This Tuesday at 17:00 UTC we'll be switching over from our old
opendj-based ldap servers to new openldap-based ldap servers.
If all goes well, this should be largely unnoticeable to end-users.
Lots of things depend on ldap, though, so we may see some weird,
unpredictable behaviors during the switchover.
During the transition, the old servers will be marked as read-only. For
this reason I advise against doing any stateful work during the
maintenance window. Specifically: account, project and instance
creation on wikitech are likely to misfire in complicated and unpleasant
ways.
Here are some other things which should not break, but require ldap and
are therefore subject to the whims of fate:
- shell auth on all labs instances
- sudo policies on all labs instances
- public dns for the
wmflabs.org domain
- all cron jobs on tools
- most of wikitech
- user login to monitoring tools
Moritz, Coren and I will be available on IRC during the scheduled window
to troubleshoot issues if and when they arise.
-Andrew