Page MenuHomePhabricator
Create Task
Maniphest T416707

Sunsetting mirrors.wikimedia.org
Open, MediumPublic
Actions

Description

We've been operating a Debian mirror since approx. ten years (it also hosts a mirror of Ubuntu, Tails and Debian Openstack Backports repository). This has historically been a great way to contribute back to our favourite OS. But Debian defaults to the deb.debian.org CDN since many years and that shrank the use of the traditional mirrors significantly.

Despite being part of the ftp.us.debian.org mirror rotation our mirror is hardly used these days, even despite idiotic AI scrapers hitting the server randomly and excessively, our bandwidth usage practically never exceeds 10% of the available bandwidth (and usually even less than that).

The current server is ending it's hardware lifespan, so in the current state it currently does not really make sense to refresh it, so we'll likely decommision it entirely.

Details

Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

MoritzMuehlenhoff created this task.Feb 6 2026, 3:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 6 2026, 3:29 PM
MoritzMuehlenhoff triaged this task as Medium priority.Feb 6 2026, 3:29 PM
ayounsi awarded a token.Feb 6 2026, 6:17 PM
MoritzMuehlenhoff mentioned this in Unknown Object (Task).Feb 18 2026, 10:10 PM
Fabfur subscribed.Mar 16 2026, 4:34 PM
gerritbot added a comment.Mar 20 2026, 12:25 PM

Change #1256371 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Switch our servers to use deb.debian.org

https://gerrit.wikimedia.org/r/1256371

gerritbot added a project: Patch-For-Review.Mar 20 2026, 12:25 PM
bking subscribed.Mar 23 2026, 9:29 PM
Andrew subscribed.Mar 26 2026, 10:33 PM

Hi folks! Any idea when this is likely to happen? I will need to coordinate for openstack nodes which use a bespoke openstack repo hosted on the mirror.

LSobanski subscribed.Apr 6 2026, 1:10 PM

The alert MirrorHighLag has started firing 1 month ago. Would it make sense to disable it at this point?

Labels
alertname=MirrorHighLag
cluster=misc
instance=mirror1001:9100
job=node
path=/srv/mirrors/ubuntu
prometheus=ops
severity=warning
site=eqiad
source=prometheus
team=infrastructure-foundations
Annotations
NameContent
dashboardhttps://grafana.wikimedia.org/d/dbd8a904-eab2-48d1-a3b9-fa1851ef3ed2/mirrors?orgId=1
descriptionMirrors - /srv/mirrors/ubuntu synchronization lag is behind 38d 16h 31m 9s
runbookhttps://wikitech.wikimedia.org/wiki/Mirrors
summaryMirrors - /srv/mirrors/ubuntu synchronization lag
Links
Triage metadata. Do not delete.
fingerprint=60b74e4f03d5302a
gerritbot added a comment.Apr 7 2026, 9:13 AM

Change #1256371 merged by Muehlenhoff:

[operations/puppet@production] Switch our servers to use deb.debian.org

https://gerrit.wikimedia.org/r/1256371

Maintenance_bot removed a project: Patch-For-Review.Apr 7 2026, 9:31 AM
gerritbot added a comment.Apr 7 2026, 9:33 AM

Change #1268515 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Switch three test systems to deb.debian.org

https://gerrit.wikimedia.org/r/1268515

gerritbot added a project: Patch-For-Review.Apr 7 2026, 9:33 AM
gerritbot added a comment.Apr 7 2026, 9:39 AM

Change #1268515 merged by Muehlenhoff:

[operations/puppet@production] Switch three test systems to deb.debian.org

https://gerrit.wikimedia.org/r/1268515

gerritbot added a comment.Apr 7 2026, 10:04 AM

Change #1268522 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Switch our servers to use deb.debian.org

https://gerrit.wikimedia.org/r/1268522

gerritbot added a comment.Apr 9 2026, 1:30 PM

Change #1268522 merged by Muehlenhoff:

