Hello Giuseppe Lavagetto, Marostegui, jenkins-bot, Jcrespo,
I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/398257
to review the following change.
Change subject: Revert "mariadb: Remove mariadb.pp and move some old roles to
profiles"
......................................................................
Revert "mariadb: Remove mariadb.pp and move some old roles to profiles"
This reverts commit c698af4785282bf45358377b04ab2dd9f4ac3f5f.
Change-Id: I9dbe26e09fda0d9fb7d53e962c9b6958b203db17
---
M manifests/site.pp
M modules/profile/manifests/mariadb/core/multiinstance.pp
D modules/profile/manifests/mariadb/grants/core.pp
D modules/profile/manifests/mariadb/grants/production.pp
M modules/profile/manifests/mariadb/misc/eventlogging/database.pp
D modules/profile/manifests/mariadb/monitor/dba.pp
D modules/profile/manifests/mariadb/monitor/prometheus.pp
M modules/role/manifests/labs/db/master.pp
M modules/role/manifests/labs/db/replica.pp
M modules/role/manifests/labs/db/slave.pp
M modules/role/manifests/mariadb.pp
M modules/role/manifests/mariadb/core.pp
M modules/role/manifests/mariadb/dbstore.pp
M modules/role/manifests/mariadb/dbstore_multiinstance.pp
M modules/role/manifests/mariadb/labs_deprecated.pp
M modules/role/manifests/mariadb/misc.pp
M modules/role/manifests/mariadb/misc/phabricator.pp
M modules/role/manifests/mariadb/parsercache.pp
M modules/role/manifests/mariadb/sanitarium_multiinstance.pp
M modules/role/manifests/mariadb/sanitarium_multisource.pp
M modules/role/manifests/mariadb/tendril.pp
M modules/role/manifests/mariadb/wikitech.pp
22 files changed, 238 insertions(+), 206 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/57/398257/1
diff --git a/manifests/site.pp b/manifests/site.pp
index c51e706..6618172 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -595,6 +595,7 @@
# tendril db
node 'db1011.eqiad.wmnet' {
role(mariadb::tendril)
+ include ::base::firewall
}
node 'dbstore1001.eqiad.wmnet' {
diff --git a/modules/profile/manifests/mariadb/core/multiinstance.pp
b/modules/profile/manifests/mariadb/core/multiinstance.pp
index 8f669c4..0f82887 100644
--- a/modules/profile/manifests/mariadb/core/multiinstance.pp
+++ b/modules/profile/manifests/mariadb/core/multiinstance.pp
@@ -18,8 +18,16 @@
srange => '$PRODUCTION_NETWORKS',
}
- class { 'mariadb::packages_wmf': }
- class { 'mariadb::service':
+ #TODO: define one group per shard
+ class {'role::mariadb::groups':
+ mysql_group => 'core',
+ mysql_shard => 's1',
+ mysql_role => 'slave',
+ socket => '/run/mysqld/mysqld.s1.sock',
+ }
+
+ class {'mariadb::packages_wmf': }
+ class {'mariadb::service':
override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main
service is \
disabled, use mariadb@<instance_name> instead'; exit 1\"",
}
@@ -38,7 +46,7 @@
binlog_format => 'ROW',
}
- file { '/etc/mysql/mysqld.conf.d':
+ file {'/etc/mysql/mysqld.conf.d':
ensure => directory,
owner => root,
group => root,
diff --git a/modules/profile/manifests/mariadb/grants/core.pp
b/modules/profile/manifests/mariadb/grants/core.pp
deleted file mode 100644
index 346401c..0000000
--- a/modules/profile/manifests/mariadb/grants/core.pp
+++ /dev/null
@@ -1,16 +0,0 @@
-# wikiadmin, wikiuser
-class profile::mariadb::grants::core {
-
- include passwords::misc::scripts
-
- $wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass
- $wikiuser_pass = $passwords::misc::scripts::wikiuser_pass
-
- file { '/etc/mysql/production-grants-core.sql':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0400',
- content => template('role/mariadb/grants/production-core.sql.erb'),
- }
-}
diff --git a/modules/profile/manifests/mariadb/grants/production.pp
b/modules/profile/manifests/mariadb/grants/production.pp
deleted file mode 100644
index 4151434..0000000
--- a/modules/profile/manifests/mariadb/grants/production.pp
+++ /dev/null
@@ -1,72 +0,0 @@
-# root, repl, nagios, tendril, prometheus
-# WARNING: any root user will have access to these files
-# Do not apply to hosts with users with arbitrary roots
-# or any non-production mysql, such as labs-support hosts,
-# wikitech hosts, etc.
-class profile::mariadb::grants::production(
- $shard = false,
- $prompt = '',
- $password = 'undefined',
- ) {
-
- include passwords::misc::scripts
- include passwords::tendril
- include passwords::nodepool
- include passwords::testreduce::mysql
- include passwords::racktables
- include passwords::prometheus
- include passwords::servermon
- include passwords::striker
- include passwords::labsdbaccounts
- include passwords::mysql::phabricator
-
- $root_pass = $passwords::misc::scripts::mysql_root_pass
- $repl_pass = $passwords::misc::scripts::mysql_repl_pass
- $nagios_pass = $passwords::misc::scripts::nagios_sql_pass
- $tendril_user = $passwords::tendril::db_user
- $tendril_pass = $passwords::tendril::db_pass
- $prometheus_pass = $passwords::prometheus::db_pass
-
- file { '/etc/mysql/production-grants.sql':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0400',
- content => template('role/mariadb/grants/production.sql.erb'),
- }
-
- file { '/root/.my.cnf':
- owner => 'root',
- group => 'root',
- mode => '0400',
- content => template('mariadb/root.my.cnf.erb'),
- }
-
- if $shard {
- $nodepool_pass = $passwords::nodepool::nodepooldb_pass
- $testreduce_pass = $passwords::testreduce::mysql::db_pass
- $testreduce_cli_pass = $passwords::testreduce::mysql::mysql_client_pass
- $racktables_user = $passwords::racktables::racktables_db_user
- $racktables_pass = $passwords::racktables::racktables_db_pass
- $servermon_pass = $passwords::servermon::db_password
- $striker_pass = $passwords::striker::application_db_password
- $striker_admin_pass = $passwords::striker::admin_db_password
- $labspuppet_pass = hiera('labspuppetbackend_mysql_password')
- $labsdbaccounts_pass = $passwords::labsdbaccounts::db_password
- $rddmarc_pass = $passwords::rddmarc::db_password
- $phab_admin_pass = $passwords::mysql::phabricator::admin_pass
- $phab_app_pass = $passwords::mysql::phabricator::app_pass
- $phab_bz_pass = $passwords::mysql::phabricator::bz_pass
- $phab_rt_pass = $passwords::mysql::phabricator::rt_pass
- $phab_manifest_pass = $passwords::mysql::phabricator::manifest_pass
- $phab_metrics_pass = $passwords::mysql::phabricator::metrics_pass
-
- file { '/etc/mysql/production-grants-shard.sql':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0400',
- content =>
template("role/mariadb/grants/production-${shard}.sql.erb"),
- }
- }
-}
diff --git a/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
b/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
index 7eea269..0dd73ba 100644
--- a/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
+++ b/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
@@ -21,7 +21,11 @@
class { 'passwords::misc::scripts': }
- class { 'profile::mariadb::monitor::prometheus':
+ # FIXME: instantiating a role in a profile is not
+ # allowed by our coding standard, but it needs to be
+ # refactored on a separate change since it is broadly used.
+ # This will be moved to profile::mariadb::monitoring.
+ class {'role::mariadb::groups':
mysql_group => 'misc',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -60,7 +64,7 @@
