Andrew Bogott has uploaded a new change for review. https://gerrit.wikimedia.org/r/213543
Change subject: Replace many references to virt1000 and labcontrol2001 with hiera lookups ...................................................................... Replace many references to virt1000 and labcontrol2001 with hiera lookups Change-Id: Ic2b08ef592719a4d4cbefe47f34b65a85cad8f13 --- M hieradata/codfw.yaml M hieradata/eqiad.yaml M manifests/role/designate.pp M manifests/role/dns.pp M manifests/role/glance.pp M manifests/role/keystone.pp M manifests/role/neutron.pp M manifests/role/nova.pp M manifests/role/salt.pp M modules/base/manifests/init.pp M modules/openstack/manifests/firewall.pp M modules/puppetmaster/manifests/labs.pp 12 files changed, 67 insertions(+), 28 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/43/213543/1 diff --git a/hieradata/codfw.yaml b/hieradata/codfw.yaml index c23a88a..0a41df8 100644 --- a/hieradata/codfw.yaml +++ b/hieradata/codfw.yaml @@ -26,3 +26,11 @@ jobrunner_state: 'stopped' ganglia_class: "new" ganglia_aggregators: install2001.wikimedia.org:10649 + +labs_nova_controller: "labcontrol2001.wikimedia.org" +labs_glance_controller: "labcontrol2001.wikimedia.org" +labs_puppet_master: "labcontrol2001.wikimedia.org" +labs_puppet_master_secondary: "virt1000.wikimedia.org" +labs_keystone_host: "labcontrol2001.wikimedia.org" +labs_ldap_dns_host: "labcontrol2001.wikimedia.org" +labs_ldap_dns_host_secondary: "virt1000.wikimedia.org" diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 39fe083..336aedc 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -18,3 +18,11 @@ - '10.64.48.95:11211:1 "shard17"' - '10.64.48.96:11211:1 "shard18"' ganglia_class: "old" + +labs_nova_controller: "virt1000.wikimedia.org" +labs_glance_controller: "virt1000.wikimedia.org" +labs_puppet_master: "virt1000.wikimedia.org" +labs_puppet_master_secondary: "labcontrol2001.wikimedia.org" +labs_keystone_host: "virt1000.wikimedia.org" +labs_ldap_dns_host: "virt1000.wikimedia.org" +labs_ldap_dns_host_secondary: "labcontrol2001.wikimedia.org" diff --git a/manifests/role/designate.pp b/manifests/role/designate.pp index cd1307a..5540879 100644 --- a/manifests/role/designate.pp +++ b/manifests/role/designate.pp @@ -21,8 +21,10 @@ class role::designate::config::eqiad inherits role::designate::config { include role::keystone::config::eqiad + $nova_controller = hiera('labs_nova_controller') + $controller_hostname = $::realm ? { - 'production' => 'virt1000.wikimedia.org', + 'production' => $nova_controller, 'labs' => $nova_controller_hostname ? { undef => $::ipaddress_eth0, default => $nova_controller_hostname, @@ -42,7 +44,7 @@ } $auth_uri = $::realm ? { - 'production' => 'http://virt1000.wikimedia.org:5000', + 'production' => "${nova_controller}:5000', 'labs' => "http://$::ipaddress_eth0:5000", } @@ -82,7 +84,7 @@ # Firewall $wikitech = '208.80.154.136' $horizon = '208.80.154.147' - $controller = '208.80.154.18' + $controller = ipresolve($nova_controller, 4) # Poke a firewall hole for the designate api ferm::rule { 'designate-api': diff --git a/manifests/role/dns.pp b/manifests/role/dns.pp index 81c2c32..08c8f8d 100644 --- a/manifests/role/dns.pp +++ b/manifests/role/dns.pp @@ -5,7 +5,11 @@ $ldapconfig = $ldap::role::config::labs::ldapconfig + $primary_ldap_dns = ipresolve(hiera('labs_ldap_dns_host'),4) + $secondary_ldap_dns = ipresolve(hiera('labs_ldap_dns_host_secondary'),4) + if $::site == 'eqiad' { + interface::ip { 'role::dns::ldap': interface => 'eth0', address => '208.80.154.19' @@ -13,8 +17,8 @@ # FIXME: turn these settings into a hash that can be included somewhere class { '::labs_ldap_dns': - dns_auth_ipaddress => '208.80.154.19 208.80.154.18', - dns_auth_query_address => '208.80.154.19', + dns_auth_ipaddress => "{$primary_ldap_dns} ${secondary_ldap_dns}", + dns_auth_query_address => $primary_ldap_dns, dns_auth_soa_name => 'labs-ns0.wikimedia.org', ldap_hosts => $ldapconfig['servernames'], ldap_base_dn => $ldapconfig['basedn'], @@ -30,8 +34,8 @@ # FIXME: turn these settings into a hash that