2022-12-29: Deploy to gprd

Production Change

Change Summary

This issue is reserved for promoting (deploying) an auto-deploy package to gprd on 2022-12-29.

Reasons for this deployment:

• Reduce risk: to prevent commits from piling up and have a big deployment after the PCL lifts
• Business continuity: to allow a security release to be performed in the first week of January 2023.

Change Details

1. Services Impacted - GitLab.com
2. Change Technician - @ahyield
3. Change Reviewer - @mbursi
4. Time tracking - ~90m
5. Downtime Component - N/A

Detailed steps for the change

Change Steps - steps to take to execute the change

During early EMEA working hours

• Inform EOC
• Set label changein-progress /label ~change::in-progress
• Search for the latest successful deployment in gstg-cny, write down the package and link to the coordinated pipeline: 15.8.202212290620-d5b1b283fd4.2f0f30f3743 / https://ops.gitlab.net/gitlab-com/gl-infra/deployer/-/pipelines/1635047
• Add the CHANGE_LOCK_OVERRIDE environment variable to the deployer project, the value is true and it should not be protected.
• On the gprd-cny pipeline, search and restart the gprd-cny-change-lock job.
• Once the gprd-cny-change-lock has finished, remove the CHANGE_LOCK_OVERRIDE environment variable from the project settings. This is important as it will prevent further deployments to gprd-cny
• Unlock gprd-cny: /chatops run deploy unlock gprd-cny.
• Promote the package to gprd-cny.
• Lock gprd-cny: /chatops run deploy lock gprd-cny. This can be done after the gprd-cny-prepare job has finished.
• Promote the package to gstg and gprd.
  • The deployment to gprd also has a job to verify the changelock (gprd-change-lock), the CHANGE_LOCK_OVERRIDE variable will need to be added to continue with the deployment, and removed after the gprd-change-lock job has succeeded.
• Remove changein-progress and add changecomplete

Rollback

Rollback steps - steps to be taken in the event of a need to rollback this change

• Normal rolling back procedure for deployment https://gitlab.com/gitlab-org/release/docs/-/blob/master/runbooks/rollback-a-deployment.md

Change Reviewer checklist

C4 C3 C2 C1:

• Check if the following applies:
  • The scheduled day and time of execution of the change is appropriate.
  • The change plan is technically accurate.
  • The change plan includes estimated timing values based on previous testing.
  • The change plan includes a viable rollback plan.
  • The specified metrics/monitoring dashboards provide sufficient visibility for the change.

C2 C1:

• Check if the following applies:
  • The complexity of the plan is appropriate for the corresponding risk of the change. (i.e. the plan contains clear details).
  • The change plan includes success measures for all steps/milestones during the execution.
  • The change adequately minimizes risk within the environment/service.
  • The performance implications of executing the change are well-understood and documented.
  • The specified metrics/monitoring dashboards provide sufficient visibility for the change.
    • If not, is it possible (or necessary) to make changes to observability platforms for added visibility?
  • The change has a primary and secondary SRE with knowledge of the details available during the change window.
  • The labels blocks deployments and/or blocks feature-flags are applied as necessary

Change Technician checklist

• Check if all items below are complete:
  • The change plan is technically accurate.
  • This Change Issue is linked to the appropriate Issue and/or Epic
  • Change has been tested in staging and results noted in a comment on this issue.
  • A dry-run has been conducted and results noted in a comment on this issue.
  • The change execution window respects the Production Change Lock periods.
  • For C1 and C2 change issues, the change event is added to the GitLab Production calendar.
  • For C1 and C2 change issues, the SRE on-call has been informed prior to change being rolled out. (In #production channel, mention @sre-oncall and this issue and await their acknowledgement.)
  • For C1 and C2 change issues, the SRE on-call provided approval with the eoc_approved label on the issue.
  • For C1 and C2 change issues, the Infrastructure Manager provided approval with the manager_approved label on the issue.
  • Release managers have been informed (If needed! Cases include DB change) prior to change being rolled out. (In #production channel, mention @release-managers and this issue and await their acknowledgment.)
  • There are currently no active incidents that are severity1 or severity2
  • If the change involves doing maintenance on a database host, an appropriate silence targeting the host(s) should be added for the duration of the change.