# FIXME: instantiating a role in a profile is not
# allowed by our coding standard, but it needs to be
# refactored on a separate change since it is broadly used.
- class { 'profile::mariadb::grants::production':
+ class { 'role::mariadb::grants::production':
shard => $shard,
prompt => "EVENTLOGGING ${shard}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/profile/manifests/mariadb/monitor/dba.pp
b/modules/profile/manifests/mariadb/monitor/dba.pp
deleted file mode 100644
index e782261..0000000
--- a/modules/profile/manifests/mariadb/monitor/dba.pp
+++ /dev/null
@@ -1,6 +0,0 @@
-# Annoy Sean
-class profile::mariadb::monitor::dba {
-
- include mariadb::monitor_disk
- include mariadb::monitor_process
-}
diff --git a/modules/profile/manifests/mariadb/monitor/prometheus.pp
b/modules/profile/manifests/mariadb/monitor/prometheus.pp
deleted file mode 100644
index 7b1d513..0000000
--- a/modules/profile/manifests/mariadb/monitor/prometheus.pp
+++ /dev/null
@@ -1,32 +0,0 @@
-# mysql groups for monitoring
-# * mysql_group (required): general usage of the server, for example:
-# - 'core': production mediawiki servers
-# - 'dbstore': servers for backup and analytics
-# - 'labs': production and labs replicas of production
-# - 'misc': other services
-# * mysql_shard (optional): for 'core', 'misc' and 'pc' services, vertical
-# slices:
-# - 's1': English Wikipedia (see dblists on mediawiki-config)
-# - 'm1': puppet, bacula, etc.
-# - most services are not segmented and will return the empty string ('')
-# * mysql_role (required). One of three:
-# - 'master': for the masters of each datacenter (one per shard and
-# datacenter). Only the one on the active datacenter is read-write of
-# all the ones on the same shard.
-# - 'slave': for read-only slave
-# - 'standalone': single servers that are not part of replication,
-# such as read-only 'es1' hosts; wikitech, or tendril
-
-#FIXME: move node_exporter to standard and remove it from here when ready
-class profile::mariadb::monitor::prometheus(
- $mysql_group,
- $mysql_role,
- $mysql_shard = '',
- $socket = '/run/mysqld/mysqld.sock',
- ) {
-
- include role::prometheus::node_exporter
- class { 'role::prometheus::mysqld_exporter':
- socket => $socket,
- }
-}
diff --git a/modules/role/manifests/labs/db/master.pp
b/modules/role/manifests/labs/db/master.pp
index 97ce930..b8820dd 100644
--- a/modules/role/manifests/labs/db/master.pp
+++ b/modules/role/manifests/labs/db/master.pp
@@ -5,14 +5,14 @@
}
include ::standard
- include ::mariadb::packages_wmf
- include ::mariadb::service
- include ::profile::mariadb::monitor
- include ::passwords::misc::scripts
+ include mariadb::packages_wmf
+ include mariadb::service
+ include role::mariadb::monitor
+ include passwords::misc::scripts
$socket = '/var/run/mysqld/mysqld.sock'
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'labs',
mysql_role => 'master',
mysql_shard => 'tools',
diff --git a/modules/role/manifests/labs/db/replica.pp
b/modules/role/manifests/labs/db/replica.pp
index f8883df..943d6cf 100644
--- a/modules/role/manifests/labs/db/replica.pp
+++ b/modules/role/manifests/labs/db/replica.pp
@@ -5,10 +5,10 @@
}
include ::standard
- class { '::mariadb::packages_wmf': }
- class { '::mariadb::service': }
- include ::profile::mariadb::monitor
- include ::profile::base::firewall
+ class { 'mariadb::packages_wmf': }
+ class { 'mariadb::service': }
+ include role::mariadb::monitor
+ include ::base::firewall
ferm::service{ 'mariadb_labs_db_replica':
proto => 'tcp',
@@ -23,13 +23,13 @@
rule => 'saddr @resolve((db1011.eqiad.wmnet)) proto tcp dport (3307)
