Rush has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/392091 )
Change subject: openstack: cleanup hiera tree for cloud/labs things
......................................................................
openstack: cleanup hiera tree for cloud/labs things
There are stragglers here we don't want but this is
the point in time purge we can do now.
Bug: T171494
Change-Id: I31fbc99700404efa1700f957a3c07da64a7cb1ff
---
M hieradata/codfw.yaml
M hieradata/common.yaml
M hieradata/common/monitoring.yaml
M hieradata/common/profile/openstack/main.yaml
M hieradata/eqiad.yaml
M hieradata/eqiad/profile/openstack/main/nova/network.yaml
D hieradata/hosts/labtestcontrol2001.yaml
A hieradata/hosts/labtestservices2001.yaml
M hieradata/hosts/labtestweb2001.yaml
M hieradata/labs.yaml
M hieradata/regex.yaml
A hieradata/role/codfw/wmcs/openstack/labtest/control.yaml
M hieradata/role/codfw/wmcs/openstack/labtest/net.yaml
M hieradata/role/codfw/wmcs/openstack/labtest/puppetmaster/frontend.yaml
A hieradata/role/codfw/wmcs/openstack/labtest/services.yaml
A hieradata/role/codfw/wmcs/openstack/labtest/virt.yaml
M hieradata/role/codfw/wmcs/openstack/labtest/web.yaml
M manifests/site.pp
18 files changed, 53 insertions(+), 295 deletions(-)
Approvals:
Rush: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/codfw.yaml b/hieradata/codfw.yaml
index 70fa14d..c53589e 100644
--- a/hieradata/codfw.yaml
+++ b/hieradata/codfw.yaml
@@ -20,14 +20,10 @@
ganglia_aggregators: install2002.wikimedia.org:10649
+# Cloud Services <
#
-# LABS
-#
-labs_nova_controller: "labcontrol1001.wikimedia.org"
-labs_glance_controller: "labcontrol1001.wikimedia.org"
labs_puppet_master: "labs-puppetmaster.wikimedia.org"
labs_keystone_host: "labcontrol1001.wikimedia.org"
-labs_certmanager_hostname: "labservices1001.wikimedia.org"
# These are the up-and-coming, better dns servers:
labsdnsconfig:
@@ -41,6 +37,9 @@
hostname: ldap-labs.codfw.wikimedia.org
secondary_hostname: ldap-labs.eqiad.wikimedia.org
+# /> Cloud Services
+#
+
prometheus_nodes:
- prometheus2003.codfw.wmnet
- prometheus2004.codfw.wmnet
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index dc9a88a..cae6896 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -300,7 +300,6 @@
eqiad: []
puppetmaster: "puppet"
-active_labstore_host: 'labstore1001'
statistics_servers:
