[MediaWiki-commits] [Gerrit] operations/puppet[production]: remove role::labs::puppetmaster

Andrew Bogott (Code Review) Tue, 22 Aug 2017 07:22:53 -0700

Andrew Bogott has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/373081 )


Change subject: remove role::labs::puppetmaster
......................................................................

remove role::labs::puppetmaster

This has been replaced by the new
 role::labs::puppetmaster:frontend/backend classes.  There
are already new puppetmasters up and running with those
classes.

Bug: T171786
Change-Id: Ic12894ffb4ca382e9dc5e2e34c6a051d0e92195a
---
M manifests/site.pp
D modules/role/manifests/labs/puppetmaster.pp
2 files changed, 1 insertion(+), 68 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/81/373081/1

diff --git a/manifests/site.pp b/manifests/site.pp
index 0e00bd4..6e09000 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1054,8 +1054,7 @@
     include ::standard
     include ::base::firewall
     role(wmcs::openstack::labtest::control,
-          labs::openstack::nova::controller,
-          labs::puppetmaster)
+          labs::openstack::nova::controller)
 
     # Labtest is weird; the mysql server is on labtestcontrol2001.  So
     #  we need some special fw rules to allow that
@@ -1240,7 +1239,6 @@
 node 'labcontrol1001.wikimedia.org' {
     role(wmcs::openstack::main::control,
           labs::openstack::nova::controller,
-          labs::puppetmaster,
           salt::masters::labs,
           deployment::salt_masters)
 
@@ -1257,7 +1255,6 @@
 node 'labcontrol1002.wikimedia.org' {
     role(wmcs::openstack::main::control,
           labs::openstack::nova::controller,
-          labs::puppetmaster,
           salt::masters::labs,
           deployment::salt_masters)
 
diff --git a/modules/role/manifests/labs/puppetmaster.pp 
b/modules/role/manifests/labs/puppetmaster.pp
deleted file mode 100644
index 69196c3..0000000
--- a/modules/role/manifests/labs/puppetmaster.pp
+++ /dev/null
@@ -1,64 +0,0 @@
-# vim: set tabstop=4 shiftwidth=4 softtabstop=4 expandtab textwidth=80 smarttab
-# This is the old puppetmaster class running on labcontrol1001.  It's being 
phased out
-#  in favor of labs:puppetmasterfrontend and labs:puppetmasterbackend
-
-class role::labs::puppetmaster(
-    $use_enc = true,
-) {
-
-    include network::constants
-    include ldap::role::config::labs
-    include puppetmaster::labsrootpass
-
-    $labs_metal = hiera('labs_baremetal_servers', [])
-    $novaconfig = hiera_hash('novaconfig', {})
-    $labs_instance_range = $novaconfig['fixed_range']
-    $horizon_host = hiera('labs_horizon_host')
-    $horizon_host_ip = ipresolve(hiera('labs_horizon_host'), 4)
-    $designate_host_ip = ipresolve(hiera('labs_designate_hostname'), 4)
-    # Only allow puppet access from the instances
-    $allow_from = flatten([$labs_instance_range, '208.80.154.14', 
'208.80.155.119', '208.80.153.74', $horizon_host_ip, $labs_metal])
-
-    class { 'role::puppetmaster::standalone':
-        autosign            => true,
-        # FIXME: Temporarily set to false until we make git-sync-upstream
-        # work as non-root.
-        prevent_cherrypicks => false,
-        allow_from          => $allow_from,
-        git_sync_minutes    => '1',
-        use_enc             => $use_enc,
-        extra_auth_rules    => 
template('role/labs/puppetmaster/extra_auth_rules.conf.erb'),
-        server_name         => hiera('labs_puppet_master'),
-
-    }
-
-    if ! defined(Class['puppetmaster::certmanager']) {
-        class { 'puppetmaster::certmanager':
-            remote_cert_cleaner => hiera('labs_certmanager_hostname'),
-        }
-    }
-
-    include labspuppetbackend
-
-    $labs_vms = $novaconfig['fixed_range']
-    $monitoring = '208.80.154.14 208.80.155.119 208.80.153.74'
-
-    # temporarily open up the enc to the old puppetmasters.
-    # I hate this, but the enc url is hardcoded in hiera.yaml and difficult
-    # to modify per puppetmaster.
-    #  FIXME:  Remove this after we've standardized on 
labs-puppetmaster.wikimedia.org
-    $new_puppetmasters = '208.80.154.158 208.80.155.120'
-
-    $fwrules = {
-        puppetmaster => {
-            rule => "saddr (${labs_vms} ${labs_metal} ${monitoring} 
${horizon_host_ip}) proto tcp dport 8140 ACCEPT;",
-        },
-        puppetbackend => {
-            rule => "saddr (${horizon_host_ip} ${designate_host_ip}) proto tcp 
dport 8101 ACCEPT;",
-        },
-        puppetbackendgetter => {
-            rule => "saddr (${labs_vms} ${labs_metal} ${monitoring} 
${horizon_host_ip} ${new_puppetmasters}) proto tcp dport 8100 ACCEPT;",
-        },
-    }
-    create_resources (ferm::rule, $fwrules)
-}

-- 
To view, visit https://gerrit.wikimedia.org/r/373081
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic12894ffb4ca382e9dc5e2e34c6a051d0e92195a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: remove role::labs::puppetmaster

Reply via email to