git clone https://gerrit.wikimedia.org/r/mediawiki/tools/release
</syntaxhighlight>
 
To run branch.py you need to have the pygerrit2 library installed for Python3. In Debian 10 (buster), the python3-pygerrit2 package works.
 
=====Create the new branch in Gerrit=====
 
<syntaxhighlight lang="shell-session">
you@yourlaptop:~/release/make-release/ $ ./branch.py --core --core-bundle wmf_core --bundle wmf_branch --branchpoint HEAD --core-version [VERSION] [WMF BRANCH]
</syntaxhighlight>
 
<syntaxhighlight lang="shell-session">
you@yourlaptop:~/release/make-release/ $ ./branch.py --core --core-bundle wmf_core --bundle wmf_branch --branchpoint HEAD --core-version 1.34.0-wmf.0 wmf/1.34.0-wmf.0
</syntaxhighlight>
 
In {{irc|wikimedia-operations}}, drop a quick log note that you've kicked off the branch process so that others know it's underway, ''e.g.'':
 
<syntaxhighlight lang="irc">
!log 1.35.0-wmf.14 was branched at fb16374c5bdb9d14729f358fb81638fc91640b4f for T233862
</syntaxhighlight>
 
The script will create a release patch, [[gerrit:c/mediawiki/core/+/564687|like this one]], under your gerrit account. You must C+2 this, and wait for it to merge, to proceed.
 
=====tmux or screen =====
 
Now that the branch has been cut on your local machine, the remainder of the work will be done on the deployment host: '''deploy1002.eqiad.wmnet'''
 
Some scripts run for 10-60 minutes so consider using tmux or screen.
 
If you prefer tmux:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ tmux new -s train
...
USERNAME@deploy1002:~$ exit
</syntaxhighlight>
 
If you need to leave in the middle you can do <code>ctrl-b d</code> to detach and <code>tmux a -t train</code> to attach.
 
If you prefer screen:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ screen -D -RR train
...
USERNAME@deploy1002:~$ exit
</syntaxhighlight>
 
If you need to leave in the middle you can do <code>ctrl-a d</code> to detach and <code>screen -r train</code> to attach.
 
In either the tmux or the screen session, you'll want to start an ssh-agent and load your local key there:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ eval $(ssh-agent)
USERNAME@deploy1002:~$ ssh-add .ssh/id_ed25519
</syntaxhighlight>
 
=====Clone new branch=====
This command will create a new <code>/srv/mediawiki-staging/php-[VERSION]</code> directory:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging$ scap prep [VERSION]
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging$ scap prep 1.34.0-wmf.0
</syntaxhighlight>
 
This should only take a couple of minutes.
 
=====Apply security patches=====
 
; Short version : <code>scap patch [VERSION]</code>
 
*Patches should be named sequentially in the order that they will cleanly apply (e.g. <code>01-T[NUMBER].patch</code>, <code>02-T[NUMBER].patch</code>)
*Checks and applies each patch in both <code>/srv/patches/[VERSION]/core</code> and <code>/srv/patches/[VERSION]/extensions/[NAME]</code> to the new core checkout and extensions, respectively.
 
Check existing patches:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ tree /srv/patches/[VERSION]
/srv/patches/[VERSION]
├── core
│  ├── 01-T[NUMBER].patch
│  └── 02-T[NUMBER].patch
└── extensions
    └── [EXTENSION]
        ├── 01-T[NUMBER].patch
        └── 02-T[NUMBER].patch
</syntaxhighlight>
 
======Core======
 
*You can check a core patch to see if it will apply cleanly with
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]$ git apply --check --3way /srv/patches/[VERSION]/core/[NUMBER]-T[NUMBER].patch
</syntaxhighlight>
 
*If the patch checks out, apply and commit it with
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]$ git am --3way /srv/patches/[VERSION]/core/[NUMBER]-T[NUMBER].patch
</syntaxhighlight>
 
======Extension======
 
*For an extension:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]/extensions/[EXTENSION]$ git apply --check --3way /srv/patches/[VERSION]/extensions/[EXTENSION]/[NUMBER]-T[NUMBER].patch
 
USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]/extensions/[EXTENSION]$ git am --3way /srv/patches/[VERSION]/extensions/[EXTENSION]/[NUMBER]-T[NUMBER].patch
</syntaxhighlight>
 
*If the patch fails to apply, investigate whether it's due to a conflict (<code>git status</code>) or the patch having been merged since the new branch cut (search <code>git log</code> for the commit, etc.). If it turns out to be the latter, remove the patch file from the <code>/srv/patches/[VERSION]</code> directory.
*If you need extra help, contact Security Team ([[foundationsite:role/staff-contractors/|Wikimedia Foundation]], [[mw:Wikimedia_Security_Team|MediaWiki]], [https://office.wikimedia.org/wiki/Contact_list#Security Office Wiki]).
 
=====Create patches to update wikiversions.json=====
 
Create group0 to [VERSION] patch:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap update-wikiversions group0 [VERSION]
USERNAME@deploy1002:/srv/mediawiki-staging/$ git add wikiversions.json
USERNAME@deploy1002:/srv/mediawiki-staging/$ git commit -m "Group0 to [VERSION]"
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap update-wikiversions group0 1.34.0-wmf.0
USERNAME@deploy1002:/srv/mediawiki-staging/$ git add wikiversions.json
USERNAME@deploy1002:/srv/mediawiki-staging/$ git commit -m "Group0 to 1.34.0-wmf.0"
</syntaxhighlight>
 
=====Send staged patches to Gerrit for review=====
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ git push origin HEAD:refs/for/master%topic=[VERSION]
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ git push origin HEAD:refs/for/master%topic=1.34.0-wmf.0
</syntaxhighlight>
 
=====Discard changes to working directory and index=====
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ git reset --hard origin/master
</syntaxhighlight>
 
=====Clean up old stuff=====
 
[[mw:MediaWiki 1.34/Roadmap]] is a good place to find when a branch was created.
 
List all branches:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ find . -maxdepth 1 -type d -name 'php-*' -print
</syntaxhighlight>
 
Find old branches, more than 7 days old:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ find . -mindepth 2 -maxdepth 2 -type f -path './php-*/README.md' -ctime +7 -exec dirname {} \;
</syntaxhighlight>
 
For all branches more than 7 days old, drop everything with:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap clean --delete [some old version from find -ctime +7 output above]
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap clean --delete 1.34.0-wmf.0
</syntaxhighlight>
 
Active branches are visible at [https://versions.toolforge.org/ Wikimedia MediaWiki versions] page.
 
'''Deleting a branch is a full sync of that directory, and can take 10-15 minutes each.'''
 
