2023-05-02: Chef client failing on gitaly nodes
Customer Impact
No direct customer impact, new deploys were blocked on gitaly nodes
Current Status
The secret migration from GKMS to Hashicorp Vault was broken by a residual chef attribute that needed to be unset for the new calling convention. After fixing that and reconciling the naming convention of the stored secret, the chef runs started working again.
The secret being migrated between vaults was for the periodic host profiling's access to its GCS bucket. Currently we only use that recipe on Gitaly nodes (which is why this incident only affected those nodes). After fixing chef, we confirmed that the periodic profiler continues to successfully push data to its bucket, so the secret migration succeeded.
📚 References and helpful links
Recent Events (available internally only):
- Feature Flag Log - Chatops to toggle Feature Flags Documentation
- Infrastructure Configurations
- GCP Events (e.g. host failure)
Deployment Guidance
- Deployments Log | Gitlab.com Latest Updates
- Reach out to Release Managers for S1/S2 incidents to discuss Rollbacks, Hot Patching or speeding up deployments. | Rollback Runbook | Hot Patch Runbook
Use the following links to create related issues to this incident if additional work needs to be completed after it is resolved:
- Corrective action ❙ Infradev
- Incident Review ❙ Infra investigation followup
- Confidential Support contact ❙ QA investigation
Note: In some cases we need to redact information from public view. We only do this in a limited number of documented cases. This might include the summary, timeline or any other bits of information, laid out in out handbook page. Any of this confidential data will be in a linked issue, only visible internally. By default, all information we can share, will be public, in accordance to our transparency value.