Hello Giuseppe Lavagetto, jenkins-bot, I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/341739 to review the following change. Change subject: Revert "authdns lint support for full puppetized config" ...................................................................... Revert "authdns lint support for full puppetized config" This reverts commit d79dc312355c67ec42021f1081245d3b8377b6e5. Change-Id: I1cdf890d343dca8dd9874a3330af937a16fe548a --- M modules/authdns/files/authdns-lint M modules/authdns/manifests/init.pp M modules/authdns/manifests/lint.pp D modules/authdns/manifests/ns.pp M modules/role/manifests/authdns/server.pp M modules/role/manifests/authdns/testns.pp 6 files changed, 111 insertions(+), 159 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/39/341739/1 diff --git a/modules/authdns/files/authdns-lint b/modules/authdns/files/authdns-lint index 5ad52df..878f25a 100644 --- a/modules/authdns/files/authdns-lint +++ b/modules/authdns/files/authdns-lint @@ -35,23 +35,11 @@ echo "Using $TESTDIR as the output working directory (gdnsd chroot)" mkdir -p $TESTDIR/etc/zones -if [ ! -e /var/lib/gdnsd/testconfig/config ]; then - die "main config file not found, system misconfigured?" -fi -if [ ! -e /var/lib/gdnsd/testconfig/discovery-geo-resources ]; then - die "discovery-geo-resources not found, system misconfigured?" -fi -if [ ! -e /var/lib/gdnsd/testconfig/discovery-metafo-resources ]; then - die "discovery-metafo-resources not found, system misconfigured?" -fi -if [ ! -e /var/lib/gdnsd/testconfig/discovery-states ]; then - die "discovery-states not found, system misconfigured?" -fi -if [ ! -e /var/lib/gdnsd/testconfig/discovery-map ]; then - die "discovery-map not found, system misconfigured?" -fi if [ ! -e "$WORKINGDIR/templates" ]; then die "templates not found, system misconfigured?" +fi +if [ ! -e "$WORKINGDIR/config-geo-test" ]; then + die "config-geo-test not found, system misconfigured?" fi if [ ! -e "$WORKINGDIR/geo-maps" ]; then die "geo-maps not found, system misconfigured?" @@ -64,11 +52,7 @@ authdns-gen-zones $WORKINGDIR/templates $TESTDIR/etc/zones echo "Generating gdnsd config" -cp -f /var/lib/gdnsd/testconfig/config $TESTDIR/etc/ -cp -f /var/lib/gdnsd/testconfig/discovery-geo-resources $TESTDIR/etc/ -cp -f /var/lib/gdnsd/testconfig/discovery-metafo-resources $TESTDIR/etc/ -cp -f /var/lib/gdnsd/testconfig/discovery-states $TESTDIR/etc/ -cp -f /var/lib/gdnsd/testconfig/discovery-map $TESTDIR/etc/ +cp -f $WORKINGDIR/config-geo-test $TESTDIR/etc/config cp -f $WORKINGDIR/geo-maps $TESTDIR/etc/geo-maps cp -f $WORKINGDIR/geo-resources $TESTDIR/etc/geo-resources diff --git a/modules/authdns/manifests/init.pp b/modules/authdns/manifests/init.pp index 675c655..6202faf 100644 --- a/modules/authdns/manifests/init.pp +++ b/modules/authdns/manifests/init.pp @@ -1,152 +1,136 @@ # == Class authdns -# Base authdns setup shared by authdns::ns and authdns::lint -# -# $nameservers - Array of FQDN of nameservers participating in -# "authdns-update" scheme for syncing zone data. If left un-set, will -# default to only the local machine's FQDN, creating what is effectively -# an isolated test server. -# $gitrepo - If defined, this is the repo to pull DNS zone data from, and -# this code assumes setup of a live gdnsd server and ensures config is -# templated and git data is pulled into place before the package is -# installed to avoid potentially issuing REFUSED for unknown zones, etc. -# If undefined (the default), the gdnsd OS-level service is -# disabled/stopped, and no data syncing for zone data is set up at all. -# $config_dir - default "/etc/gdnsd" - place where config files deployed. +# A class to implement Wikimedia's authoritative DNS system # class authdns( $nameservers = [ $::fqdn ], $gitrepo = undef, - $config_dir='/etc/gdnsd', + $monitoring = true, + $conftool_prefix = hiera('conftool_prefix'), + $lvs_services, + $discovery_services, ) { + require ::authdns::account require ::authdns::scripts - - if $gitrepo { - require ::geoip::data::puppet - $svc_ensure = 'running' - $svc_enable = true - } - else { - include ::geoip - $svc_ensure = 'stopped' - $svc_enable = false - } + require ::geoip::data::puppet package { 'gdnsd': ensure => installed, } service { 'gdnsd': - ensure => $svc_ensure, - enable => $svc_enable, + ensure => 'running', hasrestart => true, hasstatus => true, require => Package['gdnsd'], } - file { $config_dir: + # the package creates this, but we want to set up the config before we + # install the package, so that the daemon starts up with a well-known + # config that leaves no window where it'd refuse to answer properly + file { '/etc/gdnsd': ensure => 'directory', owner => 'root', group => 'root', mode => '0755', } - - file { "${config_dir}/config": + file { '/etc/gdnsd/config': ensure => 'present', owner => 'root', group => 'root', mode => '0444', content => template("${module_name}/config.erb"), - require => File[$config_dir], + require => File['/etc/gdnsd'], notify => Service['gdnsd'], } - - file { "${config_dir}/discovery-geo-resources": - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0444', - content => template("${module_name}/discovery-geo-resources.erb"), - require => File[$config_dir], - notify => Service['gdnsd'], - } - - file { "${config_dir}/discovery-metafo-resources": - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0444', - content => template("${module_name}/discovery-metafo-resources.erb"), - require => File[$config_dir], - notify => Service['gdnsd'], - } - - file { "${config_dir}/discovery-states": - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0444', - content => template("${module_name}/discovery-states.erb"), - require => File[$config_dir], - notify => Service['gdnsd'], - } - - file { "${config_dir}/discovery-map": - ensure => 'present', - mode => '0444', - owner => 'root', - group => 'root', - source => "puppet:///modules/${module_name}/discovery-map", - require => File[$config_dir], - notify => Service['gdnsd'], - } - - file { "${config_dir}/zones": + file { '/etc/gdnsd/zones': ensure => 'directory', owner => 'root', group => 'root', mode => '0755', } - if $gitrepo { - require ::authdns::account + $workingdir = '/srv/authdns/git' # export to template - $workingdir = '/srv/authdns/git' # export to template + file { '/etc/wikimedia-authdns.conf': + ensure => 'present', + mode => '0444', + owner => 'root', + group => 'root', + content => template("${module_name}/wikimedia-authdns.conf.erb"), + } - file { '/etc/wikimedia-authdns.conf': - ensure => 'present', - mode => '0444', - owner => 'root', - group => 'root', - content => template("${module_name}/wikimedia-authdns.conf.erb"), - } + # do the initial clone via puppet + git::clone { $workingdir: + directory => $workingdir, + origin => $gitrepo, + branch => 'master', + owner => 'authdns', + group => 'authdns', + notify => Exec['authdns-local-update'], + } - # do the initial clone via puppet - git::clone { $workingdir: - directory => $workingdir, - origin => $gitrepo, - branch => 'master', - owner => 'authdns', - group => 'authdns', - notify => Exec['authdns-local-update'], - } - - # we prepare the config even before the package gets installed, leaving - # no window where service would be started and answer with REFUSED - exec { 'authdns-local-update': - command => '/usr/local/sbin/authdns-local-update --skip-review', - user => root, - refreshonly => true, - timeout => 60, - before => Package['gdnsd'], - require => [ + exec { 'authdns-local-update': + command => '/usr/local/sbin/authdns-local-update --skip-review', + user => root, + refreshonly => true, + timeout => 60, + require => [ File['/etc/wikimedia-authdns.conf'], - File["${config_dir}/config"], - File["${config_dir}/discovery-geo-resources"], - File["${config_dir}/discovery-metafo-resources"], - File["${config_dir}/discovery-states"], - File["${config_dir}/discovery-map"], + File['/etc/gdnsd/config'], Git::Clone['/srv/authdns/git'], ], - } + # we