[operations/puppet@production] Switch our servers to use deb.debian.org

https://gerrit.wikimedia.org/r/1268522

Maintenance_bot removed a project: Patch-For-Review.Apr 9 2026, 1:30 PM
Jdforrester-WMF created subtask T423596: Adjust WMCS Gitlab CI/CD repo to stop using mirrors.wikimedia.org.Apr 16 2026, 1:14 PM
A_smart_kitten subscribed.Apr 16 2026, 1:31 PM
MoritzMuehlenhoff created subtask T423598: Migrate our use of osbpo away from mirrors.wikimedia.org.Apr 16 2026, 1:37 PM
kevinbazira subscribed.Apr 16 2026, 1:46 PM
thcipriani added a project: Release-Engineering-Team (Radar).Apr 16 2026, 2:31 PM
thcipriani added subscribers: dduvall, thcipriani.

Checking my understanding of "sunsetting" here:

  • We're no longer hosting a mirror? vs.
  • the mirrors.wikimedia.org url will cease to function?

Currently all the base docker images have mirrors in their apt source:

(◍•ᴗ•◍)❤ docker run --rm -it docker-registry.wikimedia.org/trixie:20260412 cat /etc/apt/sources.list | grep mirrors
deb http://mirrors.wikimedia.org/debian/ trixie main
deb http://mirrors.wikimedia.org/debian/ trixie-updates main
deb http://mirrors.wikimedia.org/debian/ trixie-backports main contrib
(◍•ᴗ•◍)❤ docker run --rm -it docker-registry.wikimedia.org/bookworm:20260412 cat /etc/apt/sources.list | grep mirrors
deb http://mirrors.wikimedia.org/debian/ bookworm main
deb http://mirrors.wikimedia.org/debian/ bookworm-updates main
deb http://mirrors.wikimedia.org/debian/ bookworm-backports main contrib
(◍•ᴗ•◍)❤ docker run --rm -it docker-registry.wikimedia.org/bullseye:20260412 cat /etc/apt/sources.list | grep mirrors
deb http://mirrors.wikimedia.org/debian/ bullseye main
deb http://mirrors.wikimedia.org/debian/ bullseye-updates main

Trying to think through the consequences of this for CI images and pipeline building (CC @dduvall )

SomeRandomDeveloper subscribed.Apr 16 2026, 2:53 PM
MoritzMuehlenhoff added a comment.Apr 16 2026, 3:07 PM
In T416707#11829949, @thcipriani wrote:

Checking my understanding of "sunsetting" here:

  • We're no longer hosting a mirror? vs.
  • the mirrors.wikimedia.org url will cease to function?

These are both true. We will no longer operate a mirror (which is running under mirrors.wikimedia.org), so these image should be built using deb.debian.org as the mirror going forward.

thcipriani created subtask T423622: New base images without mirrors.wikimedia.org.Apr 16 2026, 4:10 PM
NightWolf1223 subscribed.Apr 16 2026, 4:39 PM
bd808 subscribed.Apr 16 2026, 8:18 PM
In T416707#11830231, @MoritzMuehlenhoff wrote:

These are both true. We will no longer operate a mirror (which is running under mirrors.wikimedia.org), so these image should be built using deb.debian.org as the mirror going forward.

And going backward? Is there a way we can help "cool URIs don't change" by redirecting mirrors.wikimedia.org elsewhere?

A_smart_kitten added a comment.Apr 16 2026, 9:24 PM
In T416707#11831547, @bd808 wrote:

And going backward? Is there a way we can help "cool URIs don't change" by redirecting mirrors.wikimedia.org elsewhere?

I'm obviously not WMF staff; but from e.g. T243056#6095651 it feels like a .wikimedia.org URL maybe shouldn't be redirected to an alternative mirror-site that isn't controlled by the WMF. But maybe e.g. collaboration-services could host a microsite at the mirrors.wikimedia.org domain, that just serves to point to alternative mirrors/sites for the downloads that it's currently providing?

bd808 added subscribers: Krinkle, Jdforrester-WMF.Apr 16 2026, 9:47 PM
In T416707#11831821, @A_smart_kitten wrote:

But maybe e.g. collaboration-services could host a microsite at the mirrors.wikimedia.org domain, that just serves to point to alternative mirrors/sites for the downloads that it's currently providing?

