Giuseppe Lavagetto has uploaded a new change for review.
https://gerrit.wikimedia.org/r/202407
Change subject: standard: include admin wherever needed
......................................................................
standard: include admin wherever needed
Bug: T86774
Change-Id: I8977120a3e7109de4c3d23a6fd36a28f75e08703
---
M hieradata/labs.yaml
M hieradata/role/common/labs/nfs/dumps.yaml
A hieradata/role/common/labs/nfs/fileserver.yaml
M manifests/role/elasticsearch.pp
M manifests/site.pp
5 files changed, 13 insertions(+), 170 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/07/202407/1
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index e04cab3..6854aa4 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -1,3 +1,4 @@
+base::has_admin: false
elasticsearch::minimum_master_nodes: 1
elasticsearch::recover_after_time: "1m"
elasticsearch::multicast_group: "224.2.2.4"
diff --git a/hieradata/role/common/labs/nfs/dumps.yaml
b/hieradata/role/common/labs/nfs/dumps.yaml
index c4ec7d9..b5aa8a6 100644
--- a/hieradata/role/common/labs/nfs/dumps.yaml
+++ b/hieradata/role/common/labs/nfs/dumps.yaml
@@ -1,3 +1,5 @@
+cluster: labsnfs
+standard::has_admin: false
role::labs::nfs::dumps::dump_servers_ips:
- '208.80.154.11'
- '208.80.152.185'
diff --git a/hieradata/role/common/labs/nfs/fileserver.yaml
b/hieradata/role/common/labs/nfs/fileserver.yaml
new file mode 100644
index 0000000..f1f7324
--- /dev/null
+++ b/hieradata/role/common/labs/nfs/fileserver.yaml
@@ -0,0 +1,2 @@
+cluster: labsnfs
+standard::has_admin: false
diff --git a/manifests/role/elasticsearch.pp b/manifests/role/elasticsearch.pp
index 134b303..7c5832f 100644
--- a/manifests/role/elasticsearch.pp
+++ b/manifests/role/elasticsearch.pp
@@ -19,9 +19,7 @@
$msg2 = 'You can set it in the hiera config of the project'
fail("${msg}\n${msg2}")
}
- if ($::realm == 'production') {
- include admin
- }
+
include standard
if hiera('has_lvs', true) {
diff --git a/manifests/site.pp b/manifests/site.pp
index 698ba7e..70fa502 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -22,6 +22,7 @@
