[MediaWiki-commits] [Gerrit] duplicate hieradata cache nodelists for ipsec - change (operations/puppet)

Gage (Code Review) Mon, 08 Jun 2015 16:33:01 -0700

Gage has submitted this change and it was merged.

Change subject: duplicate hieradata cache nodelists for ipsec
......................................................................



duplicate hieradata cache nodelists for ipsec

As noted in code comments, this is temporarily necessary under our
current depooling mechanisms to avoid traffic leaks at depool
time.

Change-Id: Id254d5849f23992c03504e1db0c37445bede9014
---
A hieradata/common/cache/ipsec/bits.yaml
A hieradata/common/cache/ipsec/misc.yaml
A hieradata/common/cache/ipsec/mobile.yaml
A hieradata/common/cache/ipsec/parsoid.yaml
A hieradata/common/cache/ipsec/text.yaml
A hieradata/common/cache/ipsec/upload.yaml
M manifests/role/ipsec.pp
7 files changed, 126 insertions(+), 2 deletions(-)

Approvals:
  Gage: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/hieradata/common/cache/ipsec/bits.yaml 
b/hieradata/common/cache/ipsec/bits.yaml
new file mode 100644
index 0000000..3b6dcb0
--- /dev/null
+++ b/hieradata/common/cache/ipsec/bits.yaml
@@ -0,0 +1,17 @@
+nodes:
+  codfw: []
+  eqiad:
+    - 'cp1056.eqiad.wmnet'
+    - 'cp1057.eqiad.wmnet'
+    - 'cp1069.eqiad.wmnet'
+    - 'cp1070.eqiad.wmnet'
+  esams:
+    - 'cp3019.esams.wmnet'
+    - 'cp3020.esams.wmnet'
+    - 'cp3021.esams.wmnet'
+    - 'cp3022.esams.wmnet'
+  ulsfo:
+    - 'cp4001.ulsfo.wmnet'
+    - 'cp4002.ulsfo.wmnet'
+    - 'cp4003.ulsfo.wmnet'
+    - 'cp4004.ulsfo.wmnet'
diff --git a/hieradata/common/cache/ipsec/misc.yaml 
b/hieradata/common/cache/ipsec/misc.yaml
new file mode 100644
index 0000000..deafd12
--- /dev/null
+++ b/hieradata/common/cache/ipsec/misc.yaml
@@ -0,0 +1,4 @@
+nodes:
+  eqiad:
+    - 'cp1043.eqiad.wmnet'
+    - 'cp1044.eqiad.wmnet'
diff --git a/hieradata/common/cache/ipsec/mobile.yaml 
b/hieradata/common/cache/ipsec/mobile.yaml
new file mode 100644
index 0000000..1d1bd8a
--- /dev/null
+++ b/hieradata/common/cache/ipsec/mobile.yaml
@@ -0,0 +1,17 @@
+nodes:
+  codfw: []
+  eqiad:
+    - 'cp1046.eqiad.wmnet'
+    - 'cp1047.eqiad.wmnet'
+    - 'cp1059.eqiad.wmnet'
+    - 'cp1060.eqiad.wmnet'
+  esams:
+    - 'cp3015.esams.wmnet'
+    - 'cp3016.esams.wmnet'
+    - 'cp3017.esams.wmnet'
+    - 'cp3018.esams.wmnet'
+  ulsfo:
+    - 'cp4011.ulsfo.wmnet'
+    - 'cp4012.ulsfo.wmnet'
+    - 'cp4019.ulsfo.wmnet'
+    - 'cp4020.ulsfo.wmnet'
diff --git a/hieradata/common/cache/ipsec/parsoid.yaml 
b/hieradata/common/cache/ipsec/parsoid.yaml
new file mode 100644
index 0000000..75c40f4
--- /dev/null
+++ b/hieradata/common/cache/ipsec/parsoid.yaml
@@ -0,0 +1,4 @@
+nodes:
+  eqiad:
+    - 'cp1045.eqiad.wmnet'
+    - 'cp1058.eqiad.wmnet'
diff --git a/hieradata/common/cache/ipsec/text.yaml 
b/hieradata/common/cache/ipsec/text.yaml
new file mode 100644
index 0000000..03371cb
--- /dev/null
+++ b/hieradata/common/cache/ipsec/text.yaml
@@ -0,0 +1,35 @@
+nodes:
+  codfw: []
+  eqiad:
+    - 'cp1052.eqiad.wmnet'
+    - 'cp1053.eqiad.wmnet'
+    - 'cp1054.eqiad.wmnet'
+    - 'cp1055.eqiad.wmnet'
+    - 'cp1065.eqiad.wmnet'
+    - 'cp1066.eqiad.wmnet'
+    - 'cp1067.eqiad.wmnet'
+    - 'cp1068.eqiad.wmnet'
+  esams:
+    - 'cp3003.esams.wmnet'
+    - 'cp3004.esams.wmnet'