=====Sync to cluster and verify on testwiki =====
 
*Edit <code>/srv/mediawiki-staging/wikiversions.json</code> and set <code>testwiki</code> to <code>php-[VERSION]</code>
* Do not commit and push to Gerrit, only make this change locally on the deployment server
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ vim wikiversions.json
</syntaxhighlight>
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging$ git diff
...
-    "testwiki": "php-[VERSION-1]",
+    "testwiki": "php-[VERSION]",
...
</syntaxhighlight>
 
* Run [[scap]] to (re)build localization caches and sync changes across the cluster.
*🐌 Note: this step may take on the order of 70-80 minutes.
* 🐌 Note: If scap seems to hang during the scap-cdb-rebuild phase of this process, you may need to try [[phab:T223287|pressing enter to speed it up]].
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap sync "testwiki to php-[VERSION] and rebuild l10n cache"
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap sync "testwiki to php-1.34.0-wmf.0 and rebuild l10n cache"
</syntaxhighlight>
 
*Verify version change on [[testwiki:Special:Version|testwiki]] (Installed software, Product: MediaWiki, Version: [VERSION]) and l10n cache ([[testwiki:Special:Version|Special:Version]] should not look like [https://test.wikipedia.org/wiki/Special:Version?uselang=qqx Special:Version?uselang=qqx])
 
This can take well over an hour. Opening or reloading the version page on testwiki after the scap sync command can take a minute or two.
 
*Revert local changes
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ git checkout -- wikiversions.json
</syntaxhighlight>
 
=====Update deploy notes=====
 
There is a script in the  [[gerrit:mediawiki/tools/release|<code>mediawiki/tools/release</code>]] repo called <code>makedeploynotes.py</code>. It queries gerrit's gitiles to make release notes. Usage: <code>makedeploynotes.py <old-version> <new-version></code>


Create a <code>.netrc</code> (on Windows <code>_netrc</code>) file in your home directory with the following content:
<pre>
<pre>
machine gerrit.wikimedia.org login myawesomeusername password MySuper/SecretPassword!
$ python3 make-deploy-notes/makedeploynotes.py 1.35.0-wmf.24 1.35.0-wmf.25 | tee deploy-notes-1.35.0-wmf.25
</pre>
</pre>
This username and password [https://gerrit.wikimedia.org/r/#/settings/http-password can obtained from Gerrit].


* <code>git clone <nowiki>https://</nowiki>gerrit.wikimedia.org/r/p/mediawiki/tools/release</code>
From there you can copy-and-paste to the Changelog page on mediawiki.org; e.g., <code><nowiki>https://www.mediawiki.org/wiki/MediaWiki_[VERSION]/Changelog</nowiki></code>. Example: [[mw:MediaWiki_1.35/wmf.24/Changelog|MediaWiki 1.35/wmf.24/Changelog]]
* <code>cd release/make-wmf-branch</code>
* <code>./make-wmf-branch -n VERSION -o master</code>
** (e.g. <code>php make-wmf-branch -n 1.27.0-wmf.9 -o master</code>)


=== Clone new branch ===
=====Wait for deploy window=====
* On tin, to create a new <code>/srv/mediawiki-staging/php-VERSION</code> directory run:
All of the changes above can be done at any time prior to the actual deployment window.
** <code>cd /srv/mediawiki-staging && scap prep VERSION</code>
</div>
** (e.g. <code>scap prep 1.29.0-wmf.7</code>)


=== Apply security patches ===
====During the deploy window====
* Look for a patches directory at <code>/srv/patches/VERSION</code>. If one doesn't yet exist, copy over the previous version's directory. (e.g., <code>cp -r /srv/patches/1.27.0-wmf.9 /srv/patches/1.27.0-wmf.10</code>)
* Patches should be named sequentially in the order that they will cleanly apply (e.g. <code>01-T123.patch</code>, <code>02-T321.patch</code>)
* Check and apply each patch in both <code>/srv/patches/VERSION/core</code> and <code>/srv/patches/VERSION/extensions/NAME</code> to the new core checkout and extensions, respectively.
** You can check a core patch to see if it will apply cleanly with <code>git apply --check --3way /srv/patches/VERSION/core/XX-TXXX.patch</code>
** If the patch checks out, apply and commit it with <code>git am --3way /srv/patches/VERSION/core/XX-TXXX.patch</code>
** If the patch fails to apply, investigate whether it's due to a conflict (<code>git status</code>) or the patch having been merged since the new branch cut (search <code>git log</code> for the commit, etc.). If it turns out to be the latter, remove the patch file from the <code>/srv/patches/VERSION</code> directory. If you need extra help, contact {{ircnick|ostriches|Chad}} or {{ircnick|dapatrick|Darian}} in IRC ({{irc|mediawiki_security}}).


=== Create patches to update wikiversions.json ===
;Short-form instructions
* Create group0 to VERSION patch
{| class="wikitable"
** <code>/srv/mediawiki-staging/multiversion/updateWikiversions group0 php-VERSION</code>
! colspan="2" |Step
*** (e.g. <code>/srv/mediawiki-staging/multiversion/updateWikiversions group0 php-1.27.0-wmf.9</code>)  
!host
** <code>git add wikiversions.json</code>
!command
** <code>git commit -m "Group0 to VERSION"</code>
!example
*** (e.g. <code>git commit -m "Group0 to 1.27.0-wmf.9"</code>)
|-
|0-0
|'''Create and auto-merge/deploy the group0 patch'''
|deploy1002
| colspan="2" |<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap deploy-promote group0
Promote group0 from [PREVIOUS-VERSION] to [VERSION] [y/N]
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
</syntaxhighlight>
|-
|0-1
|'''Verify production has indeed switched'''
|[[mw:Special:Version|MediaWiki.org]]
| colspan="2" |Verify that [[mw:Special:Version|mediawikiwiki]] has switched to the new version (Installed software, Product: MediaWiki, Version: VERSION)
|-
| 0-2
|'''Monitor production logs'''
|logstash ''etc.''
| colspan="2" |Monitor irc and [[logstash]] and/or [[Wikimedia binaries#logspam-watch|logspam-watch]] for problems, see [[#Places to Watch for Breakage]]
|-
|0-3
|'''Update roadmap page'''
|[[mw:MediaWiki 1.39/Roadmap]]
|Change the <code>Deployed to group</code> (if you're using VisualEditor) or the 3rd parameter of the <code>WMFReleaseTableRow</code> template (if you're using the wikitext editor) to <code>0</code> (deployed to group0)
|<syntaxhighlight lang="text">
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|0}}
</syntaxhighlight>
|-
|0-4
|'''Kill ssh-agent'''
|deployment server
| colspan="2" |<syntaxhighlight lang="shell-session">
USERNAME@deploy1002:~$ pgrep -u "$USER" -laf ssh-agent # list all of your ssh-agent processes
USERNAME@deploy1002:~$ pkill -u "$USER" -f ssh-agent  # kill all your ssh-agent processes
USERNAME@deploy1002:~$ pgrep -u "$USER" -laf ssh-agent # did they all die?</syntaxhighlight>
|}