ACCEPT;',
}
- include ::passwords::misc::scripts
+ include passwords::misc::scripts
- include ::role::labs::db::common
- include ::role::labs::db::views
- include ::role::labs::db::check_private_data
+ include role::labs::db::common
+ include role::labs::db::views
+ include role::labs::db::check_private_data
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'labs',
mysql_role => 'slave',
mysql_shard => 'multi',
diff --git a/modules/role/manifests/labs/db/slave.pp
b/modules/role/manifests/labs/db/slave.pp
index c7b2c96..1eadb90 100644
--- a/modules/role/manifests/labs/db/slave.pp
+++ b/modules/role/manifests/labs/db/slave.pp
@@ -5,16 +5,16 @@
}
include ::standard
- class { '::mariadb::packages_wmf': }
- class { '::mariadb::service': }
- include ::profile::mariadb::monitor
- include ::role::mariadb::ferm
- include ::passwords::misc::scripts
+ include mariadb::packages_wmf
+ include mariadb::service
+ include role::mariadb::monitor
+ include role::mariadb::ferm
+ include passwords::misc::scripts
# FIXME: Add the socket location to make the transition easier.
$socket = '/var/run/mysqld/mysqld.sock'
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'labs',
mysql_role => 'slave',
mysql_shard => 'tools',
diff --git a/modules/role/manifests/mariadb.pp
b/modules/role/manifests/mariadb.pp
index 5a0db5b..3d72e9d 100644
--- a/modules/role/manifests/mariadb.pp
+++ b/modules/role/manifests/mariadb.pp
@@ -1,6 +1,7 @@
# Generic Server
#
# filtertags: labs-project-servermon labs-project-monitoring
+# lint:ignore:autoloader_layout
class role::mariadb {
system::role { 'mariadb':
@@ -10,3 +11,149 @@
include ::standard
include ::mariadb
}
+
+# root, repl, nagios, tendril, prometheus
+# WARNING: any root user will have access to these files
+# Do not apply to hosts with users with arbitrary roots
+# or any non-production mysql, such as labs-support hosts,
+# wikitech hosts, etc.
+class role::mariadb::grants::production(
+ $shard = false,
+ $prompt = '',
+ $password = 'undefined',
+ ) {
+
+ include passwords::misc::scripts
+ include passwords::tendril
+ include passwords::nodepool
+ include passwords::testreduce::mysql
+ include passwords::racktables
+ include passwords::prometheus
+ include passwords::servermon
+ include passwords::striker
+ include passwords::labsdbaccounts
+ include passwords::mysql::phabricator
+
+ $root_pass = $passwords::misc::scripts::mysql_root_pass
+ $repl_pass = $passwords::misc::scripts::mysql_repl_pass
+ $nagios_pass = $passwords::misc::scripts::nagios_sql_pass
+ $tendril_user = $passwords::tendril::db_user
+ $tendril_pass = $passwords::tendril::db_pass
+ $prometheus_pass = $passwords::prometheus::db_pass
+
+ file { '/etc/mysql/production-grants.sql':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => template('role/mariadb/grants/production.sql.erb'),
+ }
+
+ file { '/root/.my.cnf':
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => template('mariadb/root.my.cnf.erb'),
+ }
+
+ if $shard {
+ $nodepool_pass = $passwords::nodepool::nodepooldb_pass
+ $testreduce_pass = $passwords::testreduce::mysql::db_pass
+ $testreduce_cli_pass = $passwords::testreduce::mysql::mysql_client_pass
+ $racktables_user = $passwords::racktables::racktables_db_user
+ $racktables_pass = $passwords::racktables::racktables_db_pass
+ $servermon_pass = $passwords::servermon::db_password
+ $striker_pass = $passwords::striker::application_db_password
+ $striker_admin_pass = $passwords::striker::admin_db_password
+ $labspuppet_pass = hiera('labspuppetbackend_mysql_password')
+ $labsdbaccounts_pass = $passwords::labsdbaccounts::db_password
+ $rddmarc_pass = $passwords::rddmarc::db_password
+ $phab_admin_pass = $passwords::mysql::phabricator::admin_pass
+ $phab_app_pass = $passwords::mysql::phabricator::app_pass
+ $phab_bz_pass = $passwords::mysql::phabricator::bz_pass
+ $phab_rt_pass = $passwords::mysql::phabricator::rt_pass
+ $phab_manifest_pass = $passwords::mysql::phabricator::manifest_pass
+ $phab_metrics_pass = $passwords::mysql::phabricator::metrics_pass
+
+ file { '/etc/mysql/production-grants-shard.sql':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content =>
template("role/mariadb/grants/production-${shard}.sql.erb"),
+ }
+ }
+}
+
+# wikiadmin, wikiuser
+class role::mariadb::grants::core {
+
+ include passwords::misc::scripts
+
+ $wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass
+ $wikiuser_pass = $passwords::misc::scripts::wikiuser_pass
+
+ file { '/etc/mysql/production-grants-core.sql':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => template('role/mariadb/grants/production-core.sql.erb'),
+ }
+}
+
+# Annoy people in #wikimedia-operations
+class role::mariadb::monitor {
+
+ class { 'mariadb::monitor_disk':
+ contact_group => 'admins',
+ }
+
+ class { 'mariadb::monitor_process':
+ contact_group => 'admins',
+ }
+}
+
+# Annoy Sean
+class role::mariadb::monitor::dba {
+
+ include mariadb::monitor_disk
+ include mariadb::monitor_process
+}
+
+# mysql groups for monitoring
+# * mysql_group (required): general usage of the server, for example:
+# - 'core': production mediawiki servers
+# - 'dbstore': servers for backup and analytics
+# - 'labs': production and labs replicas of production
+# - 'misc': other services
+# * mysql_shard (optional): for 'core', 'misc' and 'pc' services, vertical
+# slices:
+# - 's1': English Wikipedia (see dblists on mediawiki-config)
+# - 'm1': puppet, bacula, etc.