+    - 'cp3005.esams.wmnet'
+    - 'cp3006.esams.wmnet'
+    - 'cp3007.esams.wmnet'
+    - 'cp3008.esams.wmnet'
+    - 'cp3009.esams.wmnet'
+    - 'cp3010.esams.wmnet'
+    - 'cp3011.esams.wmnet'
+    - 'cp3012.esams.wmnet'
+    - 'cp3013.esams.wmnet'
+    - 'cp3014.esams.wmnet'
+    - 'cp3030.esams.wmnet'
+    - 'cp3031.esams.wmnet'
+    - 'cp3040.esams.wmnet'
+    - 'cp3041.esams.wmnet'
+  ulsfo:
+    - 'cp4008.ulsfo.wmnet'
+    - 'cp4009.ulsfo.wmnet'
+    - 'cp4010.ulsfo.wmnet'
+    - 'cp4016.ulsfo.wmnet'
+    - 'cp4017.ulsfo.wmnet'
+    - 'cp4018.ulsfo.wmnet'
diff --git a/hieradata/common/cache/ipsec/upload.yaml 
b/hieradata/common/cache/ipsec/upload.yaml
new file mode 100644
index 0000000..cafdcca
--- /dev/null
+++ b/hieradata/common/cache/ipsec/upload.yaml
@@ -0,0 +1,40 @@
+nodes:
+  codfw: []
+  eqiad:
+    - 'cp1048.eqiad.wmnet'
+    - 'cp1049.eqiad.wmnet'
+    - 'cp1050.eqiad.wmnet'
+    - 'cp1051.eqiad.wmnet'
+    - 'cp1061.eqiad.wmnet'
+    - 'cp1062.eqiad.wmnet'
+    - 'cp1063.eqiad.wmnet'
+    - 'cp1064.eqiad.wmnet'
+    - 'cp1071.eqiad.wmnet'
+    - 'cp1072.eqiad.wmnet'
+    - 'cp1073.eqiad.wmnet'
+    - 'cp1074.eqiad.wmnet'
+    - 'cp1099.eqiad.wmnet'
+  esams:
+    - 'cp3032.esams.wmnet'
+    - 'cp3033.esams.wmnet'
+    - 'cp3034.esams.wmnet'
+    - 'cp3035.esams.wmnet'
+    - 'cp3036.esams.wmnet'
+    - 'cp3037.esams.wmnet'
+    - 'cp3038.esams.wmnet'
+    - 'cp3039.esams.wmnet'
+    - 'cp3042.esams.wmnet'
+    - 'cp3043.esams.wmnet'
+    - 'cp3044.esams.wmnet'
+    - 'cp3045.esams.wmnet'
+    - 'cp3046.esams.wmnet'
+    - 'cp3047.esams.wmnet'
+    - 'cp3048.esams.wmnet'
+    - 'cp3049.esams.wmnet'
+  ulsfo:
+    - 'cp4005.ulsfo.wmnet'
+    - 'cp4006.ulsfo.wmnet'
+    - 'cp4007.ulsfo.wmnet'
+    - 'cp4013.ulsfo.wmnet'
+    - 'cp4014.ulsfo.wmnet'
+    - 'cp4015.ulsfo.wmnet'
diff --git a/manifests/role/ipsec.pp b/manifests/role/ipsec.pp
index b78e115..9d4ffa0 100644
--- a/manifests/role/ipsec.pp
+++ b/manifests/role/ipsec.pp
@@ -14,8 +14,15 @@
     if $hosts != undef {
         $targets = $hosts
     } else {
-        $cache_cluster = regsubst(hiera('cluster'), '_', '::')
-        $cluster_nodes = hiera("${cache_cluster}::nodes")
+        # if $cluster == 'cache_text', $ipsec_cluster = 'cache::ipsec::text'
+        # This duplication of nodelist data in the ::ipsec:: case in
+        # hieradata is so that we can depool cache nodes in the primary
+        # hieradata lists without de-configuring the ipsec associations,
+        # which could cause a traffic-leaking race.  This will go away once
+        # etcd replaces hieradata comments for varnish-level depooling.
+
+        $ipsec_cluster = regsubst(hiera('cluster'), '_', '::ipsec::')
+        $cluster_nodes = hiera("${ipsec_cluster}::nodes")
         # for 'left' nodes in cache sites, enumerate 'right' nodes in "main" 
sites
         if $::site == 'esams' or $::site == 'ulsfo' {
             $targets = concat(

-- 
To view, visit https://gerrit.wikimedia.org/r/216884
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id254d5849f23992c03504e1db0c37445bede9014
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: Gage <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] duplicate hieradata cache nodelists for ipsec - change (operations/puppet)

Reply via email to