That would fix nothing of value for me. The problem is needing to update the apt sources for anything that is currently pointed to mirrors.wikimedia.org. A redirect would keep that working, at least for a bit. A static page telling me that mirrors.wikimedia.org has been taken offline as an apt repo would still leave everything broken.

I assume that @Krinkle and @Jdforrester-WMF were concerned about things like HTTP cookie leaks in that exchange, but maybe there is something even more insidious that I'm not considering. Anyway, I'd like to hear from a WMF SRE making system changing decisions on the general topic.

LSobanski added a comment.Apr 17 2026, 5:58 AM

@bd808 In addition to the good point raised by @A_smart_kitten above the general intent here is to reduce complexity. Leaving a dependency that is no longer tied to a service and has potential to break silently in the future would go against that. The preference is for end users to switch to the canonical (no pun intended) way of accessing repositories.

gerritbot added a comment.Apr 17 2026, 6:52 AM

Change #1273441 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Switch Cloud VPS to deb.debian.org

https://gerrit.wikimedia.org/r/1273441

gerritbot added a project: Patch-For-Review.Apr 17 2026, 6:52 AM
Nemoralis added a project: User-notice.Apr 17 2026, 7:04 AM
Nemoralis moved this task from To Triage to Announce in next Tech/News on the User-notice board.Apr 17 2026, 7:15 AM
STei-WMF moved this task from Announce in next Tech/News to In current Tech/News draft on the User-notice board.Apr 17 2026, 11:44 AM
gerritbot added a comment.Apr 20 2026, 9:46 AM

Change #1273441 merged by Muehlenhoff:

[operations/puppet@production] Switch Cloud VPS to deb.debian.org

https://gerrit.wikimedia.org/r/1273441

Maintenance_bot removed a project: Patch-For-Review.Apr 20 2026, 10:33 AM
Krinkle unsubscribed.Apr 20 2026, 10:57 AM
Jdforrester-WMF changed the status of subtask T423622: New base images without mirrors.wikimedia.org from Open to In Progress.Apr 20 2026, 2:51 PM
Jdforrester-WMF closed subtask T423622: New base images without mirrors.wikimedia.org as Resolved.Apr 20 2026, 6:42 PM
thcipriani created subtask T423971: Update default GitLab runner image to a base image without mirrors.wikimedia.org.Apr 21 2026, 12:00 AM
thcipriani created subtask T423972: Rebuild dev-images using a base image without mirrors.wikimedia.org in the apt sources.Apr 21 2026, 12:02 AM
Novem_Linguae subscribed.Apr 21 2026, 3:00 PM
STei-WMF moved this task from In current Tech/News draft to Already announced/Archive on the User-notice board.Apr 23 2026, 7:53 PM
Andrew closed subtask T423598: Migrate our use of osbpo away from mirrors.wikimedia.org as Resolved.Apr 29 2026, 4:31 PM
dancy closed subtask T423971: Update default GitLab runner image to a base image without mirrors.wikimedia.org as Resolved.Apr 30 2026, 5:23 PM
gerritbot added a comment.Wed, May 27, 1:12 PM

Change #1294284 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Retire the Ubuntu mirror

https://gerrit.wikimedia.org/r/1294284

gerritbot added a project: Patch-For-Review.Wed, May 27, 1:12 PM
gerritbot added a comment.Wed, May 27, 1:14 PM

Change #1294285 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] autoinstall: Stop using mirrors.wikimedia.org

https://gerrit.wikimedia.org/r/1294285

gerritbot added a comment.Wed, May 27, 2:30 PM

Change #1294306 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] mirrors: Disable tails mirror

https://gerrit.wikimedia.org/r/1294306

MoritzMuehlenhoff added a comment.Thu, May 28, 7:12 AM

I opened a ticket at https://anonticket.torproject.org/ and mirrors.wikimedia.org has been removed from the download mirror rotation for Tails.