=== Send staged patches to gerrit for review ===
;Full instructions
* <code>cd /srv/mediawiki-staging</code>
<div class="mw-collapsible mw-collapsed" style="margin:1em; border: 1px dashed grey; padding: 2em 1em;">
* <code>git push origin HEAD:refs/for/master/VERSION</code>
=====Switch group0 wikis to [VERSION] =====
** (e.g. <code>git push origin HEAD:refs/for/master/1.27.0-wmf.9</code>)


=== Discard changes to working directory and index on tin ===
*CR+2 <code>group0 to [VERSION]</code> patch in Gerrit that you submitted earlier
* <code>cd /srv/mediawiki-staging</code>
* Wait for Gerrit/Zuul/Jenkins to merge the patch(es)
* <code>git reset --hard origin/master</code>
*Pull patch(es) to deployment server


=== Clean up old stuff ===
<syntaxhighlight lang="shell-session">
For all branches more than 5 weeks old, drop everything:
USERNAME@deploy1002:/srv/mediawiki-staging$ git fetch
: <code>scap clean --delete 1.29.0-wmf.11</code>
</syntaxhighlight>


For all branches older than the currently active branch(es) and prior one, prune everything that's not a static asset (we need those for cached CSS/JS/etc):
*Check diff to ensure it is what you expect (this should show a bunch of version changes in wikiversions.json for group0 wikis)
: <code>scap clean 1.29.0-wmf.11</code>


=== Sync to cluster and verify on testwiki ===
<syntaxhighlight lang="shell-session">
* Edit <code>/srv/mediawiki-staging/wikiversions.json</code> and set <code>testwiki</code> to <code>php-VERSION</code>
USERNAME@deploy1002:/srv/mediawiki-staging$ git diff HEAD..origin/master
** Do not commit and push to gerrit, only make this change locally on the deployment server
</syntaxhighlight>
* Run [[scap]] to (re)build localization caches and sync changes across the cluster
** <code>scap sync "testwiki to php-VERSION and rebuild l10n cache"</code>
* Verify version change and l10n cache on [https://test.wikipedia.org/wiki/Special:Version testwiki]
* Revert local changes: <code>git checkout -- wikiversions.json</code>


=== Update deploy notes ===
*Apply changes
Setup the tools you need to do this:
* Clone mediawiki/tools/release.git
** <code>git clone https://gerrit.wikimedia.org/r/p/mediawiki/tools/release</code>
* Copy <code>make-deploy-notes/auth.php.example</code> to <code>make-deploy-notes/auth.php</code> and fill in your mediawiki.org username and password.
** <code>$wiki->login( 'my user account', 'my awesome password' );</code>
* Clone mediawiki/core
** <code>git clone https://gerrit.wikimedia.org/r/p/mediawiki/core</code>


For the new branch and any branches that may have changed in the last week:
<syntaxhighlight lang="shell-session">
* Check out the branch locally
USERNAME@deploy1002:/srv/mediawiki-staging$ git rebase origin/master
** <code>git checkout wmf/VERSION</code>
</syntaxhighlight>
** (e.g. <code>git checkout wmf/1.24wmf4</code>)
 
* If you don't already have the previous branch checked out, do that as well
*Sync the change across the cluster
** <code>git checkout wmf/PREVIOUS-VERSION</code>
 
** (e.g. <code>git checkout wmf/1.24wmf3</code>)
<syntaxhighlight lang="shell-session">
* Update the submodules
USERNAME@deploy1002:/srv/mediawiki-staging$ scap sync-wikiversions "group0 to [VERSION]"
** <code>git submodule update --init --recursive</code>
</syntaxhighlight>
* Run the change log generation and upload script
** <code>php path/to/make-deploy-notes/uploadChangelog.php wmf/VERSION</code>
*** (e.g. <code>php path/to/make-deploy-notes/uploadChangelog.php wmf/1.24wmf4</code>)
* Repeat for additional branches as needed


=== Wait for deploy window ===
Example:
All of the changes above can be done at any time prior to the actual deployment window. Depending on how practiced you are and where you choose to run commands (full clones of mediawiki-core from outside the cluster can take a while) the steps up to this point will typically take 45 to 90 minutes.


=== Switch group0 wikis to VERSION ===
<syntaxhighlight lang="shell-session">
* Review and submit group0 to VERSION patch in gerrit
USERNAME@deploy1002:/srv/mediawiki-staging$ scap sync-wikiversions "group0 to 1.34.0-wmf.0"
* Wait for gerrit/zuul/jenkins to merge the patch(es)
</syntaxhighlight>
* Pull patch(es) to deployment server
** <code>cd /srv/mediawiki-staging</code>
** <code>git fetch</code>
* Check diff to ensure it is what you expect
** <code>git diff HEAD..origin/master</code>
* Apply changes
** <code>git rebase origin/master</code>
* Sync the change across the cluster
** <code>scap sync-wikiversions "group0 to VERSION"</code>
*** (e.g. <code>scap sync-wikiversions "group0 to 1.24wmf4"</code>)
* Verify that [[:mw:Special:Version|mediawikiwiki]] switched to the new version
* Monitor irc and [[Logstash|logstash]] and/or [[fatalmonitor]] for problems


=== Update roadmap ===
*Verify that [[:mw:Special:Version|mediawikiwiki]] switched to the new version (Installed software, Product: MediaWiki, Version: VERSION)
* Change the ''Deployed to group'' (if you're using VisualEditor) or the 3rd parameter of the ''WMFReleaseTableRow'' template (if you're using the wikitext editor) to "0" (deployed to group0)n [[:mw:MediaWiki 1.29/Roadmap|the branch roadmap]].
*Monitor irc and [[logstash]] and/or [[Wikimedia_binaries#logspam-watch|logspam-watch]] for problems, see [[#Places to Watch for Breakage]]


== Wednesday: group0 to group1 deploy ==
=====Update roadmap=====


* Clone the MediaWiki release tools to your home directory on tin
*Change the <code>Deployed to group</code> (if you're using VisualEditor) or the 3rd parameter of the <code>WMFReleaseTableRow</code> template (if you're using the wikitext editor) to <code>0</code> (deployed to group0) at [[mw:MediaWiki 1.35/Roadmap]].
** <code>ssh tin.eqiad.wmnet</code>
** <code>git clone https://gerrit.wikimedia.org/r/mediawiki/tools/release "$HOME/release"</code>
* Use the <code>deploy-promote</code> script inside <code>~/release/bin/</code> to update <code>wikiversions.json</code>
** <code>~/release/bin/deploy-promote</code>
*** <code>Promote group1 from VERSION-1 to VERSION? Enter to continue, ctl-c to cancel: </code>
** The script automatically Code-Review +2 the patch in Gerrit. Once CI has merged it hit enter at the 2nd prompt:
*** <code>Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions</code>
** After the script run is complete, group1 wikis should be running VERSION


