Puppet request window

From Wikitech
Jump to navigation Jump to search

What is it?

Patches submitted to Puppet request windows will be looked at by Operations Engineers (opsen) twice a week. Similar to MediaWiki Backport windows in structure. The patches will be reviewed and, if approved, merged. The goal is to encourage more people to write patches for operations/puppet.git, and have a Service Level Agreement (SLA) of sorts for patches to be looked at and/or merged.

The time slot of the Puppet request window is typically twice weekly, but this can shift (in advance) to accommodate other deployments. Two operations team members are typically signed up per window. During (or before) the window, those (and other) operations team members should review listed patches and provide feedback.

How to get a patch in a Puppet request window

  • Add it to the designated Puppet request window on the Deployments page.
    • This is intentionally 'fast and loose'. As long as a patch is on the listing before the Puppet request window, Operations will do what we can to review and merge these. Due to the repetition of the Puppet request windows, any patches submitted too close to the window (and unable to be properly reviewed) may be pushed to the next Puppet request window.
  • Be present during the Puppet request window for real-time conversations regarding the patch and testing/deployment/reverting. (This will take place on Freenode, in #wikimedia-operations.)

What kind of patches can go through Puppet request windows?

Puppet request window patches should be:

  • Trivial in complexity.
  • Easy to verify and test for people who are not in the Operations team.
  • (Preferred) At least one Code-Review +1 from someone familiar with the area of code the patch is changing.

Patches that have potentially far reaching impact (ssh, varnish, apaches, hhvm) will likely be rejected from Puppet request windows. Changes to the HHVM or Apache configuration for the MediaWiki application server cluster are not eligible for SWAT, due to the potentially far reaching impact / unavailability. These need extensive testing and should be scheduled with Ops outside Puppet request windows. This guideline is still evolving.

The ops person doing the request window has final discretion on which patches they merge, since they are ultimately responsible for the stability of the cluster. Also, do not use Puppet request windows as a way to speed up work if you're already collaborating with any opsen on a specific project. If patches are lagging behind there, there is a specific reason and you should refer to the person you're working with, or escalate this.

Examples (from Giuseppe):

Good patches for Puppet request windows:

Changes that cannot go through Puppet request windows:

The ideal Puppet request window patch has...

  1. The author / someone involved with the patch around on IRC during the Puppet request window
  2. A +1 on the patch from someone.
  3. Puppet Compiler has been run on the patch and it has given a go ahead
  4. Rebases cleanly to master
  5. For patches that can be tested on the Beta Cluster, they should be by being cherry-picked to the beta cluster puppetmaster.

The ideal Puppet request window patch does *not* have...

  1. Any sudo / access rights changes
  2. Any outstanding -1s / unaddressed concerns

Who is going to do it?

The operations team allocates two members for Puppet request windows during their weekly operations meetings. These members are designated in advance of their assigned weeks. Those members then must update the Deployments page to list them for those allotted Puppet request windows.