+# - most services are not segmented and will return the empty string ('')
+# * mysql_role (required). One of three:
+# - 'master': for the masters of each datacenter (one per shard and
+# datacenter). Only the one on the active datacenter is read-write of
+# all the ones on the same shard.
+# - 'slave': for read-only slave
+# - 'standalone': single servers that are not part of replication,
+# such as read-only 'es1' hosts; wikitech, or tendril
+
+#FIXME: move node_exporter to standard and remove it from here when ready
+#FIXME: temporarely make the socket '/tmp/mysql.sock' until all manifests
+# are updated
+class role::mariadb::groups(
+ $mysql_group,
+ $mysql_role,
+ $mysql_shard = '',
+ $socket = '/run/mysqld/mysqld.sock',
+ ) {
+
+ include role::prometheus::node_exporter
+ class { 'role::prometheus::mysqld_exporter':
+ socket => $socket,
+ }
+}
+
+# lint:endignore
diff --git a/modules/role/manifests/mariadb/core.pp
b/modules/role/manifests/mariadb/core.pp
index 744056f..ccdb2a0 100644
--- a/modules/role/manifests/mariadb/core.pp
+++ b/modules/role/manifests/mariadb/core.pp
@@ -20,9 +20,9 @@
include ::standard
include ::base::firewall
- include ::profile::mariadb::monitor
- include ::passwords::misc::scripts
- include ::role::mariadb::ferm
+ include role::mariadb::monitor
+ include passwords::misc::scripts
+ include role::mariadb::ferm
# Semi-sync replication
# off: for shard(s) of a single machine, with no slaves
@@ -36,7 +36,7 @@
$semi_sync = 'slave'
}
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'core',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -66,8 +66,8 @@
replication_role => $mysql_role,
}
- class { 'profile::mariadb::grants::core': }
- class { 'profile::mariadb::grants::production':
+ include role::mariadb::grants::core
+ class { 'role::mariadb::grants::production':
shard => 'core',
prompt => "PRODUCTION ${shard} ${mysql_role}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/dbstore.pp
b/modules/role/manifests/mariadb/dbstore.pp
index c4ecb33..15746bc 100644
--- a/modules/role/manifests/mariadb/dbstore.pp
+++ b/modules/role/manifests/mariadb/dbstore.pp
@@ -14,19 +14,19 @@
include mariadb::service
include ::standard
- include ::profile::base::firewall
- include ::passwords::misc::scripts
+ include ::base::firewall
+ include passwords::misc::scripts
- class { 'profile::mariadb::grants::production':
+ class { 'role::mariadb::grants::production':
password => $passwords::misc::scripts::mysql_root_pass,
prompt => 'DBSTORE',
}
- class { 'profile::mariadb::monitor::dba': }
+ include role::mariadb::monitor::dba
include passwords::misc::scripts
include role::mariadb::ferm
- class { 'profile::mariadb::monitor::prometheus':
+ class {'role::mariadb::groups':
mysql_group => 'dbstore',
mysql_role => 'slave',
socket => $socket,
diff --git a/modules/role/manifests/mariadb/dbstore_multiinstance.pp
b/modules/role/manifests/mariadb/dbstore_multiinstance.pp
index 0c4bc63..01f761a 100644
--- a/modules/role/manifests/mariadb/dbstore_multiinstance.pp
+++ b/modules/role/manifests/mariadb/dbstore_multiinstance.pp
@@ -4,7 +4,7 @@
}
include ::standard
- class { 'profile::base::firewall': }
+ include ::base::firewall
#FIXME:
ferm::service { 'dbstore_multiinstance':
proto => 'tcp',
@@ -13,15 +13,15 @@
}
#TODO: define one group per shard
- class { 'profile::mariadb::monitor::prometheus':
+ class {'role::mariadb::groups':
mysql_group => 'dbstore',
mysql_shard => 's1',
mysql_role => 'slave',
socket => '/run/mysqld/mysqld.s1.sock',
}
- class { 'mariadb::packages_wmf': }
- class { 'mariadb::service':
+ class {'mariadb::packages_wmf': }