== Thursday: group{0,1} to all deploy ==
For wikitext editor, change
 
<syntaxhighlight lang="text">
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|[VERSION]|[DATE]|}}
...
{{WMFReleaseTableFooter}}
</syntaxhighlight>
 
to
 
<syntaxhighlight lang="text">
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|[VERSION]|[DATE]|0}}
...
{{WMFReleaseTableFooter}}
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="text">
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|0}}
...
{{WMFReleaseTableFooter}}
</syntaxhighlight>
 
=====Terminate ssh-agents =====
 
Terminate the ssh-agent you started earlier so it doesn't linger on after you log out:
 
<syntaxhighlight lang="shell-session">
pgrep -u "$USER" -laf ssh-agent # list all of your ssh-agent processes
pkill -u "$USER" -f ssh-agent  # kill all your ssh-agent processes
pgrep -u "$USER" -laf ssh-agent # did they all die?
</syntaxhighlight>
 
Every other day of the train you need to start a new ssh-agent and kill it later.
</div>
 
===Wednesday: group0 to group1 deploy===
 
;Meta / coordination
Attend the Train Log Triage meeting with members of the Core Platform Team and others.
 
;Short-form instructions
{| class="wikitable"
! colspan="2" |Step
!host
!command
!example
|-
|1-0
|'''Create and auto-merge/deploy the group1 patch'''
|deploy1001
| colspan="2" |<syntaxhighlight lang="shell-session">
USERNAME@deploy1001:/srv/mediawiki-staging/$ scap deploy-promote group1
Promote group1 from [PREVIOUS-VERSION] to [VERSION] [y/N]
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
</syntaxhighlight>
|-
| 1-1
|'''Verify production has indeed switched'''
|[[wikt:Special:Version|English Wiktionary]]
| colspan="2" |Verify that [[wikt:Special:Version|the English Wiktionary]] (and other group1 wikis) have switched to the new version (Installed software, Product: MediaWiki, Version: VERSION)
|-
| 1-2
|'''Monitor production logs'''
|logstash ''etc.''
| colspan="2" |Monitor irc and [[logstash]] and/or [[Wikimedia binaries#logspam-watch|logspam-watch]] for problems, see [[#Places to Watch for Breakage]]
|-
|1-3
|'''Update roadmap page'''
|[[mw:MediaWiki 1.39/Roadmap]]
|Change the <code>Deployed to group</code> (if you're using VisualEditor) or the 3rd parameter of the <code>WMFReleaseTableRow</code> template (if you're using the wikitext editor) to <code>1</code> (deployed to group1)
|<syntaxhighlight lang="text">
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|1}}
...
{{WMFReleaseTableFooter}}
</syntaxhighlight>
|}
 
;Full instructions
<div class="mw-collapsible mw-collapsed" style="margin:1em; border: 1px dashed grey; padding: 2em 1em;">
=====Switch group1 wikis to [VERSION]=====
 
Use <code>scap deploy-promote group1</code> to update <code>wikiversions.json</code>
 
<syntaxhighlight lang="shell-session">
USERNAME@deploy1001:~$ scap deploy-promote group1
Promote group1 from [PREVIOUS-VERSION] to [VERSION] [y/N]
</syntaxhighlight>
 
The script automatically Code-Review +2 the patch in Gerrit. Once CI has merged the patch, hit enter at the 2nd prompt.
 
<syntaxhighlight lang="shell-session">
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
</syntaxhighlight>
 
After the script run is complete, group1 wikis should be running [VERSION].
 
The above should take about five minutes, including the waiting time for Gerrit/CI.
 
=====Update roadmap=====
 
*Change the <code>Deployed to group</code> (if you're using VisualEditor) or the 3rd parameter of the <code>WMFReleaseTableRow</code> template (if you're using the wikitext editor) to <code>1</code> (deployed to group1) at [[mw:MediaWiki 1.38/Roadmap]].
 
For wikitext editor, change
 
<syntaxhighlight lang="text">
{{WMFReleaseTableRow|[VERSION]|[DATE]|0}}
</syntaxhighlight>
 
to
 
<syntaxhighlight lang="text">
{{WMFReleaseTableRow|[VERSION]|[DATE]|1}}
</syntaxhighlight>
 
Example:
 
<syntaxhighlight lang="text">
{{WMFReleaseTableRow|12|2018-07-10|1}}
</syntaxhighlight>
</div>
 
===Thursday: group{0,1} to all deploy===
;Short-form instructions
{| class="wikitable"
!
!Step
!host
!command
!example
|-
|2-0
|'''Create and auto-merge/deploy the group2 patch'''
|deploy1001
| colspan="2" |<syntaxhighlight lang="shell-session">
USERNAME@deploy1001:/srv/mediawiki-staging/$ scap deploy-promote all
Promote all from [PREVIOUS-VERSION] to [VERSION] [y/N]
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
</syntaxhighlight>
|-
|2-1
|'''Verify production has indeed switched'''
|[[w:Special:Version|English Wikipedia]]
| colspan="2" |Verify that [[w:Special:Version|the English Wikipedia]] (and other group2 wikis) have switched to the new version (Installed software, Product: MediaWiki, Version: VERSION)
|-
| 2-2
|'''Monitor production logs'''
|logstash ''etc.''
| colspan="2" |Monitor irc and [[logstash]] and/or [[Wikimedia binaries#logspam-watch|logspam-watch]] for problems, see [[#Places to Watch for Breakage]]
|-
|2-3
|'''Update roadmap page'''
|[[mw:MediaWiki 1.39/Roadmap]]
|Change the <code>Deployed to group</code> (if you're using VisualEditor) or the 3rd parameter of the <code>WMFReleaseTableRow</code> template (if you're using the wikitext editor) to <code>2</code> (deployed to all)
|<syntaxhighlight lang="text">
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|2}}
...
{{WMFReleaseTableFooter}}
</syntaxhighlight>
|}
 
;Full instructions
<div class="mw-collapsible mw-collapsed" style="margin:1em; border: 1px dashed grey; padding: 2em 1em;">
 
=====Switch all wikis to [VERSION]=====


Thursday deploy is very similar to the Wednesday deploy, the only difference in terms of procedure is the target group
Thursday deploy is very similar to the Wednesday deploy, the only difference in terms of procedure is the target group


* Clone the MediaWiki release tools to your home directory on tin
Use <code>scap deploy-promote all</code> to update <code>wikiversions.json</code>
* Use <code>~/release/bin/deploy-promote all</code> to update <code>wikiversions.json</code>
 
** The script automatically send to Gerrit and Code-Review +2 the patch. Once CI has merged it, hit enter at the 2nd prompt:
<syntaxhighlight lang="shell-session">
*** <code>Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions</code>  
USERNAME@deploy1001:~$ scap deploy-promote all
** After the script run is complete, '''all wikis''' should be running VERSION
Promote all from [PREVIOUS-VERSION] to [VERSION] [y/N]
</syntaxhighlight>


Example Session:
The script automatically Code-Review +2 the patch in Gerrit. Once CI has merged the patch, hit enter at the 2nd prompt.


