Migrate the Translation Platform to use a containerized Weblate
- Part of: #17782 (closed)
- MR: puppet-tails!58 (merged)
Migration plan
Preliminary steps:
-
Deploy the container-based platform in development environment, test all functionality. -
Schedule downtime period for migration: Oct 28-29 2021 → Message sent to tails-l10n@
.
Migration steps:
- Create a backup of the last working state:
-
Disable Puppet Agent. -
Disable the website. -
Create backups of data and database (takes a bit less than 1h) -
Copy the backups elsewhere. -
Shutdown the VM. -
Snapshot the disk volume.
-
- Install the new platform:
-
Install a fresh Debian Bullseye VM. -
Merge puppet-tails!58 (merged) -
Add the newly installed VM to Puppet. -
Run Puppet until it converges.
-
- Restore Weblate from backups:
-
Disable Puppet Agent. -
Protect Weblate with a temporary password. -
Restore database. -
Restore repositories and fix ownership and permissions.
-
- Check that the platform works fine:
-
Accepting a suggestion creates a commit in the Git repo. -
Check that integration with the website works (tip: create new SSH key and push to Gitolite config). -
Ensure that building the staging wiki works. -
Check updating of Translation Memory works. -
Check that permissions enforcement works. -
Get help to double check whether everything works fine.
-
- Enable the platform:
-
Enable Puppet Agent. -
Open Weblate to the public.
-
- Wrap up:
-
Fix ownership of /var/log/weblate/update.log
(+ other logfiles): should be2001000:weblate
. -
Fix monitoring of translate.lizard
. -
Remove celery
monitoring. -
Check old logs for clues about unexpected permissions. -
Double check VM creation checklist -
Update PXE installer with newer images (i.e. Bullseye). -
Check re. need of puppetizing loginctl enable-linger 2000000
. -
Fix Puppet error: Error: Facter: error while resolving custom fact "podman": cannot merge "/run/podman/podman.sock":String and "/run/user/0/podman/podman.sock":String
-
Document some commands (tails!660 (merged)): # Some of the commands below have to be executed in a directory readable to the user `weblate` (eg. /tmp). sudo -u weblate XDG_RUNTIME_DIR=/run/user/2000000 systemctl --user stop podman-weblate cd /tmp; sudo -u weblate podman logs -f --tail=1 weblate sudo -u weblate podman exec -t -i weblate /bin/bash sudo tail -f /var/log/weblate/update.log sudo -u weblate /var/lib/weblate/scripts/run_in_container.sh /scripts/cron.sh sudo -u weblate /var/lib/weblate/scripts/run_in_container.sh /scripts/weblate_permissions.py --enforce sudo -u weblate /var/lib/weblate/scripts/update_tm.sh
-
Document or puppetize generation of Weblate SSH key for weblate-gatekeeper.git
. -
Allow service admins to read Apache logs -
Document that /var/log/weblate/weblate.log
is not used anymore (and ditch it). -
Check how/if to access podman logs via file instead of "podman logs" -
Fix permissions of /var/lib/tmserver
. -
Check if some container mounts should be mounted read-only on run_in_container.sh
-- puppet-tails!74 (merged) -
Whitelist modsec rules that triggered after migration. -
Create an issue to re-evaluate ModSec config: #17874 (closed) -
Fix checks for existence of configured remotes in Git repos. -
Do not send messages from update-staging-website.py
when there are no errors. -
Fix mail queue. -
Fix changing permissions of executable files in the repositories: chmod 664 → chmod g+w
. -
Merge Weblate design docs into the website: tails!592 (merged) -
Turn on ModSec in "log-only" mode: puppet-tails!73 (merged) -
Fix the pipeline (i.e. make successful use of tails::apt
when deploying in CI) -- puppet-tails!75 (merged) -
Send e-mail to interested parties re. reproducibility of the platform. -
Configure backups for translate.lizard
's data disk. -
Delete old/backup LVM volumes (+ snapshots).
-
Edited by Zen Fu