prepare the config even before the package gets installed, leaving + # no window where service would be started and answer with REFUSED + before => Package['gdnsd'], } + + if $monitoring { + include ::authdns::monitoring + } + + # Discovery Magic + + file { '/etc/gdnsd/discovery-geo-resources': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0444', + content => template("${module_name}/discovery-geo-resources.erb"), + require => File['/etc/gdnsd'], + notify => Service['gdnsd'], + } + + file { '/etc/gdnsd/discovery-metafo-resources': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0444', + content => template("${module_name}/discovery-metafo-resources.erb"), + require => File['/etc/gdnsd'], + notify => Service['gdnsd'], + } + + file { '/etc/gdnsd/discovery-states': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0444', + content => template("${module_name}/discovery-states.erb"), + require => File['/etc/gdnsd'], + notify => Service['gdnsd'], + } + + file { '/etc/gdnsd/discovery-map': + ensure => 'present', + mode => '0444', + owner => 'root', + group => 'root', + source => "puppet:///modules/${module_name}/discovery-map", + } + + class { 'confd': + prefix => $conftool_prefix, + } + + create_resources(::authdns::discovery_statefile, $discovery_services, { lvs_services => $lvs_services }) } diff --git a/modules/authdns/manifests/lint.pp b/modules/authdns/manifests/lint.pp index 2fae1c2..69f49a0 100644 --- a/modules/authdns/manifests/lint.pp +++ b/modules/authdns/manifests/lint.pp @@ -2,7 +2,18 @@ # A class to lint Wikimedia's authoritative DNS system # class authdns::lint { - class { 'authdns': - config_dir => '/var/lib/gdnsd/testconfig', + include ::authdns::scripts + include ::geoip + + package { 'gdnsd': + ensure => installed, + } + + service { 'gdnsd': + ensure => 'stopped', + enable => false, + hasrestart => true, + hasstatus => true, + require => Package['gdnsd'], } } diff --git a/modules/authdns/manifests/ns.pp b/modules/authdns/manifests/ns.pp deleted file mode 100644 index b541921..0000000 --- a/modules/authdns/manifests/ns.pp +++ /dev/null @@ -1,27 +0,0 @@ -# == Class authdns::ns -# A class to implement Wikimedia's authoritative DNS servers -# -class authdns::ns( - $nameservers = [ $::fqdn ], - $gitrepo = undef, - $monitoring = true, - $conftool_prefix = hiera('conftool_prefix'), - $lvs_services, - $discovery_services, -) { - class { 'authdns': - nameservers => $nameservers, - gitrepo => $gitrepo, - config_dir => '/etc/gdnsd', - } - - if $monitoring { - include ::authdns::monitoring - } - - # confd statefile templating for discovery - class { 'confd': - prefix => $conftool_prefix, - } - create_resources(::authdns::discovery_statefile, $discovery_services, { lvs_services => $lvs_services }) -} diff --git a/modules/role/manifests/authdns/server.pp b/modules/role/manifests/authdns/server.pp index f2893b0..2320679 100644 --- a/modules/role/manifests/authdns/server.pp +++ b/modules/role/manifests/authdns/server.pp @@ -13,7 +13,7 @@ { interface => 'lo' } ) - class { 'authdns::ns': + class { 'authdns': nameservers => $role::authdns::data::nameservers, gitrepo => $role::authdns::data::gitrepo, lvs_services => hiera('lvs::configuration::lvs_services'), diff --git a/modules/role/manifests/authdns/testns.pp b/modules/role/manifests/authdns/testns.pp index 0d6f9d6..e25cbc7 100644 --- a/modules/role/manifests/authdns/testns.pp +++ b/modules/role/manifests/authdns/testns.pp @@ -2,7 +2,7 @@ # role for e.g. public addrs, monitoring, authdns-update, etc. class role::authdns::testns { include role::authdns::data - class { 'authdns::ns': + class { 'authdns': gitrepo => $role::authdns::data::gitrepo, monitoring => false, lvs_services => hiera('lvs::configuration::lvs_services'), -- To view, visit https://gerrit.wikimedia.org/r/341739 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1cdf890d343dca8dd9874a3330af937a16fe548a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits