Giuseppe Lavagetto has uploaded a new change for review.
https://gerrit.wikimedia.org/r/191891
Change subject: admin: move to hiera, use roles/2
......................................................................
admin: move to hiera, use roles/2
See T86774
Change-Id: I06c9a32ee4455e45b6ee52bbb8981d8cacafbf98
---
A hieradata/hosts/ruthenium.yaml
M hieradata/hosts/tin.yaml
A hieradata/role/common/ci/slave.yaml
A hieradata/role/common/eventlogging.yaml
A hieradata/role/common/eventlogging/graphite.yaml
M hieradata/role/common/mail/mx.yaml
A hieradata/role/common/pmacct.yaml
M manifests/site.pp
8 files changed, 33 insertions(+), 42 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/91/191891/1
diff --git a/hieradata/hosts/ruthenium.yaml b/hieradata/hosts/ruthenium.yaml
new file mode 100644
index 0000000..7172377
--- /dev/null
+++ b/hieradata/hosts/ruthenium.yaml
@@ -0,0 +1,3 @@
+admin::groups:
+ - parsoid-roots
+ - parsoid-admin
diff --git a/hieradata/hosts/tin.yaml b/hieradata/hosts/tin.yaml
index ad6ac4b..6595a39 100644
--- a/hieradata/hosts/tin.yaml
+++ b/hieradata/hosts/tin.yaml
@@ -3,3 +3,7 @@
- eqiad.wmnet
- esams.wikimedia.org
mediawiki::users::web: www-data
+admin::groups:
+ - deployment
+ - parsoid-admin
+ - ocg-render-admins
diff --git a/hieradata/role/common/ci/slave.yaml
b/hieradata/role/common/ci/slave.yaml
new file mode 100644
index 0000000..de5b57b
--- /dev/null
+++ b/hieradata/role/common/ci/slave.yaml
@@ -0,0 +1,4 @@
+admin::groups:
+ - contint-users
+ - contint-admins
+ - contint-roots
diff --git a/hieradata/role/common/eventlogging.yaml
b/hieradata/role/common/eventlogging.yaml
new file mode 100644
index 0000000..86f9540
--- /dev/null
+++ b/hieradata/role/common/eventlogging.yaml
@@ -0,0 +1,3 @@
+admin::groups:
+ - eventlogging-admins
+ - eventlogging-roots
diff --git a/hieradata/role/common/eventlogging/graphite.yaml
b/hieradata/role/common/eventlogging/graphite.yaml
new file mode 100644
index 0000000..86f9540
--- /dev/null
+++ b/hieradata/role/common/eventlogging/graphite.yaml
@@ -0,0 +1,3 @@
+admin::groups:
+ - eventlogging-admins
+ - eventlogging-roots
diff --git a/hieradata/role/common/mail/mx.yaml
b/hieradata/role/common/mail/mx.yaml
index 7ad0377..d32b0db 100644
--- a/hieradata/role/common/mail/mx.yaml
+++ b/hieradata/role/common/mail/mx.yaml
@@ -1 +1,3 @@
standard::has_default_mail_relay: false
+admin::groups:
+ - oit
diff --git a/hieradata/role/common/pmacct.yaml
b/hieradata/role/common/pmacct.yaml
new file mode 100644
index 0000000..4a9a3ab
--- /dev/null
+++ b/hieradata/role/common/pmacct.yaml
@@ -0,0 +1,2 @@
+admin::groups:
+ - pmacct-roots
diff --git a/manifests/site.pp b/manifests/site.pp
index 9d1bea2..de7b93f 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1355,10 +1355,9 @@
node 'lanthanum.eqiad.wmnet' {
- class { 'admin': groups => ['contint-users', 'contint-admins',
'contint-roots'] }
-
+ role ci::slave
include standard
- include role::ci::slave # RT #5074
+ include admin
# lanthanum received a SSD drive just like gallium (RT #5178) mount it
file { '/srv/ssd':
@@ -1377,7 +1376,6 @@
}
node 'lithium.eqiad.wmnet' {
- $cluster = 'misc'
include admin
include standard
@@ -2045,10 +2043,9 @@
}
node 'polonium.wikimedia.org' {
- class { 'admin': groups => ['oit'] }
role mail::mx
-
include standard
+ include admin
interface::add_ip6_mapped { 'main': }
@@ -2100,20 +2097,15 @@
# netflow machine (jkrauska)
node 'rhenium.wikimedia.org' {
+ role pmacct
include standard
- include role::pmacct
- class { 'admin': groups => ['pmacct-roots'] }
+ include admin
}
# ruthenium is a parsoid regression test server
# https://www.mediawiki.org/wiki/Parsoid/Round-trip_testing
node 'ruthenium.eqiad.wmnet' {
- class { 'admin':
- groups => [
- 'parsoid-roots',
- 'parsoid-admin',
- ]
- }
+ include admin
include standard
}
@@ -2286,12 +2278,9 @@
}
node 'lead.wikimedia.org' {
- class { 'admin': groups => ['oit'] }
-
role mail::mx
-
include standard
-
+ include admin
interface::add_ip6_mapped { 'main': }
}
@@ -2314,14 +2303,7 @@
include ssh::hostkeys-collect
include role::apachesync
include role::releases::upload
-
- class { 'admin':
- groups => [
- 'deployment',
- 'parsoid-admin',
- 'ocg-render-admins',
- ]
- }
+ include admin
# for reedy RT #6322
package { 'unzip':
@@ -2356,15 +2338,9 @@
# Receives log data from varnishes (udp 8422) and Apaches (udp 8421),
# processes it, and broadcasts to internal subscribers.
node 'vanadium.eqiad.wmnet' {
- class { 'admin':
- groups => [
- 'eventlogging-admins',
- 'eventlogging-roots',
- ],
- }
-
+ role eventlogging
+ include admin
include standard
- include role::eventlogging
include role::ipython_notebook
include role::logging::mediawiki::errors
}
@@ -2372,16 +2348,10 @@
# Hosts visualization / monitoring of EventLogging event streams
# and MediaWiki errors.
node 'hafnium.wikimedia.org' {
+ role eventlogging::graphite
include standard
- class { 'admin':
- groups => [
- 'eventlogging-admins',
- 'eventlogging-roots',
- ],
- }
-
+ include admin
include base::firewall
- include role::eventlogging::graphite
include role::webperf
}
--
To view, visit https://gerrit.wikimedia.org/r/191891
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I06c9a32ee4455e45b6ee52bbb8981d8cacafbf98
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