gerritbot added a comment.Thu, May 28, 9:04 AM

Change #1294285 merged by Muehlenhoff:

[operations/puppet@production] autoinstall: Stop using mirrors.wikimedia.org

https://gerrit.wikimedia.org/r/1294285

gerritbot added a comment.Thu, May 28, 9:20 AM

Change #1294306 merged by Muehlenhoff:

[operations/puppet@production] mirrors: Disable tails mirror

https://gerrit.wikimedia.org/r/1294306

gerritbot added a comment.Thu, May 28, 9:26 AM

Change #1294938 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove remaining bits of Tails mirror

https://gerrit.wikimedia.org/r/1294938

gerritbot added a comment.Thu, May 28, 10:59 AM

Change #1294938 merged by Muehlenhoff:

[operations/puppet@production] Remove remaining bits of Tails mirror

https://gerrit.wikimedia.org/r/1294938

gerritbot added a comment.Thu, May 28, 12:29 PM

Change #1294980 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] mirrors: Disable osbpo sync

https://gerrit.wikimedia.org/r/1294980

gerritbot added a comment.Fri, May 29, 6:52 AM

Change #1295362 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] package_builder: Switch to deb.debian.org

https://gerrit.wikimedia.org/r/1295362

gerritbot added a comment.Fri, May 29, 10:27 AM

Change #1295362 merged by Muehlenhoff:

[operations/puppet@production] package_builder: Switch to deb.debian.org

https://gerrit.wikimedia.org/r/1295362

gerritbot added a comment.Mon, Jun 1, 3:10 PM

Change #1295945 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] autoinstall: Switch to deb.debian.org

https://gerrit.wikimedia.org/r/1295945

gerritbot added a comment.Mon, Jun 1, 3:12 PM

Change #1295945 merged by Muehlenhoff:

[operations/puppet@production] autoinstall: Switch to deb.debian.org

https://gerrit.wikimedia.org/r/1295945

gerritbot added a comment.Mon, Jun 1, 4:01 PM

Change #1295956 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] autoinstall: Switch to deb.debian.org

https://gerrit.wikimedia.org/r/1295956

gerritbot added a comment.Tue, Jun 2, 10:04 AM

Change #1295956 merged by Muehlenhoff:

[operations/puppet@production] autoinstall: Switch to deb.debian.org

https://gerrit.wikimedia.org/r/1295956

gerritbot added a comment.Fri, Jun 12, 6:41 AM

Change #1294980 merged by Muehlenhoff:

[operations/puppet@production] mirrors: Disable osbpo sync

https://gerrit.wikimedia.org/r/1294980

gerritbot added a comment.Fri, Jun 12, 6:52 AM

Change #1301232 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] mirrors: Removing remaining bits of osbpo mirror

https://gerrit.wikimedia.org/r/1301232

gerritbot added a comment.Fri, Jun 12, 7:04 AM

Change #1301232 merged by Muehlenhoff:

[operations/puppet@production] mirrors: Removing remaining bits of osbpo mirror

https://gerrit.wikimedia.org/r/1301232

gerritbot added a comment.Fri, Jun 12, 7:18 AM

Change #1301237 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/alerts@master] Stop monitoring the Ubuntu part of our mirror

https://gerrit.wikimedia.org/r/1301237

gerritbot added a comment.Fri, Jun 12, 7:20 AM

Change #1301238 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] mirrors: Disable the NRPE check for the Ubuntu mirror

https://gerrit.wikimedia.org/r/1301238

gerritbot added a comment.Fri, Jun 12, 7:38 AM

Change #1301237 merged by Muehlenhoff:

[operations/alerts@master] Stop monitoring the Ubuntu part of our mirror

https://gerrit.wikimedia.org/r/1301237

gerritbot added a comment.Fri, Jun 12, 9:08 AM

Change #1301238 merged by Muehlenhoff:

[operations/puppet@production] mirrors: Disable the NRPE check for the Ubuntu mirror

https://gerrit.wikimedia.org/r/1301238

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits