Andrew Bogott has submitted this change and it was merged.
Change subject: labmon: Split role::graphite into base role and prod/labmon
roles
......................................................................
labmon: Split role::graphite into base role and prod/labmon roles
Also add some documentation.
Change-Id: I660a143357d600bc26be4c7f6b29a90e69f40da0
---
M manifests/role/graphite.pp
M manifests/role/labmon.pp
M manifests/site.pp
3 files changed, 68 insertions(+), 30 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/graphite.pp b/manifests/role/graphite.pp
index 1d023bc..7ddfbbf 100644
--- a/manifests/role/graphite.pp
+++ b/manifests/role/graphite.pp
@@ -1,4 +1,24 @@
-class role::graphite($storage_dir = false) {
+# == Class: role::graphite::base
+# Base class for setting up a graphite instance.
+#
+# Sets up graphite + carbon listeners, with 8 carbon listeners running on
localhost
+# feeding data into graphite.
+# Also sets up basic icinga checks.
+#
+# === Parameters
+#
+# [*storage_dir*]
+#
+# Location to store the whisper files used by graphite in
+#
+# [*auth*]
+#
+# Set to true to enable LDAP based authentication to access the graphite
interface
+#
+class role::graphite::base(
+ $storage_dir = '/var/lib/carbon',
+ $auth = true,
+) {
include ::passwords::graphite
if ($::realm == 'labs') {
@@ -10,14 +30,7 @@
description => 'real-time metrics processor',
}
- if $storage_dir == false {
- $carbon_storage_dir = $::realm ? {
- labs => '/srv/carbon',
- default => '/var/lib/carbon',
- }
- } else {
- $carbon_storage_dir = $storage_dir
- }
+ $carbon_storage_dir = $storage_dir
class { '::graphite':
storage_schemas => {
@@ -155,21 +168,23 @@
$hostname = 'graphite-beta.wmflabs.org'
}
} else {
- # Production
- include ::passwords::ldap::production
- include ::apache::mod::authnz_ldap
+ if $auth {
+ # Production
+ include ::passwords::ldap::production
+ include ::apache::mod::authnz_ldap
- $hostname = 'graphite.wikimedia.org'
- $ldap_authurl = 'ldaps://virt1000.wikimedia.org
virt0.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn'
- $ldap_bindpass = $passwords::ldap::production::proxypass
- $ldap_binddn = 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
- $ldap_groups = [
- 'cn=ops,ou=groups,dc=wikimedia,dc=org',
- 'cn=nda,ou=groups,dc=wikimedia,dc=org',
- 'cn=wmf,ou=groups,dc=wikimedia,dc=org'
- ]
- $auth_realm = 'WMF Labs (use wiki login name not shell)'
- $apache_auth = template('graphite/apache-auth-ldap.erb')
+ $hostname = 'graphite.wikimedia.org'
+ $ldap_authurl = 'ldaps://virt1000.wikimedia.org
virt0.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn'
+ $ldap_bindpass = $passwords::ldap::production::proxypass
+ $ldap_binddn = 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
+ $ldap_groups = [
+ 'cn=ops,ou=groups,dc=wikimedia,dc=org',
+ 'cn=nda,ou=groups,dc=wikimedia,dc=org',
+ 'cn=wmf,ou=groups,dc=wikimedia,dc=org'
+ ]
+ $auth_realm = 'WMF Labs (use wiki login name not shell)'
+ $apache_auth = template('graphite/apache-auth-ldap.erb')
+ }
monitor_graphite_threshold { 'reqstats_5xx':
description => 'HTTP 5xx req/min',
@@ -190,9 +205,6 @@
check_window => 100,
over => true
}
- include ::mediawiki::monitoring::graphite
- include ::eventlogging::monitoring::graphite
- include ::swift::monitoring::graphite
}
apache::site { $hostname:
@@ -210,3 +222,31 @@
check_command => 'check_http_url!graphite.wikimedia.org!/render',
}
}
+
+# == Class: role::graphite::production
+#
+# Set up graphite instance for production.
+# Also includes icinga checks for anomalies for Mediawiki, EL & Swift metrics
+# Instance requires people to authenticate via LDAP before they can see
metrics.
+#
+class role::graphite::production {
+ class { 'role::graphite::base':
+ storage_dir => '/var/lib/carbon',
+ auth => true,
+ }
+
+ include ::mediawiki::monitoring::graphite
+ include ::eventlogging::monitoring::graphite
+ include ::swift::monitoring::graphite
+}
+
+# == Class: role::graphite::labmon
+#
+# Sets up graphite instance for monitoring labs, running on production
hardware.
+# Instance is open to all, no password required to see metrics
+class role::graphite::labmon {
+ class { 'role::graphite::base':
+ storage_dir => '/srv/carbon',
+ auth => false,
+ }
+}
diff --git a/manifests/role/labmon.pp b/manifests/role/labmon.pp
index 3bff3b8..9b6e064 100644
--- a/manifests/role/labmon.pp
+++ b/manifests/role/labmon.pp
@@ -3,9 +3,7 @@
class role::labmon {
- class { 'role::graphite':
- storage_dir => '/srv/carbon'
- }
+ class { 'role::graphite::labmon': }
file { '/var/lib/carbon':
ensure => link,
diff --git a/manifests/site.pp b/manifests/site.pp
index 44f835a..50d030c 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2738,7 +2738,7 @@
node 'tungsten.eqiad.wmnet' {
include admin
include standard
- include role::graphite
+ include role::graphite::production
include role::txstatsd
include role::gdash
include role::mwprof
--
To view, visit https://gerrit.wikimedia.org/r/155064
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I660a143357d600bc26be4c7f6b29a90e69f40da0
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