- stat1004.eqiad.wmnet
- stat1005.eqiad.wmnet
@@ -364,17 +363,8 @@
# Used to specify writer handler for eventlogging processor producer.
eventlogging_kafka_producer_scheme: "kafka-confluent://"
-# LABS
-
-labs_tld: "wmflabs"
-labs_private_ips_reverse_dns: "68.10.in-addr.arpa"
-labs_designate_hostname: &labsdesignatehostname "labservices1001.wikimedia.org"
-labs_designate_hostname_secondary: &labs_designate_hostname_secondary
"labservices1002.wikimedia.org"
-labs_nova_api_host: &labsnovaapihost "labnet1001.eqiad.wmnet"
-labs_nova_network_host: &labsnovanetworkhost "labnet1001"
-labs_nova_network_ip: &labsnovanetworkip "10.64.20.25"
-status_wiki_host_master: 'wikitech.wikimedia.org'
-
+# Cloud Services <
+#
# Cumin
profile::openstack::main::cumin::auth_group: cumin_masters
profile::openstack::main::cumin::project_masters: []
@@ -383,65 +373,12 @@
profile::openstack::base::keystone::public_port: 5000
profile::openstack::main::nova::dhcp_domain: 'eqiad.wmflabs'
-# By default, don't allow projects to allocate public IPs; this way we can
-# let users have network admin rights, for firewall rules and such, and can
-# give them public ips by increasing their quota
-novaconfig:
- network_host: *labsnovanetworkip
- api_host: *labsnovaapihost
- db_name: 'nova'
- api_db_name: 'novaapi'
- db_user: 'nova'
- ldap_base_dn: 'dc=wikimedia,dc=org'
- ldap_user_dn: 'uid=novaadmin,ou=people,dc=wikimedia,dc=org'
- ldap_proxyagent: 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
- puppet_db_name: 'puppet'
- puppet_db_user: 'puppet'
- quota_floating_ips: '0'
- libvirt_type: 'kvm'
- my_ip: "%{::ipaddress}"
- network_public_interface: 'eth0'
- network_flat_interface: 'eth1.1102'
- network_flat_tagged_base_interface: 'eth1'
- network_flat_interface_vlan: '1102'
- flat_network_bridge: 'br1102'
- fixed_range: '10.68.16.0/21'
- dhcp_start: '10.68.16.4'
- network_public_ip: '208.80.155.255'
- dmz_cidr: '208.80.155.0/22,10.0.0.0/8'
-
-keystoneconfig:
- db_name: 'keystone'
- db_user: 'keystone'
- ldap_base_dn: 'dc=wikimedia,dc=org'
- ldap_user_dn: 'uid=novaadmin,ou=people,dc=wikimedia,dc=org'
- ldap_user_id_attribute: 'uid'
- ldap_tenant_id_attribute: 'cn'
- ldap_user_name_attribute: 'cn'
- ldap_tenant_name_attribute: 'cn'
- ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
- auth_protocol: 'http'
- auth_port: '35357'
- public_port: '5000'
- db_host: 'm5-master.eqiad.wmnet'
- ldap_hosts:
- - ldap-labs.eqiad.wikimedia.org
- - ldap-labs.codfw.wikimedia.org
- token_driver: 'normal'
-
-glanceconfig:
- db_host: 'm5-master.eqiad.wmnet'
- bind_ip: "%{::ipaddress}"
-
-# IPs assigned here MUST be reserved beforehand so they don't collide with
labs VMs.
-# To reserve, on the labs controller run $ sudo nova-manage fixed reserve <ip>
-# (If using Neutron, all bets are off and this comment is wrong.)
-# Note also that nova-network is not great about refreshing dnsmasq,
-# so changes to this table may require a manual kill of dnsmasq and restart
-# of nova-network.
+# this should be deprecated
labs_metal:
promethium: {MAC: '90:b1:1c:2d:6f:0c', IPv4: 10.68.16.2, project:
wikitextexp }
+# /> Cloud Services
+#
# List of all zookeeper clusters in production.
zookeeper_clusters:
diff --git a/hieradata/common/monitoring.yaml b/hieradata/common/monitoring.yaml
index e7d1a27..83b5296 100644
--- a/hieradata/common/monitoring.yaml
+++ b/hieradata/common/monitoring.yaml
@@ -85,7 +85,7 @@
kubernetes_codfw:
description: Kubernetes cluster codfw
-# Labs OpenStack Nova (labvirt***)
+# Cloud Services OpenStack Nova (labvirt***)
labvirt_eqiad:
description: eqiad labs virt servers
labvirt_codfw:
diff --git a/hieradata/common/profile/openstack/main.yaml
b/hieradata/common/profile/openstack/main.yaml
index 0e517ab..46cf272 100644
--- a/hieradata/common/profile/openstack/main.yaml
+++ b/hieradata/common/profile/openstack/main.yaml
@@ -1,4 +1,8 @@
profile::openstack::main::version: 'liberty'
+# WARNING: Glance base images are rsynced from the primary host to the spare
with
+# --delete. Make sure to back-up or otherwise keep track
+# of your base images before creating a new empty, primary host here or
+# you'll lose your image backups.
profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org'
profile::openstack::main::nova_controller_standby:
'labcontrol1002.wikimedia.org'
profile::openstack::main::nova_api_host: 'labnet1001.eqiad.wmnet'
diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml
index 868e252..0b432ba 100644
--- a/hieradata/eqiad.yaml
+++ b/hieradata/eqiad.yaml
@@ -62,30 +62,13 @@
# - mysql-m4-master-03
-labs_certmanager_hostname: "labservices1001.wikimedia.org"
-
+# Cloud Services <
#
-# Labs
-#
-
-labs_nova_controller: &labsnovacontroller "labcontrol1001.wikimedia.org"
-# _spare is a duplicate/backup controller. In theory it has the
-# same state as the main controller.
-# WARNING: Base images are rsynced from the primary host to the spare with
-# --delete. Make sure to back-up or otherwise keep track
-# of your base images before creating a new empty, primary host here or
-# you'll lose your image backups.
-labs_nova_controller_spare: &labsnovacontrollerspare
"labcontrol1002.wikimedia.org"
-
-labs_glance_controller: &labsglancecontroller "labcontrol1001.wikimedia.org"
labs_puppet_master: &labspuppetmaster "labs-puppetmaster.wikimedia.org"
labs_keystone_host: &labskeystonehost "labcontrol1001.wikimedia.org"
-labs_osm_host: "wikitech.wikimedia.org"
-labs_horizon_host: "californium.wikimedia.org"
-labs_host_ips: '10.64.20.0/24'
-
# These are the up-and-coming, better dns servers:
+# used in manifests/realm.pp
labsdnsconfig:
host: 'labs-ns0.wikimedia.org'
host_secondary: 'labs-ns1.wikimedia.org'
@@ -93,72 +76,13 @@
recursor: 'labs-recursor0.wikimedia.org'
recursor_secondary: 'labs-recursor1.wikimedia.org'
-novaconfig:
- db_host: 'm5-master.eqiad.wmnet'
- glance_host: *labsnovacontroller
- rabbit_host: *labsnovacontroller
- cc_host: *labsnovacontroller
- controller_hostname: *labsnovacontroller
- puppet_host: *labsnovacontroller
- puppet_db_host: *labsnovacontroller
- dhcp_domain: 'eqiad.wmflabs'
- live_migration_uri: 'qemu://%s.eqiad.wmnet/system?pkipath=/var/lib/nova'
- zone: eqiad
- spice_hostname: 'labspice.wikimedia.org'
- scheduler_pool:
- - labvirt1001
- - labvirt1002
- - labvirt1003
- - labvirt1004
- - labvirt1005
- - labvirt1006
- - labvirt1007
- - labvirt1008
- - labvirt1009
- - labvirt1010
- - labvirt1011
- - labvirt1012
- - labvirt1013
- - labvirt1014
-
-wikitech_db_name: 'labswiki'
-
-wikitechstatusconfig:
- host: 'wikitech.wikimedia.org'
- page_prefix: 'Nova_Resource:'
-
-keystoneconfig:
- auth_port: '35357'
- public_port: '5000'
- auth_protocol: 'http'
- auth_host: 208.80.154.92
- admin_project_id: 'admin'
- admin_project_name: 'admin'
-
-designateconfig:
- db_host: 'm5-master.eqiad.wmnet'
- db_name: 'designate'
- pool_manager_db_name: 'designate_pool_manager'
- dhcp_domain: 'eqiad'
- pdns_db_name: 'pdns'
- rabbit_host: *labsnovacontroller
- controller_hostname: *labsnovacontroller
- puppetmaster_hostname: 'labs-puppetmaster.wikimedia.org'
- domain_id_internal_forward: '114f1333-c2c1-44d3-beb4-ebed1a91742b'
- domain_id_internal_reverse: '8d114f3c-815b-466c-bdd4-9b91f704ea60'
- wmflabsdotorg_project: 'wmflabsdotorg'
- private_tld: 'wmflabs'
- floating_ip_ptr_zone: '128-25.155.80.208.in-addr.arpa.'