# Class for *most* servers, standard includes
class standard(
$has_default_mail_relay = true,
+ $has_admin = true,
) {
include base
include role::ntp
@@ -34,6 +35,11 @@
if $has_default_mail_relay {
include role::mail::sender
}
+ # Some instances in production (ideally none) and labs do not use
+ # the admin class
+ if $has_admin {
+ include ::admin
+ }
}
# Default variables. this way, they work with an ENC (as in labs) as well.
@@ -44,7 +50,6 @@
# Node definitions (alphabetic order)
node /^(acamar|achernar)\.wikimedia\.org$/ {
- include admin
include base::firewall
include standard
@@ -73,7 +78,6 @@
role analytics
include standard
- include admin
# Disabling these for now.
# analytics1003 is acting up since the Trusty upgrade. I halts with:
@@ -94,7 +98,6 @@
role analytics::hadoop::master
include standard
- include admin
}
@@ -103,20 +106,17 @@
role analytics::hadoop::standby
include standard
- include admin
}
# analytics1004 was previously the Hadoop standby NameNode
# It is being deprecated.
node 'analytics1004.eqiad.wmnet' {
- include admin
include standard
}
# analytics1010 was previously the Hadoop master.
# It is being deprecated.
node 'analytics1010.eqiad.wmnet' {
- include admin
include standard
}
@@ -135,7 +135,6 @@
$ganglia_aggregator = true
}
role analytics::hadoop::worker
- include admin
include standard
}
@@ -157,7 +156,6 @@
role analytics::kafka::server
include role::analytics
include standard
- include admin
}
@@ -165,7 +163,6 @@
node /analytics102[345].eqiad.wmnet/ {
role analytics
include standard
- include admin
include role::analytics::zookeeper::server
}
@@ -173,7 +170,6 @@
node 'analytics1026.eqiad.wmnet' {
include standard
- include admin
include role::logging::udp2log::misc
}
@@ -182,7 +178,6 @@
# batch Hadoop jobs.
node 'analytics1027.eqiad.wmnet' {
- include admin
include standard
include role::analytics::hive::server
@@ -224,7 +219,6 @@
# git.wikimedia.org
node 'antimony.wikimedia.org' {
role gitblit
- include admin
include base::firewall
include standard
include role::subversion
@@ -232,7 +226,6 @@
# irc.wikimedia.org
node 'argon.wikimedia.org' {
- include admin
include standard
include role::mw-rc-irc
}
@@ -242,7 +235,6 @@
interface => 'eth0',
}
include standard
- include admin
include role::authdns::server
}
@@ -256,7 +248,6 @@
$ganglia_aggregator = true
role bastionhost
- include admin
include standard
include subversion::client
include dsh
@@ -274,7 +265,6 @@
interface => 'eth0',
}
role bastionhost
- include admin
include standard
}
@@ -285,7 +275,6 @@
}
role bastionhost
- include admin
include standard
include role::ipmi
include role::installserver::tftp-server
@@ -295,7 +284,6 @@
node /^(berkelium|curium)\.eqiad\.wmnet$/ {
$cluster = 'misc'
include standard
- include admin
interface::add_ip6_mapped { 'main': }
rsyslog::conf { 'remote_logstash':
content => "*.* @logstash1002.eqiad.wmnet:10514",
@@ -308,7 +296,6 @@
node 'caesium.eqiad.wmnet' {
role releases
include base::firewall
- include admin
include standard
}
@@ -316,7 +303,6 @@
node 'calcium.wikimedia.org' {
$cluster = 'misc'
- include admin
include standard
include base::firewall
@@ -326,7 +312,6 @@
# It's proxied by the misc-web varnishes
node 'californium.wikimedia.org' {
include standard
- include admin
include role::horizon
class { 'base::firewall': }
@@ -341,7 +326,6 @@
interface => 'eth0',
}
- include admin
include standard
include role::installserver
}
@@ -351,11 +335,9 @@
role restbase, cassandra
include base::firewall
include standard
- include admin
}
node /^(chromium|hydrogen)\.wikimedia\.org$/ {
- include admin
include base::firewall
include standard
include role::dnsrecursor
@@ -496,7 +478,6 @@
node 'dataset1001.wikimedia.org' {
- include admin
include standard
include role::dataset::systemusers
include role::dataset::primary
@@ -511,7 +492,6 @@
node /^db10(18)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::s2':
innodb_file_per_table => true,
@@ -521,7 +501,6 @@
node /^db10(52)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::s1':
innodb_file_per_table => true,
@@ -531,7 +510,6 @@
node /^db10(19|38)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::s3':
