Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107550
Change subject: Revert "Initial commit of pmacct module"
......................................................................
Revert "Initial commit of pmacct module"
This reverts commit 2e7954be2d24fe2ed6d246ce0b30f8b24750a8fa. This
violates a bunch of our conventions and really needs to go via a proper
code review process.
Change-Id: I1865d1f2c69302eca83e29eb09a17105d21590e1
---
D modules/pmacct/manifests/devices.pp
D modules/pmacct/manifests/init.pp
D modules/pmacct/manifests/makeconfig.pp
D modules/pmacct/templates/config.erb
4 files changed, 0 insertions(+), 218 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/50/107550/1
diff --git a/modules/pmacct/manifests/devices.pp
b/modules/pmacct/manifests/devices.pp
deleted file mode 100644
index a9f4339..0000000
--- a/modules/pmacct/manifests/devices.pp
+++ /dev/null
@@ -1,61 +0,0 @@
-# Class: pmacct
-#
-# List of devices speaking netflow/ipfix
-#
-# IP is needed for iptables rules changes
-# port is needed for flow and bpg config
-# samplerate is to adjust for sampling
-
-class pmacct::devices {
- # Device Listing
- $list = {
- # tpa - as65001
- cr1-sdtpa => {
- port => '6511',
- ip => '208.80.152.196',
- samplerate => '200',
- },
- # Currently running old JunOS and will not sample correctly
- #cr2-pmtpa => {
- # port => '6512',
- # ip => '208.80.152.197',
- # samplerate => '1000',
- #},
-
- # eqiad - as65002
- cr1-eqiad => {
- port => '6521',
- ip => '208.80.154.196',
- samplerate => '1000',
- },
- cr2-eqiad => {
- port => '6522',
- ip => '208.80.154.197',
- samplerate => '1000',
- },
-
- # ulsfo - as65003
- cr1-ulsfo => {
- port => '6531',
- ip => '198.35.26.192',
- samplerate => '1000',
- },
- cr2-ulsfo => {
- port => '6532',
- ip => '198.35.26.193',
- samplerate => '1000',
- },
-
- # ams - as43821
- cr1-esams => {
- port => '4381',
- ip => '91.198.174.245',
- samplerate => '1000',
- },
- cr2-knams => {
- port => '4382',
- ip => '91.198.174.246',
- samplerate => '1000',
- },
- }
-}
diff --git a/modules/pmacct/manifests/init.pp b/modules/pmacct/manifests/init.pp
deleted file mode 100644
index 3d1d098..0000000
--- a/modules/pmacct/manifests/init.pp
+++ /dev/null
@@ -1,73 +0,0 @@
-# Class: pmacct
-#
-# This installs and mangages pmacct configuraiton
-# http://www.pmacct.net/
-#
-# Will initially be added to node 'netmon1001'
-
-class pmacct {
-
- # Note: $pmacct::home does not work here... ?
- $home = '/srv/pmacct'
-
- # mysql
- $mysqlhost = '127.0.0.1'
- $mysqluser = 'pmacct'
- $mysqlpass = $passwords::pmacct::mysqlpass
-
- # Package (have a fresh one built by Faidon)
- # --enable-mysql --enable-64bit --enable-threads --enable-geoip
- # and added to our repo?
- package { 'pmacct':
- ensure => installed,
- }
-
- # User creation (not done by package)
- generic::systemuser { 'pmacct':
- name => 'pmacct',
- home => $pmacct::home,
- shell => '/bin/sh',
- }
-
- # Home directory
- file { $pmacct::home:
- ensure => 'directory',
- owner => 'pmacct',
- group => 'pmacct',
- mode => '0750',
- }
-
- # Log directory
- file { "${pmacct::home}/logs":
- ensure => 'directory',
- owner => 'pmacct',
- group => 'pmacct',
- mode => '0750',
- require => File[ $pmacct::home ],
- }
-
- # Config directory
- file { "${pmacct::home}/configs":
- ensure => 'directory',
- owner => 'pmacct',
- group => 'pmacct',
- mode => '0750',
- require => File[ $pmacct::home ],
- }
-
- # Device list (nice to keep it in it's own world)
- require 'pmacct::devices'
-
- # Iterate over the device list to create new configs
- # FIXME: Review daniel's different method for iterating over a hash..
