Hello Giuseppe Lavagetto, jenkins-bot,
I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/341739
to review the following change.
Change subject: Revert "authdns lint support for full puppetized config"
......................................................................
Revert "authdns lint support for full puppetized config"
This reverts commit d79dc312355c67ec42021f1081245d3b8377b6e5.
Change-Id: I1cdf890d343dca8dd9874a3330af937a16fe548a
---
M modules/authdns/files/authdns-lint
M modules/authdns/manifests/init.pp
M modules/authdns/manifests/lint.pp
D modules/authdns/manifests/ns.pp
M modules/role/manifests/authdns/server.pp
M modules/role/manifests/authdns/testns.pp
6 files changed, 111 insertions(+), 159 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/39/341739/1
diff --git a/modules/authdns/files/authdns-lint
b/modules/authdns/files/authdns-lint
index 5ad52df..878f25a 100644
--- a/modules/authdns/files/authdns-lint
+++ b/modules/authdns/files/authdns-lint
@@ -35,23 +35,11 @@
echo "Using $TESTDIR as the output working directory (gdnsd chroot)"
mkdir -p $TESTDIR/etc/zones
-if [ ! -e /var/lib/gdnsd/testconfig/config ]; then
- die "main config file not found, system misconfigured?"
-fi
-if [ ! -e /var/lib/gdnsd/testconfig/discovery-geo-resources ]; then
- die "discovery-geo-resources not found, system misconfigured?"
-fi
-if [ ! -e /var/lib/gdnsd/testconfig/discovery-metafo-resources ]; then
- die "discovery-metafo-resources not found, system misconfigured?"
-fi
-if [ ! -e /var/lib/gdnsd/testconfig/discovery-states ]; then
- die "discovery-states not found, system misconfigured?"
-fi
-if [ ! -e /var/lib/gdnsd/testconfig/discovery-map ]; then
- die "discovery-map not found, system misconfigured?"
-fi
if [ ! -e "$WORKINGDIR/templates" ]; then
die "templates not found, system misconfigured?"
+fi
+if [ ! -e "$WORKINGDIR/config-geo-test" ]; then
+ die "config-geo-test not found, system misconfigured?"
fi
if [ ! -e "$WORKINGDIR/geo-maps" ]; then
die "geo-maps not found, system misconfigured?"
@@ -64,11 +52,7 @@
authdns-gen-zones $WORKINGDIR/templates $TESTDIR/etc/zones
echo "Generating gdnsd config"
-cp -f /var/lib/gdnsd/testconfig/config $TESTDIR/etc/
-cp -f /var/lib/gdnsd/testconfig/discovery-geo-resources $TESTDIR/etc/
-cp -f /var/lib/gdnsd/testconfig/discovery-metafo-resources $TESTDIR/etc/
-cp -f /var/lib/gdnsd/testconfig/discovery-states $TESTDIR/etc/
-cp -f /var/lib/gdnsd/testconfig/discovery-map $TESTDIR/etc/
+cp -f $WORKINGDIR/config-geo-test $TESTDIR/etc/config
cp -f $WORKINGDIR/geo-maps $TESTDIR/etc/geo-maps
cp -f $WORKINGDIR/geo-resources $TESTDIR/etc/geo-resources
diff --git a/modules/authdns/manifests/init.pp
b/modules/authdns/manifests/init.pp
index 675c655..6202faf 100644
--- a/modules/authdns/manifests/init.pp
+++ b/modules/authdns/manifests/init.pp
@@ -1,152 +1,136 @@
# == Class authdns
-# Base authdns setup shared by authdns::ns and authdns::lint
-#
-# $nameservers - Array of FQDN of nameservers participating in
-# "authdns-update" scheme for syncing zone data. If left un-set, will
-# default to only the local machine's FQDN, creating what is effectively
-# an isolated test server.
-# $gitrepo - If defined, this is the repo to pull DNS zone data from, and
-# this code assumes setup of a live gdnsd server and ensures config is
-# templated and git data is pulled into place before the package is
-# installed to avoid potentially issuing REFUSED for unknown zones, etc.
-# If undefined (the default), the gdnsd OS-level service is
-# disabled/stopped, and no data syncing for zone data is set up at all.
-# $config_dir - default "/etc/gdnsd" - place where config files deployed.
+# A class to implement Wikimedia's authoritative DNS system
#
class authdns(
$nameservers = [ $::fqdn ],
$gitrepo = undef,
- $config_dir='/etc/gdnsd',
+ $monitoring = true,
+ $conftool_prefix = hiera('conftool_prefix'),
+ $lvs_services,
+ $discovery_services,
) {
+ require ::authdns::account
require ::authdns::scripts
-
- if $gitrepo {
- require ::geoip::data::puppet
- $svc_ensure = 'running'
- $svc_enable = true
- }
- else {
- include ::geoip
- $svc_ensure = 'stopped'
- $svc_enable = false
- }
+ require ::geoip::data::puppet
package { 'gdnsd':
ensure => installed,
}
service { 'gdnsd':
- ensure => $svc_ensure,
- enable => $svc_enable,
+ ensure => 'running',
hasrestart => true,
hasstatus => true,
require => Package['gdnsd'],
}
- file { $config_dir:
+ # the package creates this, but we want to set up the config before we
+ # install the package, so that the daemon starts up with a well-known
+ # config that leaves no window where it'd refuse to answer properly
+ file { '/etc/gdnsd':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0755',
}
-
- file { "${config_dir}/config":
+ file { '/etc/gdnsd/config':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0444',
content => template("${module_name}/config.erb"),
- require => File[$config_dir],
+ require => File['/etc/gdnsd'],
notify => Service['gdnsd'],
}
-
- file { "${config_dir}/discovery-geo-resources":
- ensure => 'present',
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => template("${module_name}/discovery-geo-resources.erb"),
- require => File[$config_dir],
- notify => Service['gdnsd'],
- }
-
- file { "${config_dir}/discovery-metafo-resources":
- ensure => 'present',
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => template("${module_name}/discovery-metafo-resources.erb"),
- require => File[$config_dir],
- notify => Service['gdnsd'],
- }
-
- file { "${config_dir}/discovery-states":
- ensure => 'present',
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => template("${module_name}/discovery-states.erb"),
- require => File[$config_dir],
- notify => Service['gdnsd'],
- }
-
- file { "${config_dir}/discovery-map":
- ensure => 'present',
- mode => '0444',
- owner => 'root',
- group => 'root',
- source => "puppet:///modules/${module_name}/discovery-map",
- require => File[$config_dir],
- notify => Service['gdnsd'],
- }
-
- file { "${config_dir}/zones":
+ file { '/etc/gdnsd/zones':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0755',
}
- if $gitrepo {
- require ::authdns::account
+ $workingdir = '/srv/authdns/git' # export to template
- $workingdir = '/srv/authdns/git' # export to template
+ file { '/etc/wikimedia-authdns.conf':
+ ensure => 'present',
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ content => template("${module_name}/wikimedia-authdns.conf.erb"),
+ }
- file { '/etc/wikimedia-authdns.conf':
- ensure => 'present',
- mode => '0444',
- owner => 'root',
- group => 'root',
- content => template("${module_name}/wikimedia-authdns.conf.erb"),
- }
+ # do the initial clone via puppet
+ git::clone { $workingdir:
+ directory => $workingdir,
+ origin => $gitrepo,
+ branch => 'master',
+ owner => 'authdns',
+ group => 'authdns',
+ notify => Exec['authdns-local-update'],
+ }
- # do the initial clone via puppet
- git::clone { $workingdir:
- directory => $workingdir,
- origin => $gitrepo,
- branch => 'master',
- owner => 'authdns',
- group => 'authdns',
- notify => Exec['authdns-local-update'],
- }
-
- # we prepare the config even before the package gets installed, leaving
- # no window where service would be started and answer with REFUSED
- exec { 'authdns-local-update':
- command => '/usr/local/sbin/authdns-local-update
--skip-review',
- user => root,
- refreshonly => true,
- timeout => 60,
- before => Package['gdnsd'],
- require => [
+ exec { 'authdns-local-update':
+ command => '/usr/local/sbin/authdns-local-update --skip-review',
+ user => root,
+ refreshonly => true,
+ timeout => 60,
+ require => [
File['/etc/wikimedia-authdns.conf'],
- File["${config_dir}/config"],
- File["${config_dir}/discovery-geo-resources"],
- File["${config_dir}/discovery-metafo-resources"],