<syntaxhighlight lang="shell-session">
<syntaxhighlight lang="shell-session">
you@laptop:~$ ssh deployment.eqiad.wmnet
you@tin:~$ git clone https://gerrit.wikimedia.org/r/mediawiki/tools/release "$HOME/release"
you@tin:~$  ./bin/deploy-promote all
Promote all from 1.28.0-wmf.15 to 1.28.0-wmf.16? [y/N] y
#!/usr/bin/env php
Updated /srv/mediawiki-staging/wikiversions.json: 0 inserted, 897 migrated.
/srv/mediawiki-staging/php is already up-to-date.
[master 67c2f0c] all wikis to 1.28.0-wmf.16
1 file changed, 298 insertions(+), 298 deletions(-)
Counting objects: 21, done.
Delta compression using up to 6 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 2.12 KiB | 0 bytes/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: Resolving deltas: 100% (2/2)
remote: Processing changes: new: 1, refs: 1, done   
remote:
remote: New Changes:
remote:  https://gerrit.wikimedia.org/r/306719 all wikis to 1.28.0-wmf.16
remote:
To ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config.git
* [new branch]      HEAD -> refs/for/master/1.28.0-wmf.16%l=Code-Review+2
HEAD is now at ad6c345 [Beta Cluster] Remove PoolCounter override
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
[INFO] Running git pull
</syntaxhighlight>
From https://gerrit.wikimedia.org/r/p/operations/mediawiki-config
  ad6c345..67c2f0c  master    -> origin/master
Updating ad6c345..67c2f0c
Fast-forward
wikiversions.json | 596 ++--
1 file changed, 298 insertions(+), 298 deletions(-)
[INFO] Running scap sync-wikiversions
19:01:53 Started sync-masters
sync-masters: 100% (ok: 1; fail: 0; left: 0)                                   
19:02:01 Finished sync-masters (duration: 00m 08s)
19:02:01 Started sync_wikiversions
19:02:01 Compiled /srv/mediawiki-staging/wikiversions.json to /srv/mediawiki-staging/wikiversions.php
sync_wikiversions: 100% (ok: 345; fail: 0; left: 0)                           
19:02:10 Finished sync_wikiversions (duration: 00m 09s)
19:02:10 rebuilt wikiversions.php and synchronized wikiversions files: all wikis to 1.28.0-wmf.16
==================================================
Checking version on https://en.wikipedia.org/wiki/Special:Version
Expect: 1.28.0-wmf.16
Result: SUCCESS\n
==================================================


After the script run is complete, '''all wikis''' should be running [VERSION].
=====Update roadmap=====
*Change the <code>Deployed to group</code> (if you're using VisualEditor) or the 3rd parameter of the <code>WMFReleaseTableRow</code> template (if you're using the wikitext editor) to <code>2</code> (deployed to all wikis) at [[mw:MediaWiki 1.38/Roadmap]].
For wikitext editor, change
<syntaxhighlight lang="text">
{{WMFReleaseTableRow|[VERSION]|[DATE]|1}}
</syntaxhighlight>
to
<syntaxhighlight lang="text">
{{WMFReleaseTableRow|[VERSION]|[DATE]|2}}
</syntaxhighlight>
</syntaxhighlight>
Example:
<syntaxhighlight lang="text">
{{WMFReleaseTableRow|12|2018-07-10|2}}
</syntaxhighlight>
</div>
==Incident documentation==
*If there were problems during the train, follow instructions at [[Incident documentation]] on incident reports and post-mortem review.
*Use <code>Create report</code> form to create a new page, <code>train-[VERSION]</code>. Example: [[Incident documentation/20181212-Train-1.33.0-wmf.8]].
*For Timeline section, events from [https://sal.toolforge.org/production SAL] and Phabricator task are a good start.
== See also ==
*For information about the current status of the versions deployed to the various wikis, see https://versions.toolforge.org/
==Footnotes==
<references />
[[Category:How-To]]
[[Category:How-To]]
[[Category:Deployment]]
[[Category:Deployment]]

Latest revision as of 13:13, 10 June 2022

Deployments
Trainbows Not Painbows1.svg


Pairing on the Train

As of October 2019, there are two people assigned to each week's train: One as primary, and one as backup. These are rough guidelines for sharing the work, and should be improved as we learn more.

  • On Monday, communicate with your partner and establish how you'll collaborate over the course of the week.
    • Updates on IRC while your partner is working and updates on the train blocker ticket if they're offline seems to be a useful pattern.
    • Liberal use of video chat for pairing on hard problems is encouraged.
    • It seems to work well to have the primary do the work of cutting the branch, syncing wikis, etc., while the backup keeps an eye on logs, works on improvements to deploy tooling, and is generally an extra pair of eyes for the whole process.
    • If you are in doubt about any part of the process and it's during your partner's working hours, consult them first and get their help in resolving your questions.
  • If one member of the pair is in the European window and one is in the American window, both train deployment windows should be reserved on the Deployments calendar. This gives a backup deployer a defined window for moving the train forward outside the primary's working hours, if it becomes necessary.
  • If the train is blocked or there are any other issues, communicate the transfer of responsibility on the train blocker ticket by assigning it to the responsible party and leaving a note.

Initial setup

SSH into deploy1002.eqiad.wmnet and run

USERNAME@deploy1002:~$ git clone https://gerrit.wikimedia.org/r/mediawiki/tools/release

Breakage

There will be times when this process does not go smoothly. There are guidelines for what do to when that happens.

In general, if there is an unexplained error that occurs within 1 hour of a train deployment — always roll back the train. Rolling back the train to eliminate it as the cause of unexplained breakage can be especially important if there are many ongoing possible causes for issues as this helps to eliminate one of those causes as the source of problems.

