[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetdb: Do not hardcode puppetmasters

Tue, 27 Dec 2016 04:49:02 -0800 

Hello Alexandros Kosiaris,

I'd like you to do a code review.  Please visit

    https://gerrit.wikimedia.org/r/329330

to review the following change.


Change subject: puppetdb: Do not hardcode puppetmasters
......................................................................

puppetdb: Do not hardcode puppetmasters

For Labs PuppetDB setups, it is necessary to be able to specify
different puppetmasters so that they are not blocked by the firewall.
In the general case, for an instance set up to serve as a PuppetDB it
is most likely that "the" puppetmaster is all the puppetmasters, so
this change sets it as default for Labs.

Bug: T153577
Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c
---
M hieradata/labs.yaml
M modules/role/manifests/puppetmaster/puppetdb.pp
2 files changed, 4 insertions(+), 16 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/30/329330/1

diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index c20b7a6..fd912dc 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -33,6 +33,9 @@
 archiva::proxy::ssl_enabled: false
 archiva::proxy::certificate_name: ssl-cert-snakeoil
 statsite::instance::graphite_host: 'labmon1001.eqiad.wmnet'
+puppetmaster::servers:
+  "%{hiera('puppetmaster')}":
+    - { worker: "%{hiera('puppetmaster')}", loadfactor: 10 }
 
 # Default to Dummy authenticator in JupyterHubs in labs
 jupyterhub::authenticator: dummy
diff --git a/modules/role/manifests/puppetmaster/puppetdb.pp 
b/modules/role/manifests/puppetmaster/puppetdb.pp
index ac03a10..642bf6c 100644
--- a/modules/role/manifests/puppetmaster/puppetdb.pp
+++ b/modules/role/manifests/puppetmaster/puppetdb.pp
@@ -39,22 +39,7 @@
     }
 
     # Only the TLS-terminating nginx proxy will be exposed
-    # TODO: Use map() once we migrate to the future parser
-    # It should have been
-    #
-    # $puppetmasters = map(values(hiera('puppetmaster::servers')) |p| { 
p['worker'] })
-    #
-    # Instead, we will have to jump through hoops (templates, yaml parsing,
-    # parser functions) for this simple thing. So don't and just hardcode it.
-    #  Does it suck ? Yes it does. But we are not going through all that
-    $puppetmasters = [
-        'puppetmaster1001.eqiad.wmnet',
-        'puppetmaster1002.eqiad.wmnet',
-        'puppetmaster2001.codfw.wmnet',
-        'puppetmaster2002.codfw.wmnet',
-        'rhodium.eqiad.wmnet',
-    ]
-    $puppetmasters_ferm = join($puppetmasters, ' ')
+    $puppetmasters_ferm = inline_template('<%= 
scope.function_hiera([\'puppetmaster::servers\']).values.flatten(1).map { |p| 
p[\'worker\'] }.sort.join(\' \')%>')
     ferm::service { 'puppetdb':
         proto   => 'tcp',
         port    => 443,

-- 
To view, visit https://gerrit.wikimedia.org/r/329330
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to