This switch-over is done, and we've confirmed that all services (that we can think of) are working. Caveats:
1) If your labs instance has stopped working (or you can't reach it), ping me or Coren on IRC and we'll have a look.
2) If you have any hard-coded references to neptunium or nembus (e.g. in a labs instance) please change them to seaborgium and serpens, respectively
3) We're leaving the old ldap servers up in read-only mode for a day or so. If everything is working for you now but in a few days things break, that's probably because you didn't do step 2. Act now!
Many thanks to Moritz for setting up the new ldap servers. And, thanks also to everyone who helped test!
On 12/3/15 12:07 PM, Andrew Bogott wrote:
This Tuesday at 17:00 UTC we'll be switching over from our old opendj-based ldap servers to new openldap-based ldap servers.
If all goes well, this should be largely unnoticeable to end-users. Lots of things depend on ldap, though, so we may see some weird, unpredictable behaviors during the switchover.
During the transition, the old servers will be marked as read-only. For this reason I advise against doing any stateful work during the maintenance window. Specifically: account, project and instance creation on wikitech are likely to misfire in complicated and unpleasant ways.
Here are some other things which should not break, but require ldap and are therefore subject to the whims of fate:
- shell auth on all labs instances
- sudo policies on all labs instances
- public dns for the domain
- all cron jobs on tools
- most of wikitech
- user login to monitoring tools
Moritz, Coren and I will be available on IRC during the scheduled window to troubleshoot issues if and when they arise.