Rollback

To rollback a wikiversion change, it should be pretty quick. Go ahead and rollback production before you send patches up to gerrit since waiting on Jenkins may take a while:

USERNAME@deploy1001:/srv/mediawiki-staging$ git revert $(git log -1 --format=%H -- wikiversions.json)
USERNAME@deploy1001:/srv/mediawiki-staging$ scap sync-wikiversions 'Revert "group[0|1] wikis to [VERSION]"'

# Now that you've synced the revert, push patches up to gerrit, you have to run git commit --amend to get the changeid
# Ideally, you should also add the train blocker task id to the Bug: field for this commit
USERNAME@deploy1001:/srv/mediawiki-staging$ git commit --amend
USERNAME@deploy1001:/srv/mediawiki-staging$ git push origin HEAD:refs/for/master%topic=[VERSION],l=Code-Review+2

Example:

USERNAME@deploy1001:/srv/mediawiki-staging$ git push origin HEAD:refs/for/master%topic=1.34.0-wmf.0,l=Code-Review+2
  • Wait for the patch to merge and the fetch back down to the deployment server

Places to Watch for Breakage

Train deployers should check for breakage as they are rolling out the train as they are effectively the first line of defense for train deploys. Some of the places to watch for breakage:

If the train is blocked

  • A task will be assigned to you, for example T191059 (1.32.0-wmf.13 deployment blockers) (you can see that week's task at https://train-blockers.toolforge.org)
  • Any open subtasks block the train from moving forward. This means no further deployments until the blockers are resolved.

Checklist

If there are blocking tasks, please do the following:

  • Make sure all tasks blocking train are set to UBN! priority in phabricator
  • Comment on the task asking for an ETA or if this can be solved by reverting a recent commit.
  • Send e-mail to:
    • ops@lists.wikimedia.org
    • wikitech-l@lists.wikimedia.org
    • Ping private #engineering-all Slack channel
    • Subject: [Train] {version} status update
    • Body
      The {version} version of MediaWiki is blocked[0].
      
      The new version is deployed to {group(s){0,1,2}}[1], but can proceed no
      further until these issues are resolved:
      
      * {Phab task name} - {phab task link}
      
      Once these issues are resolved train can resume. If these issues are
      resolved on a Friday the train will resume Monday.
      
      Thank you for your help resolving these issues!
      
      -- Your humble train toiler
      
      [0]. <{link to phab task for train}>
      [1]. <https://versions.toolforge.org/>
      
  • Add relevant people (see Developers/Maintainers) to the blocking task
  • Ping relevant people in IRC
  • Once train is unblocked be sure to thank the folks who helped unblock it

Weekly steps

Monday: Sync up with your deployment partner

See the train pairing section above.

Tuesday: New branch creation and deploy

Before the deploy window

Depending on how practiced you are and where you choose to run commands (full clones of mediawiki-core from outside the cluster can take a while), the steps will typically take 45 to 90 minutes.

Short-form instructions
Step host command example
P-0 Verify branch cut job worked Your laptop The branch cut is performed by a Jenkins job that runs on Tuesdays at 02:00 UTC on the releases-jenkins instance. The job creates and merges the wmf/* branch. It also builds and posts the changelog.

Navigate to Gerrit to find the branch commit that the job created. If there is no commit for the current train branch shown in Gerrit, you can troubleshoot via the releases-jenkins job.

P-3 Enter screen (or tmux if you prefer)


Note[1]

deploy1002.eqiad.wmnet
USERNAME@deploy1002:~$ screen -D -RR train
P-4 Set local ssh-agent in session deploy1002
USERNAME@deploy1002:~$ eval $(ssh-agent)
USERNAME@deploy1002:~$ ssh-add .ssh/id_ed25519
P-5 Clone new branch in production, apply patches, deploy to test-wikis, and cleanup old versions

🐌 Note: this step takes > 1 hour.

deploy1002
USERNAME@deploy1002:~$ scap stage-train [VERSION]
USERNAME@deploy1002:~$ scap stage-train 1.34.0-wmf.0

You can also run this command with the --dry-run option to see all the commands it will try to run:

USERNAME@deploy1002:~$ scap stage-train --dry-run 1.34.0-wmf.0
Wait for the deploy window
Full instructions
Setup

The script to cut a branch is run on your local machine (as of Jan 2020).

Local .netrc setup

Create a .netrc file in your home directory with the following content.

you@yourlaptop:~$ vim .netrc
machine gerrit.wikimedia.org login [USERNAME] password [PASSWORD]

Username and password can obtained from Gerrit:

  • In the new UI go to HTTP Credentials, copy Username and click Generate new password to generate new password.
  • In the old UI, go to HTTP Password, copy Username and click Generate Password to generate new password.

Make sure .netrc file is only readable by you.

you@yourlaptop:~$ chmod go-rwx .netrc

Clone or update mediawiki/tools/release.

USERNAME@yourlaptop:~$ git clone https://gerrit.wikimedia.org/r/mediawiki/tools/release

To run branch.py you need to have the pygerrit2 library installed for Python3. In Debian 10 (buster), the python3-pygerrit2 package works.

Create the new branch in Gerrit
you@yourlaptop:~/release/make-release/ $ ./branch.py --core --core-bundle wmf_core --bundle wmf_branch --branchpoint HEAD --core-version [VERSION] [WMF BRANCH]
you@yourlaptop:~/release/make-release/ $ ./branch.py --core --core-bundle wmf_core --bundle wmf_branch --branchpoint HEAD --core-version 1.34.0-wmf.0 wmf/1.34.0-wmf.0

In #wikimedia-operations connect, drop a quick log note that you've kicked off the branch process so that others know it's underway, e.g.:

!log 1.35.0-wmf.14 was branched at fb16374c5bdb9d14729f358fb81638fc91640b4f for T233862

The script will create a release patch, like this one, under your gerrit account. You must C+2 this, and wait for it to merge, to proceed.

tmux or screen

Now that the branch has been cut on your local machine, the remainder of the work will be done on the deployment host: deploy1002.eqiad.wmnet

Some scripts run for 10-60 minutes so consider using tmux or screen.

If you prefer tmux:

USERNAME@deploy1002:~$ tmux new -s train
...
USERNAME@deploy1002:~$ exit

If you need to leave in the middle you can do ctrl-b d to detach and tmux a -t train to attach.

If you prefer screen:

USERNAME@deploy1002:~$ screen -D -RR train
...
USERNAME@deploy1002:~$ exit

If you need to leave in the middle you can do ctrl-a d to detach and screen -r train to attach.

In either the tmux or the screen session, you'll want to start an ssh-agent and load your local key there:

USERNAME@deploy1002:~$ eval $(ssh-agent)
USERNAME@deploy1002:~$ ssh-add .ssh/id_ed25519
Clone new branch

This command will create a new /srv/mediawiki-staging/php-[VERSION] directory:

USERNAME@deploy1002:/srv/mediawiki-staging$ scap prep [VERSION]

Example:

USERNAME@deploy1002:/srv/mediawiki-staging$ scap prep 1.34.0-wmf.0

This should only take a couple of minutes.

