[MediaWiki-commits] [Gerrit] operations/puppet[production]: Move all firewall setup for mariadb::core to the role

Jcrespo (Code Review) Fri, 26 Aug 2016 06:40:30 -0700

Jcrespo has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/306918


Change subject: Move all firewall setup for mariadb::core to the role
......................................................................

Move all firewall setup for mariadb::core to the role

It was finally applied to all core databases.

Mostly only some misc systems pending.

Change-Id: I8ff6b8e67c8cecf1b0759a1844335825b2b8c7ee
---
M manifests/role/mariadb.pp
M manifests/site.pp
2 files changed, 1 insertion(+), 40 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/18/306918/1

diff --git a/manifests/role/mariadb.pp b/manifests/role/mariadb.pp
index 1da71c7..45ebaa4 100644
--- a/manifests/role/mariadb.pp
+++ b/manifests/role/mariadb.pp
@@ -588,6 +588,7 @@
     }
 
     include standard
+    include base::firewall
     include role::mariadb::grants
     include role::mariadb::grants::core
     include role::mariadb::monitor
diff --git a/manifests/site.pp b/manifests/site.pp
index f2429d6..4b36f97 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -422,14 +422,12 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db10(51|52|53|55|65|66|72|73|80|83|89)\.eqiad\.wmnet/ {
     class { 'role::mariadb::core':
         shard => 's1',
     }
-    include base::firewall
 }
 
 # s1 (enwiki) core production dbs on codfw
@@ -440,7 +438,6 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db20(34|42|48|55|62|69|70)\.codfw\.wmnet/ {
@@ -448,7 +445,6 @@
         shard         => 's1',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 # s2 (large wikis) core production dbs on eqiad
@@ -459,14 +455,12 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db10(21|24|36|54|60|63|67|74|76|90)\.eqiad\.wmnet/ {
     class { 'role::mariadb::core':
         shard => 's2',
     }
-    include base::firewall
 }
 
 # s2 (large wikis) core production dbs on codfw
@@ -477,7 +471,6 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db20(35|41|49|56|63|64)\.codfw\.wmnet/ {
@@ -485,7 +478,6 @@
         shard         => 's2',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 # s3 (default) core production dbs on eqiad
@@ -504,7 +496,6 @@
     class { 'role::mariadb::core':
         shard => 's3',
     }
-    include base::firewall
 }
 
 # s3 (default) core production dbs on codfw
@@ -515,7 +506,6 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db20(36|43|50|57)\.codfw\.wmnet/ {
@@ -523,7 +513,6 @@
         shard         => 's3',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 # s4 (commons) core production dbs on eqiad
@@ -534,14 +523,12 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db10(19|42|56|59|64|68|81|84|91)\.eqiad\.wmnet/ {
     class { 'role::mariadb::core':
         shard => 's4',
     }
-    include base::firewall
 }
 
 # s4 (commons) core production dbs on codfw
@@ -552,7 +539,6 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db20(37|44|51|58|65)\.codfw\.wmnet/ {
@@ -560,7 +546,6 @@
         shard         => 's4',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 # s5 (wikidata/dewiki) core production dbs on eqiad
@@ -571,14 +556,12 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db10(26|45|70|71|82|87|92)\.eqiad\.wmnet/ {
     class { 'role::mariadb::core':
         shard => 's5',
     }
-    include base::firewall
 }
 
 # s5 (wikidata/dewiki) core production dbs on codfw
@@ -589,7 +572,6 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db20(38|45|52|59|66)\.codfw\.wmnet/ {
@@ -597,7 +579,6 @@
         shard         => 's5',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 # s6 core production dbs on eqiad
@@ -608,14 +589,12 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db10(22|23|30|37|61|85|88|93)\.eqiad\.wmnet/ {
     class { 'role::mariadb::core':
         shard => 's6',
     }
-    include base::firewall
 }
 
 # s6 core production dbs on codfw
@@ -626,7 +605,6 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db20(39|46|53|60|67)\.codfw\.wmnet/ {
@@ -634,7 +612,6 @@
         shard         => 's6',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 # s7 (centralauth, meta et al.) core production dbs on eqiad
@@ -645,14 +622,12 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db10(28|33|34|39|62|79|86|94)\.eqiad\.wmnet/ {
     class { 'role::mariadb::core':
         shard => 's7',
     }
-    include base::firewall
 }
 
 # s7 (centralauth, meta et al.) core production dbs on codfw
@@ -663,7 +638,6 @@
         master        => true,
         binlog_format => 'STATEMENT',
     }
-    include base::firewall
 }
 
 node /^db20(40|47|54|61|68)\.codfw\.wmnet/ {
@@ -671,7 +645,6 @@
         shard         => 's7',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 ## x1 shard
@@ -682,7 +655,6 @@
         master        => true,
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 node 'db1029.eqiad.wmnet' {
@@ -690,7 +662,6 @@
         shard         => 'x1',
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 # codfw
@@ -700,7 +671,6 @@
         master        => true,
         binlog_format => 'ROW',
     }
-    include base::firewall
 }
 
 ## m1 shard
@@ -959,7 +929,6 @@
         shard => 'es1',
         ssl   => 'on'
     }
-    include base::firewall
 }
 
 ## codfw servers
@@ -969,7 +938,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 # External Storage, Shard 2 (es2) databases
@@ -982,7 +950,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 node /^es101[13]\.eqiad\.wmnet/ {
@@ -991,7 +958,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 ## codfw servers
@@ -1002,7 +968,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 node /^es201[46]\.codfw\.wmnet/ {
@@ -1011,7 +976,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 # External Storage, Shard 3 (es3) databases
@@ -1024,7 +988,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 node /^es101[47]\.eqiad\.wmnet/ {
@@ -1033,7 +996,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 ## codfw servers
@@ -1044,7 +1006,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 node /^es201[79]\.codfw\.wmnet/ {
@@ -1053,7 +1014,6 @@
         binlog_format => 'ROW',
         ssl           => 'on',
     }
-    include base::firewall
 }
 
 # Disaster recovery hosts for external storage

-- 
To view, visit https://gerrit.wikimedia.org/r/306918
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8ff6b8e67c8cecf1b0759a1844335825b2b8c7ee
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jcrespo <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Move all firewall setup for mariadb::core to the role

Reply via email to