# Many more tables than other shards.
@@ -543,7 +521,6 @@
node /^db10(40|53)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::s4':
innodb_file_per_table => true,
@@ -553,7 +530,6 @@
node /^db10(21|26|45|58)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::s5':
innodb_file_per_table => true,
@@ -563,7 +539,6 @@
node /^db10(22|23|30)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::s6':
innodb_file_per_table => true,
@@ -573,7 +548,6 @@
node /^db10(33|34|41)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::s7':
innodb_file_per_table => true,
@@ -585,7 +559,6 @@
node /^db10(51|55|57|65|66|72|73)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's1',
@@ -594,7 +567,6 @@
node /^db20(16|34|42)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's1',
@@ -603,7 +575,6 @@
node /^db10(36|54|60|63|67)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's2',
@@ -612,7 +583,6 @@
node /^db20(17|35)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's2',
@@ -621,7 +591,6 @@
node /^db10(15|27|35|44)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's3',
@@ -630,7 +599,6 @@
node /^db20(18|36)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's3',
@@ -639,7 +607,6 @@
node /^db10(42|56|59|64|68|70)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's4',
@@ -648,7 +615,6 @@
node /^db20(19|37)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's4',
@@ -657,7 +623,6 @@
node /^db10(49|71)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's5',
@@ -666,7 +631,6 @@
node /^db20(23|38)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's5',
@@ -675,7 +639,6 @@
node /^db10(37|50|61)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's6',
@@ -684,7 +647,6 @@
node /^db20(28|39)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's6',
@@ -693,7 +655,6 @@
node /^db10(28|39|62)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's7',
@@ -702,7 +663,6 @@
node /^db20(29|40)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 's7',
@@ -712,14 +672,12 @@
## x1 shard
node /^db10(29|31)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
include role::coredb::x1
}
node /^db20(09)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 'x1',
@@ -729,7 +687,6 @@
## m1 shard
node /^db10(01)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::m1':
mariadb => true,
@@ -738,7 +695,6 @@
node 'db1016.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc':
shard => 'm1',
@@ -748,7 +704,6 @@
node /^db20(10|30)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc':
shard => 'm1',
@@ -758,7 +713,6 @@
## m2 shard
node /^db10(20)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc':
shard => 'm2',
@@ -767,7 +721,6 @@
node /^db20(11)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc':
shard => 'm2',
@@ -777,7 +730,6 @@
## m3 shard
node 'db1043.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc::phabricator':
shard => 'm3',
@@ -787,7 +739,6 @@
node 'db1048.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc::phabricator':
shard => 'm3',
@@ -797,7 +748,6 @@
node /^db20(12)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc::phabricator':
shard => 'm3',
@@ -807,7 +757,6 @@
# m4 shard
node 'db1046.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::misc::eventlogging':
shard => 'm4',
@@ -818,14 +767,12 @@
## researchdb s1
node 'db1047.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
include role::mariadb::analytics
}
node 'db1069.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
$ganglia_aggregator = true
include role::mariadb::sanitarium
@@ -833,13 +780,11 @@
node 'db1011.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
include role::mariadb::tendril
}
node 'dbstore1001.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
$ganglia_aggregator = true
include role::mariadb::backup
@@ -854,14 +799,12 @@
}
node 'dbstore1002.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
$ganglia_aggregator = true
include role::mariadb::dbstore
}
node 'dbstore2001.codfw.wmnet' {
- include admin
$cluster = 'mysql'
# 24h delay on all repl streams
class { 'role::mariadb::dbstore':
@@ -874,13 +817,11 @@
}
node 'dbstore2002.codfw.wmnet' {
- include admin
$cluster = 'mysql'
include role::mariadb::dbstore
}
node 'dbproxy1001.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::proxy::master':
shard => 'm1',
@@ -892,7 +833,6 @@
}
node 'dbproxy1002.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::proxy::master':
shard => 'm2',
@@ -904,7 +844,6 @@
}
node 'dbproxy1003.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::proxy::master':
shard => 'm3',
@@ -916,7 +855,6 @@
}
node 'dbproxy1004.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::proxy::master':
shard => 'm4',
@@ -937,13 +875,11 @@
interface => 'eth0',
}
include standard
- include admin
include role::authdns::server
}
node 'einsteinium.eqiad.wmnet' {
include standard
- include admin
system::role { 'Titan test host': }
}
@@ -965,7 +901,6 @@
# es1 equad
node /es100[34]\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::es1':
@@ -975,7 +910,6 @@
node /es100[12]\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 'es1',
@@ -984,7 +918,6 @@
node /es100[5]\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 'es2',
@@ -992,7 +925,6 @@
}
node /es100[67]\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::es2':
mariadb => true,
@@ -1001,7 +933,6 @@
node /es200[1234]\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 'es1',
@@ -1010,7 +941,6 @@
node /es200[567]\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 'es2',
@@ -1018,7 +948,6 @@
}
node /es100[9]\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::coredb::es3':
mariadb => true,
@@ -1027,7 +956,6 @@
node /es10(08|10)\.eqiad\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 'es3',
@@ -1036,7 +964,6 @@
node /es20(08|09|10)\.codfw\.wmnet/ {
- include admin
$cluster = 'mysql'
class { 'role::mariadb::core':