Apply security patches
Short version
scap patch [VERSION]
  • Patches should be named sequentially in the order that they will cleanly apply (e.g. 01-T[NUMBER].patch, 02-T[NUMBER].patch)
  • Checks and applies each patch in both /srv/patches/[VERSION]/core and /srv/patches/[VERSION]/extensions/[NAME] to the new core checkout and extensions, respectively.

Check existing patches:

USERNAME@deploy1002:~$ tree /srv/patches/[VERSION]
/srv/patches/[VERSION]
├── core
│   ├── 01-T[NUMBER].patch
│   └── 02-T[NUMBER].patch
└── extensions
    └── [EXTENSION]
        ├── 01-T[NUMBER].patch
        └── 02-T[NUMBER].patch
Core
  • You can check a core patch to see if it will apply cleanly with
USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]$ git apply --check --3way /srv/patches/[VERSION]/core/[NUMBER]-T[NUMBER].patch
  • If the patch checks out, apply and commit it with
USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]$ git am --3way /srv/patches/[VERSION]/core/[NUMBER]-T[NUMBER].patch
Extension
  • For an extension:
USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]/extensions/[EXTENSION]$ git apply --check --3way /srv/patches/[VERSION]/extensions/[EXTENSION]/[NUMBER]-T[NUMBER].patch

USERNAME@deploy1002:/srv/mediawiki-staging/php-[VERSION]/extensions/[EXTENSION]$ git am --3way /srv/patches/[VERSION]/extensions/[EXTENSION]/[NUMBER]-T[NUMBER].patch
  • If the patch fails to apply, investigate whether it's due to a conflict (git status) or the patch having been merged since the new branch cut (search git log for the commit, etc.). If it turns out to be the latter, remove the patch file from the /srv/patches/[VERSION] directory.
  • If you need extra help, contact Security Team (Wikimedia Foundation, MediaWiki, Office Wiki).
Create patches to update wikiversions.json

Create group0 to [VERSION] patch:

USERNAME@deploy1002:/srv/mediawiki-staging/$ scap update-wikiversions group0 [VERSION]
USERNAME@deploy1002:/srv/mediawiki-staging/$ git add wikiversions.json
USERNAME@deploy1002:/srv/mediawiki-staging/$ git commit -m "Group0 to [VERSION]"

Example:

USERNAME@deploy1002:/srv/mediawiki-staging/$ scap update-wikiversions group0 1.34.0-wmf.0
USERNAME@deploy1002:/srv/mediawiki-staging/$ git add wikiversions.json
USERNAME@deploy1002:/srv/mediawiki-staging/$ git commit -m "Group0 to 1.34.0-wmf.0"
Send staged patches to Gerrit for review
USERNAME@deploy1002:/srv/mediawiki-staging/$ git push origin HEAD:refs/for/master%topic=[VERSION]

Example:

USERNAME@deploy1002:/srv/mediawiki-staging/$ git push origin HEAD:refs/for/master%topic=1.34.0-wmf.0
Discard changes to working directory and index
USERNAME@deploy1002:/srv/mediawiki-staging/$ git reset --hard origin/master
Clean up old stuff

mw:MediaWiki 1.34/Roadmap is a good place to find when a branch was created.

List all branches:

USERNAME@deploy1002:/srv/mediawiki-staging/$ find . -maxdepth 1 -type d -name 'php-*' -print

Find old branches, more than 7 days old:

USERNAME@deploy1002:/srv/mediawiki-staging/$ find . -mindepth 2 -maxdepth 2 -type f -path './php-*/README.md' -ctime +7 -exec dirname {} \;

For all branches more than 7 days old, drop everything with:

USERNAME@deploy1002:/srv/mediawiki-staging/$ scap clean --delete [some old version from find -ctime +7 output above]

Example:

USERNAME@deploy1002:/srv/mediawiki-staging/$ scap clean --delete 1.34.0-wmf.0

Active branches are visible at Wikimedia MediaWiki versions page.

Deleting a branch is a full sync of that directory, and can take 10-15 minutes each.

Sync to cluster and verify on testwiki
  • Edit /srv/mediawiki-staging/wikiversions.json and set testwiki to php-[VERSION]
  • Do not commit and push to Gerrit, only make this change locally on the deployment server
USERNAME@deploy1002:/srv/mediawiki-staging/$ vim wikiversions.json
USERNAME@deploy1002:/srv/mediawiki-staging$ git diff
...
-    "testwiki": "php-[VERSION-1]",
+    "testwiki": "php-[VERSION]",
...
  • Run scap to (re)build localization caches and sync changes across the cluster.
  • 🐌 Note: this step may take on the order of 70-80 minutes.
  • 🐌 Note: If scap seems to hang during the scap-cdb-rebuild phase of this process, you may need to try pressing enter to speed it up.
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap sync "testwiki to php-[VERSION] and rebuild l10n cache"

Example:

USERNAME@deploy1002:/srv/mediawiki-staging/$ scap sync "testwiki to php-1.34.0-wmf.0 and rebuild l10n cache"

This can take well over an hour. Opening or reloading the version page on testwiki after the scap sync command can take a minute or two.

  • Revert local changes
USERNAME@deploy1002:/srv/mediawiki-staging/$ git checkout -- wikiversions.json
Update deploy notes

There is a script in the mediawiki/tools/release repo called makedeploynotes.py. It queries gerrit's gitiles to make release notes. Usage: makedeploynotes.py <old-version> <new-version>

$ python3 make-deploy-notes/makedeploynotes.py 1.35.0-wmf.24 1.35.0-wmf.25 | tee deploy-notes-1.35.0-wmf.25

From there you can copy-and-paste to the Changelog page on mediawiki.org; e.g., https://www.mediawiki.org/wiki/MediaWiki_[VERSION]/Changelog. Example: MediaWiki 1.35/wmf.24/Changelog

Wait for deploy window

All of the changes above can be done at any time prior to the actual deployment window.

