Andrew Bogott has submitted this change and it was merged.
Change subject: Consolidate labs pdns settings into a hiera dict.
......................................................................
Consolidate labs pdns settings into a hiera dict.
Among other things, this will allow us to specify
realm- and host-based pnds passwords.
Change-Id: I92c0d785ecb9d773a6ecab7a22b694015477e529
---
M hieradata/codfw.yaml
M hieradata/codfw/labtest-instances.yaml
M hieradata/codfw/labtest.yaml
M hieradata/eqiad.yaml
M hieradata/hosts/holmium.yaml
M hieradata/labs.yaml
M manifests/realm.pp
M modules/openstack/manifests/nova/network.pp
M modules/role/manifests/labs/dns.pp
M modules/role/manifests/labs/dnsrecursor.pp
M modules/role/manifests/labs/openstack/designate.pp
11 files changed, 48 insertions(+), 30 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/codfw.yaml b/hieradata/codfw.yaml
index e6760bf..1cacc3d 100644
--- a/hieradata/codfw.yaml
+++ b/hieradata/codfw.yaml
@@ -31,9 +31,12 @@
labs_certmanager_hostname: "labservices1001.wikimedia.org"
# These are the up-and-coming, better dns servers:
-labs_dns_host: &labsdnshost "labs-ns2.wikimedia.org"
-labs_dns_host_secondary: &labsdnshostsecondary "labs-ns3.wikimedia.org"
-labs_recursor: &labsrecursor "labs-recursor0.wikimedia.org"
+labsdnsconfig:
+ host: 'labs-ns2.wikimedia.org'
+ host_secondary: 'labs-ns3.wikimedia.org'
+ dbserver: 'm5-master.eqiad.wmnet'
+ recursor: 'labs-recursor0.wikimedia.org'
+ recursor_secondary: 'labs-recursor1.wikimedia.org'
ldap_labs_hostname: ldap-labs.codfw.wikimedia.org
diff --git a/hieradata/codfw/labtest-instances.yaml
b/hieradata/codfw/labtest-instances.yaml
index 8bfb6f6..a9616b7 100644
--- a/hieradata/codfw/labtest-instances.yaml
+++ b/hieradata/codfw/labtest-instances.yaml
@@ -1,5 +1,7 @@
-labs_recursor: "labtest-recursor0.wikimedia.org"
-labs_recursor_secondary: "labtest-recursor0.wikimedia.org"
puppetmaster: "labtestcontrol2001.wikimedia.org"
saltmaster: "labtestcontrol2001.wikimedia.org"
ldap_host: "labtestservices2001.wikimedia.org"
+
+labsdnsconfig:
+ recursor: 'labtest-recursor0.wikimedia.org'
+ recursor_secondary: 'labtest-recursor0.wikimedia.org'
diff --git a/hieradata/codfw/labtest.yaml b/hieradata/codfw/labtest.yaml
index 353321f..89cd8e6 100644
--- a/hieradata/codfw/labtest.yaml
+++ b/hieradata/codfw/labtest.yaml
@@ -26,14 +26,15 @@
labs_ldap_dns_host: &labsldapdnshost "labtestservices2001.wikimedia.org"
labs_ldap_dns_host_secondary: &labsldapdnshostsecondary
"labtestservices2001.wikimedia.org"
-
-labs_dns_host: &labsdnshost "labtest-ns0.wikimedia.org"
-labs_dns_host_secondary: &labsdnshostsecondary "labtest-ns0.wikimedia.org"
-labs_dns_db_server: 'labtestcontrol2001.wikimedia.org'
-labs_recursor: &labsrecursor "labtest-recursor0.wikimedia.org"
-
ldap_labs_hostname: labtestservices2001.wikimedia.org
+labsdnsconfig:
+ host: 'labtest-ns0.wikimedia.org'
+ host_secondary: 'labs-ns0.wikimedia.org'
+ dbserver: 'labtestcontrol2001.wikimedia.org'