+ class {'mariadb::service':
override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main
service is \
disabled, use mariadb@<instance_name> instead'; exit 1\"",
}
@@ -40,7 +40,7 @@
binlog_format => 'ROW',
}
- file { '/etc/mysql/mysqld.conf.d':
+ file {'/etc/mysql/mysqld.conf.d':
ensure => directory,
owner => root,
group => root,
@@ -102,14 +102,6 @@
innodb_buffer_pool_size => $s7,
}
role::prometheus::mysqld_exporter_instance { 's7': port => 13317, }
- }
- $s8 = hiera('role::mariadb::dbstore_multiinstance::s8', false)
- if $s8 {
- mariadb::instance { 's8':
- port => 3318,
- innodb_buffer_pool_size => $s8,
- }
- role::prometheus::mysqld_exporter_instance { 's8': port => 13318, }
}
$x1 = hiera('role::mariadb::dbstore_multiinstance::x1', false)
diff --git a/modules/role/manifests/mariadb/labs_deprecated.pp
b/modules/role/manifests/mariadb/labs_deprecated.pp
index b943b21..f2c2e2a 100644
--- a/modules/role/manifests/mariadb/labs_deprecated.pp
+++ b/modules/role/manifests/mariadb/labs_deprecated.pp
@@ -8,15 +8,15 @@
}
include ::standard
- include ::profile::mariadb::monitor
+ include role::mariadb::monitor
include passwords::misc::scripts
include role::mariadb::ferm
- include ::profile::base::firewall
+ include ::base::firewall
include role::labs::db::common
include role::labs::db::views
include role::labs::db::check_private_data
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'labs',
mysql_role => 'slave',
socket => '/tmp/mysql.sock',
diff --git a/modules/role/manifests/mariadb/misc.pp
b/modules/role/manifests/mariadb/misc.pp
index 22a4f1f..8de997c 100644
--- a/modules/role/manifests/mariadb/misc.pp
+++ b/modules/role/manifests/mariadb/misc.pp
@@ -19,11 +19,11 @@
}
include ::standard
- include ::profile::mariadb::monitor
- include ::passwords::misc::scripts
- include ::profile::base::firewall
- include ::role::mariadb::ferm
- class { 'profile::mariadb::monitor::prometheus':
+ include role::mariadb::monitor
+ include passwords::misc::scripts
+ include ::base::firewall
+ include role::mariadb::ferm
+ class { 'role::mariadb::groups':
mysql_group => 'misc',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -41,7 +41,7 @@
read_only => $read_only,
}
- class { 'profile::mariadb::grants::production':
+ class { 'role::mariadb::grants::production':
shard => $shard,
prompt => "MISC ${shard}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/misc/phabricator.pp
b/modules/role/manifests/mariadb/misc/phabricator.pp
index 0f07107..e5942a2 100644
--- a/modules/role/manifests/mariadb/misc/phabricator.pp
+++ b/modules/role/manifests/mariadb/misc/phabricator.pp
@@ -22,12 +22,12 @@
false => 'slave',
}
- include ::profile::mariadb::monitor
- include ::passwords::misc::scripts
- include ::profile::base::firewall
- include ::role::mariadb::ferm
+ include role::mariadb::monitor
+ include passwords::misc::scripts
+ include ::base::firewall
+ include role::mariadb::ferm
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'misc',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -75,7 +75,7 @@
content => template('role/phabricator/init.sql.erb'),
}
- class { 'profile::mariadb::grants::production':
+ class { 'role::mariadb::grants::production':
shard => $shard,
prompt => "MISC ${shard}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/parsercache.pp
b/modules/role/manifests/mariadb/parsercache.pp
index 0c7dfc7..0fd04c1 100644
--- a/modules/role/manifests/mariadb/parsercache.pp
+++ b/modules/role/manifests/mariadb/parsercache.pp
@@ -6,11 +6,11 @@
) {
include ::standard
- include ::profile::base::firewall
- include ::profile::mariadb::monitor