can be included somewhere class { '::labs_ldap_dns': - dns_auth_ipaddress => '208.80.153.15 208.80.153.14', - dns_auth_query_address => '208.80.153.15', + dns_auth_ipaddress => "{$primary_ldap_dns} ${secondary_ldap_dns}", + dns_auth_query_address => $primary_ldap_dns, dns_auth_soa_name => 'labs-ns1.wikimedia.org', ldap_hosts => $ldapconfig['servernames'], ldap_base_dn => $ldapconfig['basedn'], diff --git a/manifests/role/glance.pp b/manifests/role/glance.pp index 26be2a1..1f470d6 100644 --- a/manifests/role/glance.pp +++ b/manifests/role/glance.pp @@ -14,6 +14,8 @@ class role::glance::config::eqiad inherits role::glance::config { include role::keystone::config::eqiad + $glance_controller = hiera('labs_glance_controller') + $keystoneconfig = $role::keystone::config::eqiad::keystoneconfig $db_host = $::realm ? { @@ -22,12 +24,12 @@ } $bind_ip = $::realm ? { - 'production' => '208.80.154.18', + 'production' => ipresolve($glance_controller, 4), 'labs' => $::ipaddress_eth0, } $auth_uri = $::realm ? { - 'production' => 'http://virt1000.wikimedia.org:5000', + 'production' => "${glance_controller}:5000', 'labs' => "http://$::ipaddress_eth0:5000", } diff --git a/manifests/role/keystone.pp b/manifests/role/keystone.pp index 29eeae2..03b5960 100644 --- a/manifests/role/keystone.pp +++ b/manifests/role/keystone.pp @@ -22,6 +22,9 @@ } class role::keystone::config::eqiad inherits role::keystone::config { + + $keystone_host = hiera('labs_keystone_host') + $eqiadkeystoneconfig = { db_host => $::realm ? { 'production' => 'm5-master.eqiad.wmnet', @@ -38,7 +41,7 @@ } }, bind_ip => $::realm ? { - 'production' => '208.80.154.18', + 'production' => ip_resolve($keystone_host,4), 'labs' => $nova_controller_ip ? { undef => $::ipaddress_eth0, default => $nova_controller_ip, @@ -74,9 +77,11 @@ class role::keystone::redis { include passwords::openstack::keystone + $nova_controller = hiera('labs_nova_controller') + if ($::realm == 'production') { $replication = { - 'labcontrol2001' => 'virt1000.wikimedia.org' + 'labcontrol2001' => $nova_controller } } else { $replication = { diff --git a/manifests/role/neutron.pp b/manifests/role/neutron.pp index 74ed3ad..8542637 100644 --- a/manifests/role/neutron.pp +++ b/manifests/role/neutron.pp @@ -16,6 +16,8 @@ class role::neutron::config::eqiad inherits role::neutron::config { include role::keystone::config::eqiad + $nova_controller = hiera('labs_nova_controller') + $keystoneconfig = $role::keystone::config::eqiad::keystoneconfig $eqiadneutronconfig = { @@ -24,15 +26,15 @@ 'labs' => 'localhost', }, rabbit_host => $::realm ? { - 'production' => 'virt1000.wikimedia.org', + 'production' => $nova_controller, 'labs' => 'localhost', }, auth_uri => $::realm ? { - 'production' => 'http://virt1000.wikimedia.org:5000', + 'production' => "${nova_controller}:5000", 'labs' => 'http://localhost:5000', }, bind_ip => $::realm ? { - 'production' => '208.80.154.18', + 'production' => ipresolve($nova_controller,4) 'labs' => '127.0.0.1', }, keystone_admin_token => $keystoneconfig['admin_token'], diff --git a/manifests/role/nova.pp b/manifests/role/nova.pp index 0a09a54..4c4d5c4 100644 --- a/manifests/role/nova.pp +++ b/manifests/role/nova.pp @@ -59,16 +59,18 @@ class role::nova::config::codfw inherits role::nova::config::common { include role::keystone::config::eqiad + $nova_controller = hiera('labs_nova_controller') + $keystoneconfig = $role::keystone::config::eqiad::keystoneconfig $controller_hostname = $::realm ? { - 'production' => 'labcontrol2001.wikimedia.org', + 'production' => $nova_controller, 'labs' => $nova_controller_hostname ? { - undef => $::ipaddress_eth0, + undef => $:ipaddress_eth0, default => $nova_controller_hostname, } } $controller_address = $::realm ? { - 'production' => '208.80.153.14', + 'production' => ipresolve($nova_controller, 4), 'labs' => $nova_controller_ip ? { undef => $::ipaddress_eth0, default => $nova_controller_ip, @@ -141,7 +143,7 @@ 'labs' => '10.4.0.0/21', }, auth_uri => $::realm ? { - 'production' => 'http://virt1000.wikimedia.org:5000', + 