During the deploy window

Short-form instructions
Step host command example
0-0 Create and auto-merge/deploy the group0 patch deploy1002
USERNAME@deploy1002:/srv/mediawiki-staging/$ scap deploy-promote group0
Promote group0 from [PREVIOUS-VERSION] to [VERSION] [y/N]
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
0-1 Verify production has indeed switched MediaWiki.org Verify that mediawikiwiki has switched to the new version (Installed software, Product: MediaWiki, Version: VERSION)
0-2 Monitor production logs logstash etc. Monitor irc and logstash and/or logspam-watch for problems, see #Places to Watch for Breakage
0-3 Update roadmap page mw:MediaWiki 1.39/Roadmap Change the Deployed to group (if you're using VisualEditor) or the 3rd parameter of the WMFReleaseTableRow template (if you're using the wikitext editor) to 0 (deployed to group0)
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|0}}
0-4 Kill ssh-agent deployment server
USERNAME@deploy1002:~$ pgrep -u "$USER" -laf ssh-agent # list all of your ssh-agent processes
USERNAME@deploy1002:~$ pkill -u "$USER" -f ssh-agent   # kill all your ssh-agent processes
USERNAME@deploy1002:~$ pgrep -u "$USER" -laf ssh-agent # did they all die?
Full instructions
Switch group0 wikis to [VERSION]
  • CR+2 group0 to [VERSION] patch in Gerrit that you submitted earlier
  • Wait for Gerrit/Zuul/Jenkins to merge the patch(es)
  • Pull patch(es) to deployment server
USERNAME@deploy1002:/srv/mediawiki-staging$ git fetch
  • Check diff to ensure it is what you expect (this should show a bunch of version changes in wikiversions.json for group0 wikis)
USERNAME@deploy1002:/srv/mediawiki-staging$ git diff HEAD..origin/master
  • Apply changes
USERNAME@deploy1002:/srv/mediawiki-staging$ git rebase origin/master
  • Sync the change across the cluster
USERNAME@deploy1002:/srv/mediawiki-staging$ scap sync-wikiversions "group0 to [VERSION]"

Example:

USERNAME@deploy1002:/srv/mediawiki-staging$ scap sync-wikiversions "group0 to 1.34.0-wmf.0"
Update roadmap
  • Change the Deployed to group (if you're using VisualEditor) or the 3rd parameter of the WMFReleaseTableRow template (if you're using the wikitext editor) to 0 (deployed to group0) at mw:MediaWiki 1.35/Roadmap.

For wikitext editor, change

{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|[VERSION]|[DATE]|}}
...
{{WMFReleaseTableFooter}}

to

{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|[VERSION]|[DATE]|0}}
...
{{WMFReleaseTableFooter}}

Example:

{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|0}}
...
{{WMFReleaseTableFooter}}
Terminate ssh-agents

Terminate the ssh-agent you started earlier so it doesn't linger on after you log out:

pgrep -u "$USER" -laf ssh-agent # list all of your ssh-agent processes
pkill -u "$USER" -f ssh-agent   # kill all your ssh-agent processes
pgrep -u "$USER" -laf ssh-agent # did they all die?

Every other day of the train you need to start a new ssh-agent and kill it later.

Wednesday: group0 to group1 deploy

Meta / coordination

Attend the Train Log Triage meeting with members of the Core Platform Team and others.

Short-form instructions
Step host command example
1-0 Create and auto-merge/deploy the group1 patch deploy1001
USERNAME@deploy1001:/srv/mediawiki-staging/$ scap deploy-promote group1
Promote group1 from [PREVIOUS-VERSION] to [VERSION] [y/N]
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
1-1 Verify production has indeed switched English Wiktionary Verify that the English Wiktionary (and other group1 wikis) have switched to the new version (Installed software, Product: MediaWiki, Version: VERSION)
1-2 Monitor production logs logstash etc. Monitor irc and logstash and/or logspam-watch for problems, see #Places to Watch for Breakage
1-3 Update roadmap page mw:MediaWiki 1.39/Roadmap Change the Deployed to group (if you're using VisualEditor) or the 3rd parameter of the WMFReleaseTableRow template (if you're using the wikitext editor) to 1 (deployed to group1)
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|1}}
...
{{WMFReleaseTableFooter}}
Full instructions
Switch group1 wikis to [VERSION]

Use scap deploy-promote group1 to update wikiversions.json

USERNAME@deploy1001:~$ scap deploy-promote group1
Promote group1 from [PREVIOUS-VERSION] to [VERSION] [y/N]

The script automatically Code-Review +2 the patch in Gerrit. Once CI has merged the patch, hit enter at the 2nd prompt.

Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions

After the script run is complete, group1 wikis should be running [VERSION].

The above should take about five minutes, including the waiting time for Gerrit/CI.

Update roadmap
  • Change the Deployed to group (if you're using VisualEditor) or the 3rd parameter of the WMFReleaseTableRow template (if you're using the wikitext editor) to 1 (deployed to group1) at mw:MediaWiki 1.38/Roadmap.

For wikitext editor, change

{{WMFReleaseTableRow|[VERSION]|[DATE]|0}}

to

{{WMFReleaseTableRow|[VERSION]|[DATE]|1}}

Example:

{{WMFReleaseTableRow|12|2018-07-10|1}}

Thursday: group{0,1} to all deploy

Short-form instructions
Step host command example
2-0 Create and auto-merge/deploy the group2 patch deploy1001
USERNAME@deploy1001:/srv/mediawiki-staging/$ scap deploy-promote all
Promote all from [PREVIOUS-VERSION] to [VERSION] [y/N]
Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions
2-1 Verify production has indeed switched English Wikipedia Verify that the English Wikipedia (and other group2 wikis) have switched to the new version (Installed software, Product: MediaWiki, Version: VERSION)
2-2 Monitor production logs logstash etc. Monitor irc and logstash and/or logspam-watch for problems, see #Places to Watch for Breakage
2-3 Update roadmap page mw:MediaWiki 1.39/Roadmap Change the Deployed to group (if you're using VisualEditor) or the 3rd parameter of the WMFReleaseTableRow template (if you're using the wikitext editor) to 2 (deployed to all)
{{WMFReleaseTableHead}}
{{WMFReleaseTableRow|12|2018-07-10|2}}
...
{{WMFReleaseTableFooter}}
Full instructions
Switch all wikis to [VERSION]

Thursday deploy is very similar to the Wednesday deploy, the only difference in terms of procedure is the target group

Use scap deploy-promote all to update wikiversions.json

USERNAME@deploy1001:~$ scap deploy-promote all
Promote all from [PREVIOUS-VERSION] to [VERSION] [y/N]

The script automatically Code-Review +2 the patch in Gerrit. Once CI has merged the patch, hit enter at the 2nd prompt.

Now wait for jenkins to merge the patch, then press enter to continue with git pull && scap sync-wikiversions

After the script run is complete, all wikis should be running [VERSION].

Update roadmap
  • Change the Deployed to group (if you're using VisualEditor) or the 3rd parameter of the WMFReleaseTableRow template (if you're using the wikitext editor) to 2 (deployed to all wikis) at mw:MediaWiki 1.38/Roadmap.

For wikitext editor, change

{{WMFReleaseTableRow|[VERSION]|[DATE]|1}}

to

{{WMFReleaseTableRow|[VERSION]|[DATE]|2}}

Example:

{{WMFReleaseTableRow|12|2018-07-10|2}}

Incident documentation

See also

Footnotes

  1. If you need to leave in the middle you can do ctrl-a d to detach and screen -r train to attach.