+ recursor: 'labtest-recursor0.wikimedia.org'
+ recursor_secondary: 'labtest-recursor0.wikimedia.org'
+
novaconfig:
network_host: *labsnovanetworkip
api_host: *labsnovaapihost
diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml
index 3028621..7cdf2f3 100644
--- a/hieradata/eqiad.yaml
+++ b/hieradata/eqiad.yaml
@@ -91,10 +91,12 @@
labs_ldap_dns_host_secondary: &labsldapdnshostsecondary
"labs-ns1.wikimedia.org"
# These are the up-and-coming, better dns servers:
-labs_dns_host: &labsdnshost "labs-ns2.wikimedia.org"
-labs_dns_host_secondary: &labsdnshostsecondary "labs-ns3.wikimedia.org"
-labs_dns_db_server: 'm5-master.eqiad.wmnet'
-labs_recursor: &labsrecursor "labs-recursor1.wikimedia.org"
+labsdnsconfig:
+ host: 'labs-ns2.wikimedia.org'
+ host_secondary: 'labs-ns3.wikimedia.org'
+ dbserver: 'm5-master.eqiad.wmnet'
+ recursor: 'labs-recursor1.wikimedia.org'
+ recursor_secondary: 'labs-recursor0.wikimedia.org'
novaconfig:
db_host: 'm5-master.eqiad.wmnet'
diff --git a/hieradata/hosts/holmium.yaml b/hieradata/hosts/holmium.yaml
index 792c5c8..e7acc24 100644
--- a/hieradata/hosts/holmium.yaml
+++ b/hieradata/hosts/holmium.yaml
@@ -1,4 +1,7 @@
cluster: virt
-labs_dns_host: "labs-ns3.wikimedia.org"
-labs_dns_host_secondary: &labsdnshostsecondary "labs-ns2.wikimedia.org"
-labs_recursor: "labs-recursor0.wikimedia.org"
+
+labsdnsconfig:
+ host: 'labs-ns3.wikimedia.org'
+ host_secondary: 'labs-ns2.wikimedia.org'
+ recursor: 'labs-recursor0.wikimedia.org'
+ recursor_secondary: 'labs-recursor1.wikimedia.org'
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index b512e42..f897439 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -4,6 +4,11 @@
standard::has_ganglia: false
has_nrpe: false
+# dns
+labsdnsconfig:
+ recursor: 'labs-recursor1.wikimedia.org'
+ recursor_secondary: 'labs-recursor0.wikimedia.org'
+
# Additional base overrides
standard::has_admin: false
base::remote_syslog::enable: false
@@ -45,8 +50,6 @@
"${::fqdn}": 1
nrpe::allowed_hosts: '10.68.16.195'
-labs_recursor: "labs-recursor1.wikimedia.org"
-labs_recursor_secondary: "labs-recursor0.wikimedia.org"
ssh::server::disable_agent_forwarding: false
puppetmaster: "labs-puppetmaster-eqiad.wikimedia.org"
saltmaster: "labs-puppetmaster-eqiad.wikimedia.org"
diff --git a/manifests/realm.pp b/manifests/realm.pp
index e3e577f..7117f9d 100644
--- a/manifests/realm.pp
+++ b/manifests/realm.pp
@@ -89,7 +89,8 @@
# DNS
if $::realm == 'labs' {
- $nameservers = [ ipresolve(hiera('labs_recursor'),4),
ipresolve(hiera('labs_recursor_secondary'),4) ]
+ $dnsconfig = hiera_hash('labsdnsconfig', {})
+ $nameservers = [ ipresolve($dnsconfig['recursor'],4),
ipresolve($dnsconfig['recursor_secondary'],4) ]
} else {
$nameservers = $site ? {
'eqiad' => [ '208.80.154.239', '208.80.153.254' ], # eqiad -> eqiad,
codfw
diff --git a/modules/openstack/manifests/nova/network.pp
b/modules/openstack/manifests/nova/network.pp
index 5c7f7e9..3e3d7d2 100644
--- a/modules/openstack/manifests/nova/network.pp