shard => 'es3',
@@ -1047,7 +974,6 @@
# processes it, and broadcasts to internal subscribers.
node 'eventlog1001.eqiad.wmnet' {
role eventlogging
- include admin
include standard
include role::ipython_notebook
include role::logging::mediawiki::errors
@@ -1056,7 +982,6 @@
node 'fluorine.eqiad.wmnet' {
$cluster = 'misc'
- include admin
include standard
include ::role::xenon
@@ -1070,7 +995,6 @@
# gadolinium is the webrequest socat multicast relay.
# base_analytics_logging_node is defined in role/logging.pp
node 'gadolinium.wikimedia.org' inherits 'base_analytics_logging_node' {
- include admin
# relay the incoming webrequest log stream to multicast
include role::logging::relay::webrequest-multicast
@@ -1082,7 +1006,6 @@
$cluster = 'misc'
- include admin
# Bug 49846, let us sync VisualEditor in mediawiki/extensions.git
sudo::user { 'jenkins-slave':
@@ -1115,7 +1038,6 @@
node /^ganeti[12]00[0-9]\.(codfw|eqiad)\.wmnet$/ {
include standard
- include admin
include role::ganeti
}
@@ -1124,13 +1046,11 @@
node 'hafnium.wikimedia.org' {
role eventlogging::graphite
include standard
- include admin
include base::firewall
include role::webperf
}
node 'helium.eqiad.wmnet' {
- include admin
include standard
include role::poolcounter
include role::backup::director
@@ -1138,7 +1058,6 @@
}
node 'heze.codfw.wmnet' {
- include admin
include standard
include role::backup::storage
}
@@ -1146,7 +1065,6 @@
# Holmium hosts openstack-designate, the labs DNS service.
node 'holmium.wikimedia.org' {
include standard
- include admin
include base::firewall
include role::labsdns
@@ -1161,7 +1079,6 @@
}
role bastionhost
- include admin
include standard
include role::installserver::tftp-server
@@ -1172,7 +1089,6 @@
# Primary graphite machines, replacing tungsten
node 'graphite1001.eqiad.wmnet' {
- include admin
include standard
include role::graphite::production
include role::statsdlb
@@ -1182,7 +1098,6 @@
# graphite test machine, currently with SSD caching + spinning disks
node 'graphite1002.eqiad.wmnet' {
- include admin
include standard
include role::graphite::production
include role::txstatsd
@@ -1191,7 +1106,6 @@
# Primary graphite machines, replacing tungsten
node 'graphite2001.codfw.wmnet' {
- include admin
include standard
include role::graphite::production
include role::txstatsd
@@ -1206,7 +1120,6 @@
interface => 'eth0',
}
- include admin
include standard
include role::installserver::tftp-server
@@ -1219,8 +1132,6 @@
class { 'base::firewall': }
role otrs
- include admin
-
interface::add_ip6_mapped { 'main':
interface => 'eth0',
}
@@ -1230,7 +1141,6 @@
class { 'base::firewall': }
role phabricator::main
include standard