- floating_ip_ptr_fqdn_matching_regex:
'^(\d{1,3})\.155\.80\.208\.in-addr\.arpa\.'
- floating_ip_ptr_fqdn_replacement_pattern:
'\1.128-25.155.80.208.in-addr.arpa.'
-
-labs_baremetal_servers:
- - '10.64.20.12'
-
labsldapconfig:
hostname: ldap-labs.eqiad.wikimedia.org
secondary_hostname: ldap-labs.codfw.wikimedia.org
+# /> Cloud Services
+#
+
# Configure regular backups of the analytics-meta MySQL instance
# in the Analytics Cluster to back up via rsync to
# analytics1002. This works because the analytics1002 has the
diff --git a/hieradata/eqiad/profile/openstack/main/nova/network.yaml
b/hieradata/eqiad/profile/openstack/main/nova/network.yaml
index bdb867d..3a60b8d 100644
--- a/hieradata/eqiad/profile/openstack/main/nova/network.yaml
+++ b/hieradata/eqiad/profile/openstack/main/nova/network.yaml
@@ -1,3 +1,9 @@
+# IPs assigned here MUST be reserved beforehand so they don't collide with
labs VMs.
+# To reserve, on the labs controller run $ sudo nova-manage fixed reserve <ip>
+# (If using Neutron, all bets are off and this comment is wrong.)
+# Note also that nova-network is not great about refreshing dnsmasq,
+# so changes to this table may require a manual kill of dnsmasq and restart
+# of nova-network.
profile::openstack::main::nova::network::labs_metal:
promethium:
'MAC': '90:b1:1c:2d:6f:0c'
diff --git a/hieradata/hosts/labtestcontrol2001.yaml
b/hieradata/hosts/labtestcontrol2001.yaml
deleted file mode 100644
index 7ce531c..0000000
--- a/hieradata/hosts/labtestcontrol2001.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-puppetmaster::hiera_config: labtest
-
-labspuppetbackend::mysql_host: labtestcontrol2001.wikimedia.org
-labspuppetbackend::mysql_db: labspuppet
-labspuppetbackend::mysql_username: labspuppet
-labspuppetbackend::statsd_host: labmon1001.eqiad.wmnet
-labspuppetbackend::statsd_prefix: labtest.puppetbackend
-role::labs::puppetmaster::use_enc: true
diff --git a/hieradata/hosts/labtestservices2001.yaml
b/hieradata/hosts/labtestservices2001.yaml
new file mode 100644
index 0000000..e06ad54
--- /dev/null
+++ b/hieradata/hosts/labtestservices2001.yaml
@@ -0,0 +1,3 @@
+# role(openldap::labtest)
+# /etc/ldap/acls.conf
+labs_keystone_host: 'labtestcontrol2001.wikimedia.org'
diff --git a/hieradata/hosts/labtestweb2001.yaml
b/hieradata/hosts/labtestweb2001.yaml
index 467bd3c..7ecab24 100644
--- a/hieradata/hosts/labtestweb2001.yaml
+++ b/hieradata/hosts/labtestweb2001.yaml
@@ -1,8 +1 @@
-admin::groups:
- - deployment
-
-apache::logrotate::rotate: 12
-
profile::openstack::labtest::version: 'mitaka'
-openstack::version: mitaka
-profile::backup::host::enable: false
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index d24b949..7c05b98 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -96,6 +96,7 @@
profile::base::ssh_server_settings:
disable_agent_forwarding: false
challenge_response_auth: false
+
labs_puppet_master: "labs-puppetmaster.wikimedia.org"
labs_keystone_host: "labcontrol1001.wikimedia.org"
puppetmaster: "labs-puppetmaster.wikimedia.org"
@@ -121,23 +122,6 @@
labsldapconfig:
hostname: ldap-labs.eqiad.wikimedia.org
secondary_hostname: ldap-labs.codfw.wikimedia.org
-
-# These are needed on labs for, among other things, observerenv.sh
-labs_nova_controller: &labsnovacontroller "labcontrol1001.wikimedia.org"
-novaconfig:
- db_host: 'm5-master.eqiad.wmnet'
- glance_host: *labsnovacontroller
- rabbit_host: *labsnovacontroller
- cc_host: *labsnovacontroller
- controller_hostname: *labsnovacontroller
- puppet_host: *labsnovacontroller
- puppet_db_host: *labsnovacontroller
- dhcp_domain: 'eqiad.wmflabs'
- live_migration_uri: 'qemu://%s.eqiad.wmnet/system?pkipath=/var/lib/nova'
- zone: eqiad
- spice_hostname: 'labspice.wikimedia.org'
- scheduler_pool:
- - labvirt1001
profile::diffscan::ipranges:
- 185.15.56.0/22
diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml
index e34d7a9..b50bb2e 100644
--- a/hieradata/regex.yaml
+++ b/hieradata/regex.yaml
@@ -211,24 +211,6 @@
labtest:
__regex: !ruby/regexp /^labtest/
do_paging: false
- labs_tld: "labtest"
- labs_private_ips_reverse_dns: "196.10.in-addr.arpa"
- # Should handle all being the same
- labs_nova_controller: &labsnovacontroller "labtestcontrol2001.wikimedia.org"
- labs_nova_controller_spare: &labsnovacontrollerspare
"labtestcontrol2001.wikimedia.org"
- labs_osm_host: "labtestwikitech.wikimedia.org"
- labs_horizon_host: "labtestweb2001.wikimedia.org"
- labs_host_ips: '10.192.20.0/24'
- labs_designate_hostname: &labsdesignatehostname
"labtestservices2001.wikimedia.org"
- labs_designate_hostname_secondary: &labs_designate_hostname_secondary
"labtestservices2001.wikimedia.org"
- labs_nova_api_host: &labsnovaapihost "labtestnet2001.codfw.wmnet"
- labs_nova_network_host: &labsnovanetworkhost "labtestnet2001"
- labs_nova_network_ip: &labsnovanetworkip "10.192.20.5"
- status_wiki_host_master: 'labtestwikitech.wikimedia.org'
- labs_glance_controller: &labsglancecontroller
"labtestcontrol2001.wikimedia.org"
- labs_puppet_master: &labspuppetmaster "labtestpuppetmaster2001.wikimedia.org"
- labs_keystone_host: &labskeystonehost "labtestcontrol2001.wikimedia.org"
- wikitech_db_name: 'labtestwiki'
labsldapconfig:
hostname: labtestservices2001.wikimedia.org
secondary_hostname: labtestservices2001.wikimedia.org
@@ -238,90 +220,6 @@
dbserver: 'localhost'
recursor: 'labtest-recursor0.wikimedia.org'
recursor_secondary: 'labtest-recursor0.wikimedia.org'
- novaconfig:
- network_host: *labsnovanetworkip
- api_host: *labsnovaapihost
- db_name: 'nova'
- db_user: 'nova'
- ldap_base_dn: 'dc=wikimedia,dc=org'
- ldap_user_dn: 'uid=novaadmin,ou=people,dc=wikimedia,dc=org'
- ldap_proxyagent: 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
- puppet_db_name: 'puppet'
- puppet_db_user: 'puppet'
- quota_floating_ips: '0'
- spice_hostname: 'labtestspice.wikimedia.org'
- libvirt_type: 'kvm'
- my_ip: "%{::ipaddress}"
- network_public_interface: 'eth0'
- network_flat_interface: 'eth1.2102'
- network_flat_tagged_base_interface: 'eth1'
- network_flat_interface_vlan: '2102'
- flat_network_bridge: 'br2102'
- fixed_range: '10.196.16.0/21'
- dhcp_start: '10.196.16.4'
- network_public_ip: '208.80.155.255'
- dmz_cidr: '208.80.155.0/22,10.0.0.0/8'
- db_host: 'labtestcontrol2001.wikimedia.org'
- glance_host: *labsnovacontroller
- rabbit_host: *labsnovacontroller
- cc_host: *labsnovacontroller
- controller_hostname: *labsnovacontroller
- puppet_host: *labsnovacontroller
- puppet_db_host: *labsnovacontroller
- dhcp_domain: 'codfw.labtest'
- live_migration_uri: 'qemu://%s.codfw.wmnet/system?pkipath=/var/lib/nova'
- zone: codfw
- scheduler_pool:
- - labtestvirt2001
- - labtestvirt2002
- wikitechstatusconfig:
- host: 'labtestwikitech.wikimedia.org'
- page_prefix: 'Nova_Resource:'
- keystoneconfig:
- db_name: 'keystone'
- db_user: 'keystone'
- ldap_base_dn: 'dc=wikimedia,dc=org'
- ldap_user_dn: 'uid=novaadmin,ou=people,dc=wikimedia,dc=org'
- ldap_user_id_attribute: 'uid'
- ldap_tenant_id_attribute: 'cn'
- ldap_user_name_attribute: 'cn'
- ldap_tenant_name_attribute: 'cn'
- ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org'
- auth_protocol: 'http'
- auth_port: '35357'
- public_port: '5000'
- db_host: 'labtestcontrol2001.wikimedia.org'
- ldap_hosts:
- - labtestservices2001.wikimedia.org
- token_driver: 'normal'
- auth_port: '35357'
- auth_protocol: 'http'
- auth_host: 208.80.153.47
- admin_project_name: 'admin'
- admin_project_id: 'admin'
- designateconfig:
- db_host: 'labtestcontrol2001.wikimedia.org'
- db_name: 'designate'
- pool_manager_db_name: 'designate_pool_manager'
- dhcp_domain: 'labtestcodfw'
- pdns_db_name: 'pdns'
- rabbit_host: *labsnovacontroller
- controller_hostname: *labsnovacontroller
- puppetmaster_hostname: 'labtestpuppetmaster2001.wikimedia.org'
- domain_id_internal_forward: 'e1ac328c-b932-43f2-b12f-407fb9477925'
- domain_id_internal_reverse: '9b60f3ab-d64b-4e30-9d6f-7535811b0fa8'
- wmflabsdotorg_project: 'wmflabsdotorg'
- private_tld: 'labtest'
- floating_ip_ptr_zone: '17.196.10.in-addr.arpa.'
- floating_ip_ptr_fqdn_matching_regex: '^(.*)$'
- floating_ip_ptr_fqdn_replacement_pattern: '\1'
- glanceconfig:
- db_host: 'labtestcontrol2001.wikimedia.org'
- bind_ip: "%{::ipaddress}"
- openstack::horizon::service::webserver_hostname:
'labtesthorizon.wikimedia.org'
- admin::groups:
- - labtest-roots
- openstack::version: 'liberty'
# require WriteBack policy to all hosts (independent of the role) that look
# like databases. Currently this only works for megacli systems, but it will
diff --git a/hieradata/role/codfw/wmcs/openstack/labtest/control.yaml
b/hieradata/role/codfw/wmcs/openstack/labtest/control.yaml
new file mode 100644
index 0000000..b12ade0
--- /dev/null
+++ b/hieradata/role/codfw/wmcs/openstack/labtest/control.yaml
@@ -0,0 +1,2 @@
+ admin::groups:
+ - labtest-roots
diff --git a/hieradata/role/codfw/wmcs/openstack/labtest/net.yaml
b/hieradata/role/codfw/wmcs/openstack/labtest/net.yaml
index ec4f816..5dde6da 100644
--- a/hieradata/role/codfw/wmcs/openstack/labtest/net.yaml
+++ b/hieradata/role/codfw/wmcs/openstack/labtest/net.yaml
@@ -1 +1,4 @@
+admin::groups:
+ - labtest-roots
+
prometheus::node_exporter::web_listen_address: "%{::ipaddress}:9100"
diff --git
a/hieradata/role/codfw/wmcs/openstack/labtest/puppetmaster/frontend.yaml
b/hieradata/role/codfw/wmcs/openstack/labtest/puppetmaster/frontend.yaml
index bc5cdea..cecb287 100644
--- a/hieradata/role/codfw/wmcs/openstack/labtest/puppetmaster/frontend.yaml
+++ b/hieradata/role/codfw/wmcs/openstack/labtest/puppetmaster/frontend.yaml
@@ -1,3 +1,6 @@
+admin::groups:
+ - labtest-roots
+
puppetmaster::hiera_config: labtest
labs_puppet_master: labtest-puppetmaster.wikimedia.org
profile::puppetmaster::common::storeconfigs: none
@@ -5,3 +8,7 @@
profile::discovery::path: "/srv/config-master/discovery"
profile::discovery::watch_interval: 60
profile::puppetmaster::frontend::prevent_cherrypicks: false
+
+# Remaining module embedded hiera lookup
+# modules/base/manifests/puppet.pp: $ca_server =
hiera('puppetmaster::ca_server', '')
+puppetmaster::ca_server: labtestpuppetmaster2001.wikimedia.org
diff --git a/hieradata/role/codfw/wmcs/openstack/labtest/services.yaml
b/hieradata/role/codfw/wmcs/openstack/labtest/services.yaml
new file mode 100644
index 0000000..2c3bc43
--- /dev/null
+++ b/hieradata/role/codfw/wmcs/openstack/labtest/services.yaml
@@ -0,0 +1,2 @@
+admin::groups:
+ - labtest-roots
diff --git a/hieradata/role/codfw/wmcs/openstack/labtest/virt.yaml
b/hieradata/role/codfw/wmcs/openstack/labtest/virt.yaml
new file mode 100644
index 0000000..2c3bc43
--- /dev/null
+++ b/hieradata/role/codfw/wmcs/openstack/labtest/virt.yaml
@@ -0,0 +1,2 @@
+admin::groups:
+ - labtest-roots
diff --git a/hieradata/role/codfw/wmcs/openstack/labtest/web.yaml
b/hieradata/role/codfw/wmcs/openstack/labtest/web.yaml
index 3c41dbb..537cf99 100644
--- a/hieradata/role/codfw/wmcs/openstack/labtest/web.yaml
+++ b/hieradata/role/codfw/wmcs/openstack/labtest/web.yaml
@@ -1,5 +1,7 @@
----
-memcached::ip: 127.0.0.1
-
admin::groups:
- - wmcs-roots
+ - deployment
+ - labtest-roots
+
+memcached::ip: 127.0.0.1
+apache::logrotate::rotate: 12
+profile::backup::host::enable: false
diff --git a/manifests/site.pp b/manifests/site.pp
index 1f10217..8a7f494 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1062,15 +1062,15 @@
}
node 'labtestcontrol2001.wikimedia.org' {
+ role(wmcs::openstack::labtest::control)
include ::standard
include ::base::firewall
- role(wmcs::openstack::labtest::control)
}
node 'labtestcontrol2003.wikimedia.org' {
role(wmcs::openstack::labtestn::control)
- include ::base::firewall
include ::standard
+ include ::base::firewall
}
node 'labtestpuppetmaster2001.wikimedia.org' {
--
To view, visit https://gerrit.wikimedia.org/r/392091
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I31fbc99700404efa1700f957a3c07da64a7cb1ff
Gerrit-PatchSet: 12
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Rush <r...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