+++ b/modules/openstack/manifests/nova/network.pp
@@ -46,8 +46,9 @@
private_ip => '10.68.16.65'},
}
+ $dnsconfig = hiera_hash('labsdnsconfig', {})
$labs_metal = hiera('labs_metal',{})
- $recursor_ip = ipresolve(hiera('labs_recursor'),4)
+ $recursor_ip = ipresolve($dnsconfig['recursor'],4)
file { '/etc/dnsmasq-nova.conf':
content =>
template("openstack/${$openstack_version}/nova/dnsmasq-nova.conf.erb"),
owner => 'root',
diff --git a/modules/role/manifests/labs/dns.pp
b/modules/role/manifests/labs/dns.pp
index cee7fe0..c6c616b 100644
--- a/modules/role/manifests/labs/dns.pp
+++ b/modules/role/manifests/labs/dns.pp
@@ -2,14 +2,14 @@
system::role { 'role::labs::dns':
description => 'DNS server for Labs instances',
}
- include passwords::pdns
+ $dnsconfig = hiera_hash('labsdnsconfig', {})
class { '::labs_dns':
dns_auth_ipaddress => $::ipaddress_eth0,
dns_auth_query_address => $::ipaddress_eth0,
- dns_auth_soa_name => hiera('labs_dns_host'),
- pdns_db_host => hiera('labs_dns_db_server'),
- pdns_db_password => $passwords::pdns::db_pass,
+ dns_auth_soa_name => $dnsconfig['host'],
+ pdns_db_host => $dnsconfig['dbserver'],
+ pdns_db_password => $dnsconfig['db_pass'],
}
ferm::service { 'udp_dns_rec':
diff --git a/modules/role/manifests/labs/dnsrecursor.pp
b/modules/role/manifests/labs/dnsrecursor.pp
index 0b2f0b5..2cfe3ac 100644
--- a/modules/role/manifests/labs/dnsrecursor.pp
+++ b/modules/role/manifests/labs/dnsrecursor.pp
@@ -26,10 +26,11 @@
}
$keystoneconfig = hiera_hash('keystoneconfig', {})
+ $dnsconfig = hiera_hash('labsdnsconfig', {})
include ::network::constants
$all_networks = $::network::constants::all_networks
- $recursor_ip = ipresolve(hiera('labs_recursor'),4)
+ $recursor_ip = ipresolve($dnsconfig['recursor'],4)
interface::ip { 'role::lab::dnsrecursor':
interface => 'eth0',
@@ -45,7 +46,7 @@
default => [$recursor_ip]
}
- $labs_auth_dns = ipresolve(hiera('labs_dns_host'),4)
+ $labs_auth_dns = ipresolve($dnsconfig['host'],4)
$lua_hooks = ['/etc/powerdns/labs-ip-alias.lua',
'/etc/powerdns/metaldns.lua']
diff --git a/modules/role/manifests/labs/openstack/designate.pp
b/modules/role/manifests/labs/openstack/designate.pp
index 2bb22f6..dca79ad 100644
--- a/modules/role/manifests/labs/openstack/designate.pp
+++ b/modules/role/manifests/labs/openstack/designate.pp
@@ -28,8 +28,9 @@
rule => "saddr (${wikitech_ip} ${horizon_ip} ${controller_ip}) proto
tcp dport (9001) ACCEPT;",
}
- $dns_host = hiera('labs_dns_host')
- $dns_host_secondary = hiera('labs_dns_host_secondary')
+ $dnsconfig = hiera_hash('labsdnsconfig', {})
+ $dns_host = $dnsconfig['host']
+ $dns_host_secondary = $dnsconfig['host_secondary']
$dns_host_ip = ipresolve ($dns_host)
$dns_host_secondary_ip = ipresolve ($dns_host_secondary)
--
To view, visit https://gerrit.wikimedia.org/r/273144
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I92c0d785ecb9d773a6ecab7a22b694015477e529
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