- include admin
include ganglia
include role::ntp
include role::diamond
@@ -1245,7 +1155,6 @@
}
role bastionhost
- include admin
include standard
include role::ipmi
include role::access_new_install
@@ -1261,7 +1170,6 @@
#$use_neutron = false
include standard
- include admin
include base::firewall
include role::dns::ldap
include ldap::role::client::labs
@@ -1277,7 +1185,6 @@
node 'labmon1001.eqiad.wmnet' {
role labmon
include standard
- include admin
}
node 'labnet1001.eqiad.wmnet' {
@@ -1287,7 +1194,6 @@
$ganglia_aggregator = true
include standard
- include admin
include role::nova::api
if $use_neutron == true {
@@ -1299,25 +1205,21 @@
## labsdb dbs
node 'labsdb1001.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
include role::mariadb::labs
}
node 'labsdb1002.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
include role::mariadb::labs
}
node 'labsdb1003.eqiad.wmnet' {
- include admin
$cluster = 'mysql'
include role::mariadb::labs
}
node 'labsdb1004.eqiad.wmnet' {
- include admin
$postgres_slave = 'labsdb1005.eqiad.wmnet'
$postgres_slave_v4 = '10.64.37.9'
@@ -1326,7 +1228,6 @@
}
node 'labsdb1005.eqiad.wmnet' {
- include admin
$postgres_master = 'labsdb1004.eqiad.wmnet'
include role::postgres::slave
@@ -1334,7 +1235,6 @@
}
node 'labsdb1006.eqiad.wmnet' {
- include admin
$osm_slave = 'labsdb1007.eqiad.wmnet'
$osm_slave_v4 = '10.64.37.12'
@@ -1343,7 +1243,6 @@
}
node 'labsdb1007.eqiad.wmnet' {
- include admin
$osm_master = 'labsdb1006.eqiad.wmnet'
include role::osm::slave
@@ -1354,8 +1253,6 @@
if $::hostname == 'labstore1001' {
$ganglia_aggregator = true
}
- $site = 'eqiad'
- $cluster = 'labsnfs'
role labs::nfs::fileserver
@@ -1363,25 +1260,19 @@
node 'labstore1003.eqiad.wmnet' {
$ganglia_aggregator = true
- $site = 'eqiad'
- $cluster = 'labsnfs'
role labs::nfs::dumps
}
node /labstore200[12]\.codfw\.wmnet/ {
-
- $site = 'codfw'
$cluster = 'labsnfs'
role labs::nfs::fileserver
-
}
node 'lanthanum.eqiad.wmnet' {
include standard
- include admin
include role::ci::slave
# lanthanum received a SSD drive just like gallium (RT #5178) mount it
file { '/srv/ssd':
@@ -1402,13 +1293,11 @@
node 'lead.wikimedia.org' {
role mail::mx
include standard
- include admin
interface::add_ip6_mapped { 'main': }
}
node 'lithium.eqiad.wmnet' {
- include admin
include standard
include role::backup::host
include role::syslog::centralserver
@@ -1435,7 +1324,6 @@
}
role lvs::balancer
- include admin
interface::add_ip6_mapped { 'main':
interface => 'eth0',
@@ -1542,7 +1430,6 @@
$nameservers_override = [ '208.80.153.12', '208.80.153.42',
'208.80.154.239' ]
}
role lvs::balancer
- include admin
