Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • S sysadmin
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 84
    • Issues 84
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • tails
  • sysadmin
  • Issues
  • #17870
Closed
Open
Issue created Oct 20, 2021 by Zen Fu@zenMaintainer51 of 51 checklist items completed51/51 checklist items

Migrate the Translation Platform to use a containerized Weblate

  • Part of: #17782 (closed)
  • MR: puppet-tails!58 (merged)

Migration plan

Preliminary steps:

  • Deploy the container-based platform in development environment, test all functionality.
  • Schedule downtime period for migration: Oct 28-29 2021 → Message sent to tails-l10n@.

Migration steps:

  1. Create a backup of the last working state:
    • Disable Puppet Agent.
    • Disable the website.
    • Create backups of data and database (takes a bit less than 1h)
    • Copy the backups elsewhere.
    • Shutdown the VM.
    • Snapshot the disk volume.
  2. Install the new platform:
    • Install a fresh Debian Bullseye VM.
    • Merge puppet-tails!58 (merged)
    • Add the newly installed VM to Puppet.
    • Run Puppet until it converges.
  3. Restore Weblate from backups:
    • Disable Puppet Agent.
    • Protect Weblate with a temporary password.
    • Restore database.
    • Restore repositories and fix ownership and permissions.
  4. Check that the platform works fine:
    • Accepting a suggestion creates a commit in the Git repo.
    • Check that integration with the website works (tip: create new SSH key and push to Gitolite config).
    • Ensure that building the staging wiki works.
    • Check updating of Translation Memory works.
    • Check that permissions enforcement works.
    • Get help to double check whether everything works fine.
  5. Enable the platform:
    • Enable Puppet Agent.
    • Open Weblate to the public.
  6. Wrap up:
    • Fix ownership of /var/log/weblate/update.log (+ other logfiles): should be 2001000:weblate.
    • Fix monitoring of translate.lizard.
    • Remove celery monitoring.
    • Check old logs for clues about unexpected permissions.
    • Double check VM creation checklist
    • Update PXE installer with newer images (i.e. Bullseye).
    • Check re. need of puppetizing loginctl enable-linger 2000000.
    • Fix Puppet error:
      Error: Facter: error while resolving custom fact "podman":
      cannot merge "/run/podman/podman.sock":String and "/run/user/0/podman/podman.sock":String
    • Document some commands (tails!660 (merged)):
      # Some of the commands below have to be executed in a directory readable to the user `weblate` (eg. /tmp).
      sudo -u weblate XDG_RUNTIME_DIR=/run/user/2000000 systemctl --user stop podman-weblate
      cd /tmp; sudo -u weblate podman logs -f --tail=1 weblate
      sudo -u weblate podman exec -t -i weblate /bin/bash
      sudo tail -f /var/log/weblate/update.log
      sudo -u weblate /var/lib/weblate/scripts/run_in_container.sh /scripts/cron.sh
      sudo -u weblate /var/lib/weblate/scripts/run_in_container.sh /scripts/weblate_permissions.py --enforce
      sudo -u weblate /var/lib/weblate/scripts/update_tm.sh
    • Document or puppetize generation of Weblate SSH key for weblate-gatekeeper.git.
    • Allow service admins to read Apache logs
    • Document that /var/log/weblate/weblate.log is not used anymore (and ditch it).
    • Check how/if to access podman logs via file instead of "podman logs"
    • Fix permissions of /var/lib/tmserver.
    • Check if some container mounts should be mounted read-only on run_in_container.sh -- puppet-tails!74 (merged)
    • Whitelist modsec rules that triggered after migration.
    • Create an issue to re-evaluate ModSec config: #17874
    • Fix checks for existence of configured remotes in Git repos.
    • Do not send messages from update-staging-website.py when there are no errors.
    • Fix mail queue.
    • Fix changing permissions of executable files in the repositories: chmod 664 → chmod g+w.
    • Merge Weblate design docs into the website: tails!592 (merged)
    • Turn on ModSec in "log-only" mode: puppet-tails!73 (merged)
    • Fix the pipeline (i.e. make successful use of tails::apt when deploying in CI) -- puppet-tails!75 (merged)
    • Send e-mail to interested parties re. reproducibility of the platform.
    • Configure backups for translate.lizard's data disk.
    • Delete old/backup LVM volumes (+ snapshots).
Edited Nov 17, 2021 by Zen Fu
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking