Jump to content

This is a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

DebMonitor

From Wikitech

DebMonitor is a Debian package tracker website and tool developed at the Wikimedia Foundation and used to track installed and upgradable packages across the fleet. It has multiple components.

DebMonitor website

The DebMonitor website is a Django-based application installed in an active/passive setup with uwsgi and nginx on two dedicated Ganeti VMs and deployed via the debmonitor Debian package. The application has two different virtual hosts, one on port 80 for Varnish and one on port 443 for the DebMonitor client (see below). The data is stored on a MySQL database hosted by the m2 cluster .

There is a weekly systemd timer on each host to run a garbage collection script twice a week to remove orphan objects from the database (e.g. package versions not installed anymore in any host).

DebMonitor client

The debmonitor-client Debian package is installed on all the clients and reports the installed packages to the DebMonitor active server. It reports them in four different ways:

  • A dpkg hook triggered on Dpkg::Pre-Install-Pkgs to report any change to packages. It doesn't block package actions on failure.
  • An APT hook triggered on APT::Update::Post-Invoke to report any upgradable packages. It doesn't block apt-get update on failure.
  • A daily crontab to report all installed and upgradable packages to reconcile the data in case any of the above failed.
  • A separate component called docker-reporter traverses the Docker registry and submits information on packages present in container images

The client authenticate with the DebMonitor server via mutual authentication using certificate issued by our PKI, and the server authorize the connecting host to modify only its own data.

Common commands

Be sure to use debmonitor.discovery.wmnet as host.

Copy-Paste from your browser will lead to HTTP 403 "Client certificate validation failed".

Manually remove a host from DebMonitor

From one of the cluster::management hosts ( cumin1003.eqiad.wmnet, cumin2002.codfw.wmnet ) run the sre.debmonitor.remove-hosts cookbook. See also Spicerack/Cookbooks#Run_a_single_Cookbook .

Alternatively it can be done manually running: 

sudo curl -X DELETE "https://debmonitor.discovery.wmnet/hosts/${HOST_FQDN}" --cert "/etc/debmonitor/ssl/debmonitor_$(hostname -f | tr '.' '_').pem" --key "/etc/debmonitor/ssl/debmonitor_$(hostname -f | tr '.' '_')-key.pem"

Manually remove an image from DebMonitor

This will remove all tags of this image from DebMonitor.

From one of the builder hosts run: 

# IMAGE_NAME=docker-registry.wikimedia.org/foo-bar-image
sudo curl -X DELETE "https://debmonitor.discovery.wmnet/images/${IMAGE_NAME}" --cert "/etc/debmonitor/ssl/debmonitor__$(hostname -f | tr '.' '_').pem" --key "/etc/debmonitor/ssl/debmonitor__$(hostname -f | tr '.' '_')-key.pem"

Making a release

Debmonitor is released using python-release .

After a release it's sufficient to apt-get install debmonitor-server to update the packages on a given host. The django collectstatic action is performed on postinst automatically.

If there is any database migration it can be applied running (only on one host per database) as root: 

export DEBMONITOR_CONFIG=/etc/debmonitor/config.json
export DJANGO_SETTINGS_MODULE=debmonitor.settings.prod
python3 /usr/lib/python3/dist-packages/debmonitor/manage.py migrate
Retrieved from " https://wikitech.wikimedia.org/w/index.php?title=DebMonitor&oldid=2320625 "