'production' => "http://${nova_controller}:5000", 'labs' => 'http://localhost:5000', }, controller_hostname => $controller_hostname, @@ -163,9 +165,11 @@ class role::nova::config::eqiad inherits role::nova::config::common { include role::keystone::config::eqiad + $nova_controller = hiera('labs_nova_controller') + $keystoneconfig = $role::keystone::config::eqiad::keystoneconfig $controller_hostname = $::realm ? { - 'production' => 'virt1000.wikimedia.org', + 'production' => $nova_controller, 'labs' => $nova_controller_hostname ? { undef => $::ipaddress_eth0, default => $nova_controller_hostname, @@ -179,7 +183,7 @@ } } $controller_address = $::realm ? { - 'production' => '208.80.154.18', + 'production' => ipresolve($nova_controller,4), 'labs' => $nova_controller_ip ? { undef => $::ipaddress_eth0, default => $nova_controller_ip, @@ -245,7 +249,7 @@ 'labs' => '10.4.0.0/21', }, auth_uri => $::realm ? { - 'production' => 'http://virt1000.wikimedia.org:5000', + 'production' => "${nova_controller}:5000', 'labs' => 'http://localhost:5000', }, controller_hostname => $controller_hostname, diff --git a/manifests/role/salt.pp b/manifests/role/salt.pp index 9300cf9..4b0dc86 100644 --- a/manifests/role/salt.pp +++ b/manifests/role/salt.pp @@ -25,6 +25,8 @@ # A salt master that manages all labs minions class role::salt::masters::labs { + $puppet_master = hiera('labs_puppet_master') + $salt_state_roots = { 'base' =>['/srv/salt']} $salt_file_roots = { 'base' =>['/srv/salt']} $salt_pillar_roots = { 'base' =>['/srv/pillars']} @@ -42,7 +44,7 @@ } class { 'salt::reactors': - salt_reactor_options => { 'puppet_server' => 'virt1000.wikimedia.org' }, + salt_reactor_options => { 'puppet_server' => $puppet_master }, } @@ -89,7 +91,10 @@ $salt_master_key = $::salt_master_key, ) { if $::realm == 'labs' { - $labs_masters = [ 'virt1000.wikimedia.org', 'labcontrol2001.wikimedia.org' ] + $puppet_master = hiera('labs_puppet_master') + $puppet_master_secondary = hiera('labs_puppet_master_secondary') + + $labs_masters = [ $puppet_master, $puppet_master_secondary ] $labs_finger = 'c5:b1:35:45:3e:0a:19:70:aa:5f:3a:cf:bf:a0:61:dd' $master = pick($salt_master, $labs_masters) $master_finger = pick($salt_finger, $labs_finger) diff --git a/modules/base/manifests/init.pp b/modules/base/manifests/init.pp index d898181..9a85398 100644 --- a/modules/base/manifests/init.pp +++ b/modules/base/manifests/init.pp @@ -47,7 +47,7 @@ } $puppetmaster = $::realm ? { - 'labs' => 'virt1000.wikimedia.org', + 'labs' => hiera('labs_puppet_master'), default => 'puppet', } diff --git a/modules/openstack/manifests/firewall.pp b/modules/openstack/manifests/firewall.pp index 9e073fb..530f446 100644 --- a/modules/openstack/manifests/firewall.pp +++ b/modules/openstack/manifests/firewall.pp @@ -4,16 +4,14 @@ $labs_private_net = '10.0.0.0/0' $wikitech = '208.80.154.136' $horizon = '208.80.154.147' + $other_master = ipresolve(hiera('labs_nova_controller'),4) if ($::site == 'codfw') { # TODO! codfw will need something # like this when the ip range is assigned. # $labs_nodes = '10.4.16.0/24' - # virt1000 - $other_master = '208.80.154.18' $designate = '208.80.154.12' } elsif ($::site == 'eqiad') { $labs_nodes = '10.64.20.0/24' - $other_master = '208.80.153.14' $designate = '208.80.154.12' } diff --git a/modules/puppetmaster/manifests/labs.pp b/modules/puppetmaster/manifests/labs.pp index 47ce07a..f32c59d 100644 --- a/modules/puppetmaster/manifests/labs.pp +++ b/modules/puppetmaster/manifests/labs.pp @@ -26,7 +26,8 @@ $labsstatus_password = $passwords::openstack::keystone::keystone_ldap_user_pass $labsstatus_username = 'novaadmin' $labsstatus_region = $::site - $labsstatus_auth_url = 'http://virt1000.wikimedia.org:35357/v2.0' + $keystone_host = hiera('labs_keystone_host') + $labsstatus_auth_url = "${keystone_host}:35357/v2.0' file { '/etc/labsstatus.cfg': ensure => present, -- To view, visit https://gerrit.wikimedia.org/r/213543 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic2b08ef592719a4d4cbefe47f34b65a85cad8f13 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits