Upgrade All Trusty Nodes to Ubuntu Latest

[mekarpeles]

Related to #703 (see aspirational #680)

• [x] Prove provisioning a generic minimal xenail VM (e.g. of the ol-mem flavor) and add it to the ol cluster (e.g. as ol-mem4)
• [x] Codify the ol-mem approach using Ansible @abezella -- following https://github.com/internetarchive/openlibrary/issues/680#issuecomment-481929471
• [x] Prove provisioning of an openlibrary-specific xenial VM (e.g. ol-web3) using Docker and add it to the ol cluster (e.g. as ol-web1). This requires preserving the existing /opt/openlibrary directory as a detachable volume and preserving to new instance.
• [x] Codify the openlibrary-specific approach (using Ansible + Docker) such that new ol-web xenial nodes can be added automatically into the ol pool.

View Architecture & Provisioning docs on the Wiki

Remaining Trusty Machines

• [x] ol-www1.us.archive.org → #4252
• [ ] ol-home.us.archive.org → #5143
  • [x] #4775
  • [x] #5144
  • [x] #7817
• [ ] ol-db1.us.archive.org → #5686
• [ ] ol-db2.us.archive.org
  • Not sure what is required for ol-db2 in terms of migrating replication & provisioning as I don't think we have any record of how this vm was built
• [ ] ol-backup0.us.archive.org →
  • We don't have much context on ol-backup0 and what is required.
  • Is it possible for us to just spin up an ol-backup1 and temporarily write backups to both locations and verify that's working and then simply de-comission ol-backup0?

    Requirements

    The Trusty 14.04 release of the Ubuntu operating system will reach end of life for LTS (long-term support) at the end of 2019. After this time, our VMs may no longer receive necessary security updates. Therefore, before 2020, we are required to re-provision all our ~11 production Open Library VMs to run Xenail.

Current Production Architecture

Today, our production service architecture consists of ~11 VMs: (see: https://github.com/internetarchive/openlibrary/wiki/Production-Service-Architecture)

Current Provisioning Setup

Our current production setup process (as of 2019) for provisioning these 11 VMs is ostensibly manual and relies on a lot of manually scping directories around, as well as a separate repository called olsystem which contains the production configs, cron jobs, and infrastructure required to run the official openlibrary.org service.

Each of our 11 VMs are more-or-less provisioned identically:

• Every VM has an /opt directory containing all the "business"
• Within /opt there is an openlibrary/ and a petabox/ directory. It's very likely /opt/petabox is not required by all VMs, though it's not currently well understood which services may rely on it (e.g. the ol-home VM makes heavy use of olsystem which may reference petabox)
• /opt/openlibrary contains all the business logic for the Open Library project:

/opt/
/opt/petabox
/opt/openlibrary
/opt/openlibrary/venv  -- python virtualenv
/opt/openlibrary/maxmind-geoip/  -- .dat file for anonymizing IPs
/opt/openlibrary/deploys  -- history of all deploys, hash-binned by service
/opt/openlibrary/deploys/openlibrary  -- history of openlibrary deploys
/opt/openlibrary/deploys/olsystem  -- history of openlibrary deploys
/opt/openlibrary/deploys/base  -- deprecated??
/opt/openlibrary/deploys/openlibrary/openlibrary  -- active openlibrary deploy
/opt/openlibrary/deploys/openlibrary/openlibrary  -- active olsystem deploy
/opt/openlibrary/olsystem/  -- symlink to active olsystem: /opt/deploys/openlibrary/olsystem
/opt/openlibrary/openlibrary -- symlink to active openlibrary: /opt/deploys/openlibrary/olsystem

Minimum Proposal

At minimum, re-provisioning a VM requires:

• setting up firewall rules and installing core packages (e.g. git, docker) by running an ansible playbook
• scp'ing over the legacy VM's /opt directory (preferably as an external mountable /1 volume which can be moved in the future)
• Setting up olsystem so that its files within /opt/openlibrary/olsystem/etc symlink to the right locations within /etc

To copy /opt over from another server you'll have to: on ol-mem2: sudo tar cpSlf /var/tmp/ol.tar --same-owner -C /opt openlibrary scp /var/tmp/ol.tar ol-mem4:/var/tmp/ol.tar on ol-mem4: tar xpBsf /var/tmp/ol.tar --same-owner -C /opt (edited) (due to keys and needing to be root to get all of it i don't there's an easy way to just scp or rsync)

Ideal Proposal

An aspirational goal of this epic is to migrate Open Library VM provisioning to use a standard Ansible playbook (and possibly docker containers, a la our development environment) to support this re-provisioning.

Part of this effort includes decreasing production's dependence on the olsystem repository a la #680. Both developer and production systems should use have similar docker recipes and differ according to ansible playbooks.

Plan

The plan is to start with ol-mem0, ol-mem1, and ol-mem2 as they don't really require any infrastructure other than: 1) setup 3 new memcached servers ol-mem3, ol-mem4, ol-mem4 2) provision VMs with default ansible playbook: setup firewall rules + install docker 3) use VM-specific ansible playbook to install setup docker w/ memcached (with upstart) 4) update /opt/openlibrary/olsystem/etc/openlibrary.yml and infobase.yml configs to reference correct new memcached servers 5) /etc (e.g. memcached) to symlink to the correct system configs in /opt/openlibrary/olsystem/etc/ 6) update /opt/openlibrary/olsystem/fabfile.py supervisord to update how memcached servers should be restarted (and to not deploy to ol-mem* during deploy) 7) remove old memcached servers from the pool (one at a time)

[mekarpeles]

This task needs a checklist:

• [x] Prove provisioning a generic minimal xenial VM (e.g. of the ol-mem flavor) and add it to the ol cluster (e.g. as ol-mem4)
• [x] Codify the ol-mem approach using Ansible @abezella -- following https://github.com/internetarchive/openlibrary/issues/680#issuecomment-481929471
• [x] Prove provisioning of an openlibrary-specific xenial VM (e.g. ol-web3) using Docker and add it to the ol cluster (e.g. as ol-web1). This requires preserving the existing /opt/openlibrary directory as a detachable volume and preserving to new instance.
• [x] Codify the openlibrary-specific approach (using Ansible + Docker) such that new ol-web xenial nodes can be added automatically into the ol pool.

[tfmorris]

Since Ubuntu 18.04 Bionic Beaver has been out for over a year, would it make more sense to skip Xenial?

[tfmorris]

Our Xenial Docker-based development environment is producing dire warnings Node.js and the bundled version of pip doesn't work. I think we should upgrade our dev environment to Bionic ASAP in preparation for a production move to Bionic.

[cclauss]

% cat ./ubuntu_versions.sh

#!/bin/bash

# Which Ubuntu release are we running on?  Do not fail if /etc/os-release does not exist.
# cat /etc/os-release | grep VERSION= || true  # VERSION="20.04.1 LTS (Focal Fossa)"

SERVERS="ol-backup0 ol-covers0 ol-db1 ol-db2 ol-dev0 ol-dev1 ol-home ol-home0 ol-mem0 ol-mem1 ol-mem2 ol-solr0 ol-solr1 ol-web1 ol-web2 ol-www0"
parallel --quote ssh {} "hostname --short ; cat /etc/os-release | grep VERSION= ; docker --version ; docker compose version || true" ::: $SERVERS