- create_resources('pmacct::makeconfig', $pmacct::devices::list)
-
- # Iterate over the device list to verify/check iptables redirects
- # FIXME: ferm (should probably happen in one iterate...
-
-
- # FIXME: make sure services are running (not start/stop scripts)
- # ...
-}
-
-
diff --git a/modules/pmacct/manifests/makeconfig.pp
b/modules/pmacct/manifests/makeconfig.pp
deleted file mode 100644
index 65a207e..0000000
--- a/modules/pmacct/manifests/makeconfig.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-# pmacct::makeconfig
-# Generates a unique config file per device
-
-define pmacct::makeconfig ($name, $port, $ip, $samplerate) {
- # Single confile file per device
- file { "${pmacct::home}/configs/config-${name}.cfg":
- ensure => 'file',
- owner => 'pmacct',
- group => 'pmacct',
- mode => '0750',
- content => template('pmacct/config.erb'),
- require => File [ "${pmacct::home}/configs" ],
- }
-
- # Corresponding ferm rule for firewall redirect
- ferm::rule {"${name}-BGP":
- rule => "proto tcp dport 179 source ${ip} REDIRECT to-ports ${port};",
- table => 'nat',
- chain => 'PREROUTING',
- }
-}
diff --git a/modules/pmacct/templates/config.erb
b/modules/pmacct/templates/config.erb
deleted file mode 100644
index 370ee3e..0000000
--- a/modules/pmacct/templates/config.erb
+++ /dev/null
@@ -1,63 +0,0 @@
-!# Wikimedia pmacct netflow collector configuration file (one daemon per
collector)
-!# This file is managed by Puppet!
-!#
-!# Note: '!' is used for comments, '#' added for better syntax highlighting
-!#
-!# Custom configuration made from template for <%= @name %>
-
-daemonize: true
-syslog: daemon
-pidfile: /var/run/nfacctd-<%= @name %>.pid
-
-!# Maxmind Country Database
-!# FIXME: Production location variable?
-geoip_ipv4_file: /opt/maxmind/GeoIP.dat
-
-plugins: print[asn], print[country], print[port], print[iface], print[src]
-
-print_output: csv
-print_refresh_time: 300
-
-!# Enforce 5m boundaries on time windows eg 00,05,10
-print_time_roundoff: m
-
-aggregate[asn]: dst_as,as_path,peer_dst_as
-print_output_file[asn]: <%= @home %>/logs/<%= @name %>-asn-%Y%m%d-%H%M.txt
-
-aggregate[country]: dst_host_country
-print_output_file[country]: <%= @home %>/logs/<%= @name
%>-country-%Y%m%d-%H%M.txt
-
-aggregate[port]: src_port
-print_output_file[port]: <%= @home %>/logs/<%= @name
%>-src_port-%Y%m%d-%H%M.txt
-
-aggregate[iface]: out_iface
-print_output_file[iface]: <%= @home %>/logs/<%= @name
%>-interface-%Y%m%d-%H%M.txt
-
-aggregate[src]: src_host
-print_output_file[src]: <%= @home %>/logs/<%= @name %>-src_host-%Y%m%d-%H%M.txt
-
-!# Netflow UDP Port
-nfacctd_port: <%= @port %>
-
-!# Disable some warnings due to JunOS bugs
-nfacctd_disable_checks: true
-
-!# FIXME: Use a map file, which can be relaoded with a SIGUSR2
-!# Correct for sampling rate by upscaling byte counts
-nfacctd_ext_sampling_rate: <%= @samplerate %>
-nfacctd_renormalize: true
-
-!# BGP Config
-bgp_daemon: true
-bgp_daemon_max_peers: 1
-
-!# Note: JunOS does not support custom bgp ports, so we are using iptables
NAT redirect to accomplish the same locally
-!# eg. iptables --table nat --append PREROUTING --proto tcp --source
208.80.152.196 --dport 179 --jump REDIRECT --to-ports 6001
-!# Using same port number as Flow, but BGP is TCP and Flow is UDP
-bgp_daemon_port: <%= @port %>
-
-!# Rely on BGP for destination ASN (IPFIX buggy)
-nfacctd_as_new: bgp
-
-! Strip as-path to first 3 hops
-!bgp_aspath_radius: 3
--
To view, visit https://gerrit.wikimedia.org/r/107550
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1865d1f2c69302eca83e29eb09a17105d21590e1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