interface::add_ip6_mapped { 'main': interface => 'eth0' }
@@ -1660,7 +1547,6 @@
}
role lvs::balancer
- include admin
interface::add_ip6_mapped { 'main':
interface => 'eth0',
@@ -1698,7 +1584,6 @@
}
role lvs::balancer
- include admin
interface::add_ip6_mapped { 'main':
interface => 'eth0',
@@ -1710,7 +1595,6 @@
}
node 'maerlant.wikimedia.org' {
- include admin
include standard
include base::firewall
include role::dnsrecursor
@@ -1732,7 +1616,6 @@
interface => 'eth0',
}
- include admin
}
node /^mc(10[01][0-9])\.eqiad\.wmnet/ {
@@ -1741,7 +1624,6 @@
}
role memcached
- include admin
include passwords::redis
file { '/a':
@@ -1755,14 +1637,12 @@
node /^mc20[01][0-9]\.codfw\.wmnet/ {
role memcached
- include admin
include passwords::redis
include redis
include redis::ganglia
}
node 'multatuli.wikimedia.org' {
- include admin
include standard
interface::add_ip6_mapped { 'main':
@@ -1773,7 +1653,6 @@
node 'ms1001.wikimedia.org' {
$cluster = 'misc'
- include admin
interface::add_ip6_mapped { 'main':
interface => 'eth0',
@@ -1785,7 +1664,6 @@
}
node 'ms1002.eqiad.wmnet' {
- include admin
include standard
}
@@ -2037,7 +1915,6 @@
$cluster = 'virt'
include standard
- include admin
include ldap::role::server::labs
include ldap::role::client::labs
}
@@ -2048,7 +1925,6 @@
interface::add_ip6_mapped { 'main': interface => 'eth0' }
include standard
- include admin
include role::icinga
include role::ishmael
include role::tendril
@@ -2060,13 +1936,11 @@
$cluster = 'virt'
include standard
- include admin
include ldap::role::server::labs
include ldap::role::client::labs
}
node 'nescio.wikimedia.org' {
- include admin
include standard
include base::firewall
include role::dnsrecursor
@@ -2077,7 +1951,6 @@
}
node 'netmon1001.wikimedia.org' {
- include admin
include standard
include webserver::apache
include role::rancid
@@ -2100,7 +1973,6 @@
node 'nitrogen.wikimedia.org' {
include standard
- include admin
include role::ipv6relay
interface::add_ip6_mapped { 'main':
@@ -2123,7 +1995,6 @@
# base_analytics_logging_node is defined in role/logging.pp
node 'oxygen.wikimedia.org' inherits 'base_analytics_logging_node' {
- include admin
include role::dataset::systemusers
# main oxygen udp2log handles mostly Wikipedia Zero webrequest logs
@@ -2132,7 +2003,6 @@
node 'palladium.eqiad.wmnet' {
include standard
- include admin
include role::ipmi
include role::salt::masters::production
include role::deployment::salt_masters
@@ -2143,7 +2013,6 @@
node /pc100[1-3]\.eqiad\.wmnet/ {
$cluster = 'mysql'
- include admin
include role::db::core
include mysql_wmf::mysqluser
include mysql_wmf::datadirs
@@ -2159,7 +2028,6 @@
$cluster = 'openldap_corp_mirror'