- File["${config_dir}/discovery-states"],
- File["${config_dir}/discovery-map"],
+ File['/etc/gdnsd/config'],
Git::Clone['/srv/authdns/git'],
],
- }
+ # we prepare the config even before the package gets installed, leaving
+ # no window where service would be started and answer with REFUSED
+ before => Package['gdnsd'],
}
+
+ if $monitoring {
+ include ::authdns::monitoring
+ }
+
+ # Discovery Magic
+
+ file { '/etc/gdnsd/discovery-geo-resources':
+ ensure => 'present',
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template("${module_name}/discovery-geo-resources.erb"),
+ require => File['/etc/gdnsd'],
+ notify => Service['gdnsd'],
+ }
+
+ file { '/etc/gdnsd/discovery-metafo-resources':
+ ensure => 'present',
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template("${module_name}/discovery-metafo-resources.erb"),
+ require => File['/etc/gdnsd'],
+ notify => Service['gdnsd'],
+ }
+
+ file { '/etc/gdnsd/discovery-states':
+ ensure => 'present',
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template("${module_name}/discovery-states.erb"),
+ require => File['/etc/gdnsd'],
+ notify => Service['gdnsd'],
+ }
+
+ file { '/etc/gdnsd/discovery-map':
+ ensure => 'present',
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ source => "puppet:///modules/${module_name}/discovery-map",
+ }
+
+ class { 'confd':
+ prefix => $conftool_prefix,
+ }
+
+ create_resources(::authdns::discovery_statefile, $discovery_services, {
lvs_services => $lvs_services })
}
diff --git a/modules/authdns/manifests/lint.pp
b/modules/authdns/manifests/lint.pp
index 2fae1c2..69f49a0 100644
--- a/modules/authdns/manifests/lint.pp
+++ b/modules/authdns/manifests/lint.pp
@@ -2,7 +2,18 @@
# A class to lint Wikimedia's authoritative DNS system
#
class authdns::lint {
- class { 'authdns':
- config_dir => '/var/lib/gdnsd/testconfig',
+ include ::authdns::scripts
+ include ::geoip
+
+ package { 'gdnsd':
+ ensure => installed,
+ }
+
+ service { 'gdnsd':
+ ensure => 'stopped',
+ enable => false,
+ hasrestart => true,
+ hasstatus => true,
+ require => Package['gdnsd'],
}
}
diff --git a/modules/authdns/manifests/ns.pp b/modules/authdns/manifests/ns.pp
deleted file mode 100644
index b541921..0000000
--- a/modules/authdns/manifests/ns.pp
+++ /dev/null
@@ -1,27 +0,0 @@
-# == Class authdns::ns
-# A class to implement Wikimedia's authoritative DNS servers
-#
-class authdns::ns(
- $nameservers = [ $::fqdn ],
- $gitrepo = undef,
- $monitoring = true,
- $conftool_prefix = hiera('conftool_prefix'),
- $lvs_services,
- $discovery_services,
-) {
- class { 'authdns':
- nameservers => $nameservers,
- gitrepo => $gitrepo,
- config_dir => '/etc/gdnsd',
- }
-
- if $monitoring {
- include ::authdns::monitoring
- }
-
- # confd statefile templating for discovery
- class { 'confd':
- prefix => $conftool_prefix,
- }
- create_resources(::authdns::discovery_statefile, $discovery_services, {
lvs_services => $lvs_services })
-}
diff --git a/modules/role/manifests/authdns/server.pp
b/modules/role/manifests/authdns/server.pp
index f2893b0..2320679 100644
--- a/modules/role/manifests/authdns/server.pp
+++ b/modules/role/manifests/authdns/server.pp
@@ -13,7 +13,7 @@
{ interface => 'lo' }
)
- class { 'authdns::ns':
+ class { 'authdns':
nameservers => $role::authdns::data::nameservers,
gitrepo => $role::authdns::data::gitrepo,
lvs_services => hiera('lvs::configuration::lvs_services'),
diff --git a/modules/role/manifests/authdns/testns.pp
b/modules/role/manifests/authdns/testns.pp
index 0d6f9d6..e25cbc7 100644
--- a/modules/role/manifests/authdns/testns.pp
+++ b/modules/role/manifests/authdns/testns.pp
@@ -2,7 +2,7 @@
# role for e.g. public addrs, monitoring, authdns-update, etc.
class role::authdns::testns {
include role::authdns::data
- class { 'authdns::ns':
+ class { 'authdns':
gitrepo => $role::authdns::data::gitrepo,
monitoring => false,
lvs_services => hiera('lvs::configuration::lvs_services'),
--
To view, visit https://gerrit.wikimedia.org/r/341739
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1cdf890d343dca8dd9874a3330af937a16fe548a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