- include ::profile::mariadb::ferm
- include ::passwords::misc::scripts
- class { 'profile::mariadb::monitor::prometheus':
+ include ::base::firewall
+ include role::mariadb::monitor
+ include role::mariadb::ferm
+ include passwords::misc::scripts
+ class { 'role::mariadb::groups':
mysql_group => 'parsercache',
mysql_shard => $shard,
mysql_role => 'master',
@@ -24,8 +24,8 @@
include mariadb::packages_wmf
include mariadb::service
- include ::profile::mariadb::grants::core
- class { 'profile::mariadb::grants::production':
+ include role::mariadb::grants::core
+ class { 'role::mariadb::grants::production':
shard => 'parsercache',
prompt => 'PARSERCACHE',
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
b/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
index 8de72c4..15507a9 100644
--- a/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
+++ b/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
@@ -13,7 +13,7 @@
}
include ::standard
- include ::profile::base::firewall
+ include ::base::firewall
#FIXME:
ferm::service { 'sanitarium_multiinstance':
proto => 'tcp',
@@ -21,6 +21,13 @@
srange => '$PRODUCTION_NETWORKS',
}
+ #TODO: define one group per shard
+ class { 'role::mariadb::groups':
+ mysql_group => 'labs',
+ mysql_role => 'slave',
+ socket => '/run/mysqld/mysqld.s2.sock',
+ }
+
include role::labs::db::common
include role::labs::db::check_private_data
diff --git a/modules/role/manifests/mariadb/sanitarium_multisource.pp
b/modules/role/manifests/mariadb/sanitarium_multisource.pp
index 0eeaf40..497f4db 100644
--- a/modules/role/manifests/mariadb/sanitarium_multisource.pp
+++ b/modules/role/manifests/mariadb/sanitarium_multisource.pp
@@ -15,12 +15,12 @@
include ::standard
include passwords::misc::scripts
- include ::profile::base::firewall
+ include ::base::firewall
include role::mariadb::ferm
include role::labs::db::common
include role::labs::db::check_private_data
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'labs',
mysql_role => 'slave',
socket => '/run/mysqld/mysqld.sock',
diff --git a/modules/role/manifests/mariadb/tendril.pp
b/modules/role/manifests/mariadb/tendril.pp
index 9b0507b..84f9b79 100644
--- a/modules/role/manifests/mariadb/tendril.pp
+++ b/modules/role/manifests/mariadb/tendril.pp
@@ -9,12 +9,11 @@
include mariadb::service
include ::standard
- include ::profile::mariadb::monitor::dba
+ include role::mariadb::monitor::dba
include passwords::misc::scripts
- include ::profile::base::firewall
include role::mariadb::ferm
- class { 'profile::mariadb::monitor::prometheus':
+ class {'role::mariadb::groups':
mysql_group => 'tendril',
mysql_role => 'standalone',
socket => '/tmp/mysql.sock',
diff --git a/modules/role/manifests/mariadb/wikitech.pp
b/modules/role/manifests/mariadb/wikitech.pp
index 46f9d57..81ca30b 100644
--- a/modules/role/manifests/mariadb/wikitech.pp
+++ b/modules/role/manifests/mariadb/wikitech.pp
@@ -6,10 +6,10 @@
}
include ::standard
- include ::profile::mariadb::grants::core
- include ::profile::mariadb::monitor
+ include role::mariadb::grants::core
+ include role::mariadb::monitor
include passwords::misc::scripts
- class { 'profile::mariadb::monitor::prometheus':
+ class { 'role::mariadb::groups':
mysql_group => 'wikitech',
mysql_role => 'standalone',
socket => '/tmp/mysql.sock',
--
To view, visit https://gerrit.wikimedia.org/r/398257
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9dbe26e09fda0d9fb7d53e962c9b6958b203db17
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Jcrespo <[email protected]>
Gerrit-Reviewer: Marostegui <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