$ganglia_aggregator = true
- include admin
include standard
include role::openldap::corp
@@ -2169,7 +2037,6 @@
node 'polonium.wikimedia.org' {
role mail::mx
include standard
- include admin
interface::add_ip6_mapped { 'main': }
@@ -2187,7 +2054,6 @@
}
node 'potassium.eqiad.wmnet' {
- include admin
include standard
include role::poolcounter
}
@@ -2201,7 +2067,6 @@
node 'radium.wikimedia.org' {
class { 'base::firewall': }
- include admin
include standard
include role::tor
@@ -2223,12 +2088,10 @@
node /^rdb100[1-4]\.eqiad\.wmnet/ {
$ganglia_aggregator = true
role db::redis
- include admin
}
node /^rdb200[1-4]\.codfw\.wmnet/ {
role db::redis
- include admin
}
# restbase eqiad cluster
@@ -2236,14 +2099,12 @@
role restbase, cassandra
include base::firewall
include standard
- include admin
}
# network insights (netflow/pmacct, etc.)
node 'rhenium.wikimedia.org' {
role pmacct
include standard
- include admin
}
node 'rubidium.wikimedia.org' {
@@ -2251,14 +2112,12 @@
interface => 'eth0',
}
include standard
- include admin
include role::authdns::server
}
# ruthenium is a parsoid regression test server
# https://www.mediawiki.org/wiki/Parsoid/Round-trip_testing
node 'ruthenium.eqiad.wmnet' {
- include admin
include standard
}
@@ -2272,13 +2131,11 @@
class { 'base::firewall': }
include standard
- include admin
include role::nova::manager
include role::mariadb::wikitech
}
node 'sodium.wikimedia.org' {
- include admin
include base
include ganglia
include role::ntp
@@ -2291,13 +2148,11 @@
node 'strontium.eqiad.wmnet' {
include standard
- include admin
include role::puppetmaster::backend
}
node 'stat1001.eqiad.wmnet' {
role statistics::web
- include admin
include standard
include role::abacist
}
@@ -2313,7 +2168,6 @@
role statistics::private
include standard
- include admin
# Make sure refinery happens before analytics::clients,
# so that the hive role can properly configure Hive's
@@ -2352,7 +2206,6 @@
node 'stat1003.eqiad.wmnet' {
role statistics::cruncher
include standard
- include admin
# NOTE: This will be moved to another class
# someday, probably standard.
@@ -2372,7 +2225,6 @@
node /^snapshot100[1-4]\.eqiad\.wmnet/ {
role snapshot::common
- include admin
include snapshot
include snapshot::dumps
if $::fqdn == 'snapshot1003.eqiad.wmnet' {
@@ -2383,7 +2235,6 @@
# codfw poolcounters
node /(subra|suhail)\.codfw\.wmnet/ {
- include admin
include standard
include base::firewall
include role::poolcounter
@@ -2442,7 +2293,6 @@
include role::labsdb::manager
include ssh::hostkeys-collect
include role::releases::upload
- include admin
# for reedy RT #6322
package { 'unzip':
@@ -2463,7 +2313,6 @@
class { 'base::firewall': }
include standard
- include admin
include role::archiva
}
@@ -2476,7 +2325,6 @@
# Primary Graphite, StatsD, and profiling data aggregation host.
node 'tungsten.eqiad.wmnet' {
- include admin
include standard
include role::graphite::production
include role::txstatsd
@@ -2488,7 +2336,6 @@
$ganglia_aggregator = true
include standard
- include admin
include role::ganglia::web
include misc::monitoring::views
include base::firewall
@@ -2501,7 +2348,6 @@
# This node will soon be deprecated.
node 'vanadium.eqiad.wmnet' {
role eventlogging
- include admin
include standard
include role::ipython_notebook
include role::logging::mediawiki::errors
@@ -2515,7 +2361,6 @@
$use_neutron = false
include standard
- include admin
include role::dns::ldap
include ldap::role::client::labs
include role::nova::controller
@@ -2530,7 +2375,6 @@
node /virt100[1-4].eqiad.wmnet/ {
$use_neutron = false
role nova::compute
- include admin
include standard
if $use_neutron == true {
include role::neutron::computenode
@@ -2540,7 +2384,6 @@
node /virt100[6-9].eqiad.wmnet/ {
$use_neutron = false
role nova::compute
- include admin
include standard
if $use_neutron == true {
include role::neutron::computenode
@@ -2551,7 +2394,6 @@
$use_neutron = false
openstack::nova::partition{ '/dev/sdb': }
role nova::compute
- include admin
include standard
if $use_neutron == true {
@@ -2569,8 +2411,8 @@
node 'ytterbium.wikimedia.org' {
# Note: whenever moving Gerrit out of ytterbium, you will need
# to update the role::zuul::production
+ include standard
role gerrit::production
- include admin
include base::firewall
}
@@ -2579,7 +2421,6 @@
class { 'base::firewall': }
include standard
- include admin
include role::planet
include role::contacts
include role::etherpad
@@ -2600,7 +2441,6 @@
# Labs nodes include a different set of defaults via ldap.
if $::realm == 'production' {
include standard
- include admin
}
}
--
To view, visit https://gerrit.wikimedia.org/r/202407
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8977120a3e7109de4c3d23a6fd36a28f75e08703
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