• [x] ol-covers0 VERSION="20.04.2 LTS (Focal Fossa)"
• [x] ol-dev0 VERSION="14.04.5 LTS, Trusty Tahr" #4229
• [x] ol-dev1 VERSION="16.04.7 LTS (Xenial Xerus)" #4229
• [x] ol-home VERSION="14.04.1 LTS, Trusty Tahr" #4060
• [x] ol-home0 VERSION="20.04.2 LTS (Focal Fossa)"
• [x] ol-mem3 VERSION="16.04.7 LTS (Xenial Xerus)" #680
  • Replaced with ol-mem0 on Focal in internetarchive/olsystem#138
• [x] ol-mem4 VERSION="16.04.7 LTS (Xenial Xerus)" #680
  • Replaced with ol-mem1 on Focal in internetarchive/olsystem#144
• [x] ol-mem5 VERSION="16.04.7 LTS (Xenial Xerus)" #680
  • Replaced with ol-mem2 on Focal in internetarchive/olsystem#145
• [x] ol-solr1 VERSION="20.04.2 LTS (Focal Fossa)"
• [x] ol-web1 VERSION="20.04.2 LTS (Focal Fossa)"
• [x] ol-web2 VERSION="20.04.2 LTS (Focal Fossa)"
• [x] ol-www0 VERSION="20.04.2 LTS (Focal Fossa)"
• [x] ol-www1 VERSION="14.04.1 LTS, Trusty Tahr" #4252

[jimman2003]

Some of the PPAs might have deleted the xenial debs/packages so the CI is failng.. So we should bump this up?

[mekarpeles]

https://github.com/internetarchive/openlibrary/issues/2036#issuecomment-859350115

@dhruvmanila, @cclauss, or @BharatKalluri -- is this one you may have a few minutes to quickly investigate? If it seems like it may be a pain, @cdrini and I can prioritize for next week. @cdrini is currently PTO and I'm getting my 2nd covid shot tomorrow and will likely be out of commission for at least some of the weekend :grimacing:

[cclauss]

It would be important to look as upgrading both:

1. https://github.com/internetarchive/openlibrary/blob/master/docker/Dockerfile.olbase#L1
2. https://github.com/internetarchive/openlibrary/blob/master/.github/workflows/python_tests.yml#L13

[jimman2003]

also: https://github.com/internetarchive/openlibrary/blob/95f1234f81c664d186e7c5413436d4ccb5b936b8/docker/Dockerfile.olsolr#L1

[cclauss]

On ol-mem0...

• [x] sudo apt-get install memcached && memcached --version # --> memcached 1.5.22
• [x] firm rules
• do we need to git pull ol-system and openlibrary?
• Web 1 and Web 2 will need access to which memcache servers to use.
• Is there a "performance config"
• Coverstore yaml, ansible hosts, ansible
• ol-system -- grep ol-system and openlibrary for the config

• https://github.com/internetarchive/olsystem/search?q=memcache ol-mem

https://internetarchive.slack.com/archives/G019YBYM35M/p1602178331011000

https://internetarchive.slack.com/archives/G019YBYM35M/p1602179875012700?thread_ts=1602178331.011000&cid=G019YBYM35M

https://github.com/internetarchive/openlibrary/wiki/Production-Service-Architecture

[mekarpeles]

I think we're close: ol-db[1,2], ol-backup, ol-www0->1, and presumably ol-home disappears if we can ~re~move stats-solr (?) @cclauss ?? :|

[cclauss]

Using the script at https://github.com/internetarchive/openlibrary/issues/7676#issuecomment-1480274108

ol-home0% ./ubuntu_versions.sh

• [ ] ol-db1: Permission denied (publickey). --> #5686
• [ ] ol-dev1: VERSION="18.04.6 LTS (Bionic Beaver)"
• [ ] ol-home: VERSION="14.04.1 LTS, Trusty Tahr"
• [x] ~ol-www1: VERSION="14.04.1 LTS, Trusty Tahr"~ --> #4252
• [x] ol-covers0: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-home0: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-mem0: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-mem1: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-mem2: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-solr0: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-solr1: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-web1: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-web2: VERSION="20.04.6 LTS (Focal Fossa)"
• [x] ol-www0: VERSION="20.04.6 LTS (Focal Fossa)"