Giuseppe Lavagetto has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/339416 )
Change subject: role::puppetmaster::frontend: include profile::conftool::master
......................................................................
role::puppetmaster::frontend: include profile::conftool::master
Instead of including the role::conftool::master from site.pp
Change-Id: I2d52d44b33d6d0090e69b30c2c5936d7f6e2432c
---
M hieradata/common.yaml
M hieradata/role/common/puppetmaster/frontend.yaml
M manifests/site.pp
M modules/profile/manifests/conftool/client.pp
A modules/profile/manifests/conftool/master.pp
M modules/role/manifests/puppetmaster/frontend.pp
6 files changed, 65 insertions(+), 12 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/16/339416/1
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 8c879f3..8f2f595 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -459,3 +459,8 @@
cumin_masters:
- neodymium.eqiad.wmnet
- sarin.codfw.wmnet
+
+# Etcd client global configuration
+etcd_client_srv_domain: "%{::site}.wmnet"
+etcd_host: ''
+etcd_port: ''
diff --git a/hieradata/role/common/puppetmaster/frontend.yaml
b/hieradata/role/common/puppetmaster/frontend.yaml
index 7328447..df7a449 100644
--- a/hieradata/role/common/puppetmaster/frontend.yaml
+++ b/hieradata/role/common/puppetmaster/frontend.yaml
@@ -14,3 +14,6 @@
apache::logrotate::period: "daily"
apache::logrotate::rotate: 7
cluster: puppet
+# Conftool
+profile::conftool::client::namespace: "/conftool"
+profile::conftool::master::sync_dir: "/etc/conftool/data"
diff --git a/manifests/site.pp b/manifests/site.pp
index 61ea65d..3b96c36 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2410,7 +2410,7 @@
node /^puppetmaster[12]001\.(codfw|eqiad)\.wmnet$/ {
role(
ipmi::mgmt, access_new_install,
- puppetmaster::frontend, conftool::master,
+ puppetmaster::frontend,
pybal_config
)
include ::standard
diff --git a/modules/profile/manifests/conftool/client.pp
b/modules/profile/manifests/conftool/client.pp
index 7f40ee8..2714006 100644
--- a/modules/profile/manifests/conftool/client.pp
+++ b/modules/profile/manifests/conftool/client.pp
@@ -8,21 +8,21 @@
# - The etcd credentials for the root user in /root/.etcdrc
#
class profile::conftool::client(
- $srv_dns = hiera('etcd::srv_dns'),
- $host = hiera('etcd::host'),
- $port = hiera('etcd::port'),
+ $srv_domain = hiera('etcd_client_srv_dns'),
+ $host = hiera('etcd_host'),
+ $port = hiera('etcd_port'),
$root_password = hiera('etcd::auth::common::root_password'),
- $tcpircbot_host = hiera('profile::conftool::client::tcpircbot_host')
- $tcpircbot_port = hiera('profile::conftool::client::tcpircbot_port'),
- $namespace = hiera('profile::conftool::client::namespace')
+ $namespace = hiera('profile::conftool::client::namespace',
'/conftool'),
+ $tcpircbot_host = hiera('profile::conftool::client::tcpircbot_host',
'icinga.wikimedia.org')
+ $tcpircbot_port = hiera('profile::conftool::client::tcpircbot_port', 9200),
) {
require_package('python-conftool')
class { '::etcd::client::globalconfig':
- srv_dns => $srv_dns,
- host => $host,
- port => $port,
- protocol => 'https',
+ srv_domain => $srv_domain,
+ host => $host,
+ port => $port,
+ protocol => 'https',
}
::etcd::client::config { '/root/.etcdrc',
diff --git a/modules/profile/manifests/conftool/master.pp
b/modules/profile/manifests/conftool/master.pp
new file mode 100644
index 0000000..42d0d2e
--- /dev/null
+++ b/modules/profile/manifests/conftool/master.pp
@@ -0,0 +1,42 @@
+# == Class profile::conftool::master
+#
+# Class to configure a conftool master, that will be able to
+# sync data from yaml files in $sync_dir
+#
+# [*parameters*]
+# sync_dir The directory to sync from in conftool-merge
+#
+class profile::conftool::master(
+ $sync_dir = hiera('profile::conftool::master::sync_dir'),
+) {
+
+ system::role { 'conftool-master':
+ description => 'Conftool master',
+ }
+
+ # All the configuration we have for the client is needed by the master
+ require ::profile::conftool::client
+
+ # We also need to know where the puppet repo is. We cannot require a
profile
+ # here because the puppet classes are not well structured. TODO: fix this
+ # and transform the git dir into a parameter
+ require ::puppetmaster::base_repo
+
+ file { '/etc/conftool/data':
+ ensure => link,
+ target =>
"${::puppetmaster::base_repo::gitdir}/operations/puppet/conftool-data",
+ force => true,
+ before => File['/usr/local/bin/conftool-merge'],
+ }
+
+ file { '/usr/local/bin/conftool-merge':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0500',
+ content => template('conftool/conftool-merge.erb'),
+ }
+
+ # Note: we do not include etcd's own auth defines as we are discouraging
using it
+ # in favour of proxying via nginx. This might change when/if we switch to
etcd 3
+}
diff --git a/modules/role/manifests/puppetmaster/frontend.pp
b/modules/role/manifests/puppetmaster/frontend.pp
index 3ff4775..ee14517 100644
--- a/modules/role/manifests/puppetmaster/frontend.pp
+++ b/modules/role/manifests/puppetmaster/frontend.pp
@@ -2,8 +2,11 @@
class role::puppetmaster::frontend {
include ::base::firewall
-
+ include ::profile::conftool::client
+ include ::profile::conftool::master
include role::backup::host
+
+ # Everything below this point belongs in a profile
backup::set { 'var-lib-puppet-ssl': }
backup::set { 'var-lib-puppet-volatile': }
--
To view, visit https://gerrit.wikimedia.org/r/339416
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2d52d44b33d6d0090e69b30c2c5936d7f6e2432c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
