Hello Giuseppe Lavagetto, Marostegui, Rush, jenkins-bot,
I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/398258
to review the following change.
Change subject: Revert "Revert "mariadb: Remove mariadb.pp and move some old
roles to profiles""
......................................................................
Revert "Revert "mariadb: Remove mariadb.pp and move some old roles to profiles""
This reverts commit 478daf53ed9e891e4fff85d45d3f72c89fab842b.
Change-Id: I0f363da42c8792572152f5b515e46e11c66b28b5
---
M manifests/site.pp
M modules/profile/manifests/mariadb/core/multiinstance.pp
A modules/profile/manifests/mariadb/grants/core.pp
A modules/profile/manifests/mariadb/grants/production.pp
M modules/profile/manifests/mariadb/misc/eventlogging/database.pp
A modules/profile/manifests/mariadb/monitor/dba.pp
A modules/profile/manifests/mariadb/monitor/prometheus.pp
M modules/role/manifests/labs/db/master.pp
M modules/role/manifests/labs/db/replica.pp
M modules/role/manifests/labs/db/slave.pp
M modules/role/manifests/mariadb.pp
M modules/role/manifests/mariadb/core.pp
M modules/role/manifests/mariadb/dbstore.pp
M modules/role/manifests/mariadb/dbstore_multiinstance.pp
M modules/role/manifests/mariadb/labs_deprecated.pp
M modules/role/manifests/mariadb/misc.pp
M modules/role/manifests/mariadb/misc/phabricator.pp
M modules/role/manifests/mariadb/parsercache.pp
M modules/role/manifests/mariadb/sanitarium_multiinstance.pp
M modules/role/manifests/mariadb/sanitarium_multisource.pp
M modules/role/manifests/mariadb/tendril.pp
M modules/role/manifests/mariadb/wikitech.pp
22 files changed, 206 insertions(+), 238 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/58/398258/1
diff --git a/manifests/site.pp b/manifests/site.pp
index 6618172..c51e706 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -595,7 +595,6 @@
# tendril db
node 'db1011.eqiad.wmnet' {
role(mariadb::tendril)
- include ::base::firewall
}
node 'dbstore1001.eqiad.wmnet' {
diff --git a/modules/profile/manifests/mariadb/core/multiinstance.pp
b/modules/profile/manifests/mariadb/core/multiinstance.pp
index 0f82887..8f669c4 100644
--- a/modules/profile/manifests/mariadb/core/multiinstance.pp
+++ b/modules/profile/manifests/mariadb/core/multiinstance.pp
@@ -18,16 +18,8 @@
srange => '$PRODUCTION_NETWORKS',
}
- #TODO: define one group per shard
- class {'role::mariadb::groups':
- mysql_group => 'core',
- mysql_shard => 's1',
- mysql_role => 'slave',
- socket => '/run/mysqld/mysqld.s1.sock',
- }
-
- class {'mariadb::packages_wmf': }
- class {'mariadb::service':
+ class { 'mariadb::packages_wmf': }
+ class { 'mariadb::service':
override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main
service is \
disabled, use mariadb@<instance_name> instead'; exit 1\"",
}
@@ -46,7 +38,7 @@
binlog_format => 'ROW',
}
- file {'/etc/mysql/mysqld.conf.d':
+ file { '/etc/mysql/mysqld.conf.d':
ensure => directory,
owner => root,
group => root,
diff --git a/modules/profile/manifests/mariadb/grants/core.pp
b/modules/profile/manifests/mariadb/grants/core.pp
new file mode 100644
index 0000000..346401c
--- /dev/null
+++ b/modules/profile/manifests/mariadb/grants/core.pp
@@ -0,0 +1,16 @@
+# wikiadmin, wikiuser
+class profile::mariadb::grants::core {
+
+ include passwords::misc::scripts
+
+ $wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass
+ $wikiuser_pass = $passwords::misc::scripts::wikiuser_pass
+
+ file { '/etc/mysql/production-grants-core.sql':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => template('role/mariadb/grants/production-core.sql.erb'),
+ }
+}
diff --git a/modules/profile/manifests/mariadb/grants/production.pp
b/modules/profile/manifests/mariadb/grants/production.pp
new file mode 100644
index 0000000..4151434
--- /dev/null
+++ b/modules/profile/manifests/mariadb/grants/production.pp
@@ -0,0 +1,72 @@
+# root, repl, nagios, tendril, prometheus
+# WARNING: any root user will have access to these files
+# Do not apply to hosts with users with arbitrary roots
+# or any non-production mysql, such as labs-support hosts,
+# wikitech hosts, etc.
+class profile::mariadb::grants::production(
+ $shard = false,
+ $prompt = '',
+ $password = 'undefined',
+ ) {
+
+ include passwords::misc::scripts
+ include passwords::tendril
+ include passwords::nodepool
+ include passwords::testreduce::mysql
+ include passwords::racktables
+ include passwords::prometheus
+ include passwords::servermon
+ include passwords::striker
+ include passwords::labsdbaccounts
+ include passwords::mysql::phabricator
+
+ $root_pass = $passwords::misc::scripts::mysql_root_pass
+ $repl_pass = $passwords::misc::scripts::mysql_repl_pass
+ $nagios_pass = $passwords::misc::scripts::nagios_sql_pass
+ $tendril_user = $passwords::tendril::db_user
+ $tendril_pass = $passwords::tendril::db_pass
+ $prometheus_pass = $passwords::prometheus::db_pass
+
+ file { '/etc/mysql/production-grants.sql':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => template('role/mariadb/grants/production.sql.erb'),
+ }
+
+ file { '/root/.my.cnf':
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => template('mariadb/root.my.cnf.erb'),
+ }
+
+ if $shard {
+ $nodepool_pass = $passwords::nodepool::nodepooldb_pass
+ $testreduce_pass = $passwords::testreduce::mysql::db_pass
+ $testreduce_cli_pass = $passwords::testreduce::mysql::mysql_client_pass
+ $racktables_user = $passwords::racktables::racktables_db_user
+ $racktables_pass = $passwords::racktables::racktables_db_pass
+ $servermon_pass = $passwords::servermon::db_password
+ $striker_pass = $passwords::striker::application_db_password
+ $striker_admin_pass = $passwords::striker::admin_db_password
+ $labspuppet_pass = hiera('labspuppetbackend_mysql_password')
+ $labsdbaccounts_pass = $passwords::labsdbaccounts::db_password
+ $rddmarc_pass = $passwords::rddmarc::db_password
+ $phab_admin_pass = $passwords::mysql::phabricator::admin_pass
+ $phab_app_pass = $passwords::mysql::phabricator::app_pass
+ $phab_bz_pass = $passwords::mysql::phabricator::bz_pass
+ $phab_rt_pass = $passwords::mysql::phabricator::rt_pass
+ $phab_manifest_pass = $passwords::mysql::phabricator::manifest_pass
+ $phab_metrics_pass = $passwords::mysql::phabricator::metrics_pass
+
+ file { '/etc/mysql/production-grants-shard.sql':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content =>
template("role/mariadb/grants/production-${shard}.sql.erb"),
+ }
+ }
+}
diff --git a/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
b/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
index 0dd73ba..7eea269 100644
--- a/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
+++ b/modules/profile/manifests/mariadb/misc/eventlogging/database.pp
@@ -21,11 +21,7 @@
class { 'passwords::misc::scripts': }
- # FIXME: instantiating a role in a profile is not
- # allowed by our coding standard, but it needs to be
- # refactored on a separate change since it is broadly used.
- # This will be moved to profile::mariadb::monitoring.
- class {'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'misc',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -64,7 +60,7 @@
# FIXME: instantiating a role in a profile is not
# allowed by our coding standard, but it needs to be
# refactored on a separate change since it is broadly used.
- class { 'role::mariadb::grants::production':
+ class { 'profile::mariadb::grants::production':
shard => $shard,
prompt => "EVENTLOGGING ${shard}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/profile/manifests/mariadb/monitor/dba.pp
b/modules/profile/manifests/mariadb/monitor/dba.pp
new file mode 100644
index 0000000..e782261
--- /dev/null
+++ b/modules/profile/manifests/mariadb/monitor/dba.pp
@@ -0,0 +1,6 @@
+# Annoy Sean
+class profile::mariadb::monitor::dba {
+
+ include mariadb::monitor_disk
+ include mariadb::monitor_process
+}
diff --git a/modules/profile/manifests/mariadb/monitor/prometheus.pp
b/modules/profile/manifests/mariadb/monitor/prometheus.pp
new file mode 100644
index 0000000..7b1d513
--- /dev/null
+++ b/modules/profile/manifests/mariadb/monitor/prometheus.pp
@@ -0,0 +1,32 @@
+# mysql groups for monitoring
+# * mysql_group (required): general usage of the server, for example:
+# - 'core': production mediawiki servers
+# - 'dbstore': servers for backup and analytics
+# - 'labs': production and labs replicas of production
+# - 'misc': other services
+# * mysql_shard (optional): for 'core', 'misc' and 'pc' services, vertical
+# slices:
+# - 's1': English Wikipedia (see dblists on mediawiki-config)
+# - 'm1': puppet, bacula, etc.
+# - most services are not segmented and will return the empty string ('')
+# * mysql_role (required). One of three:
+# - 'master': for the masters of each datacenter (one per shard and
+# datacenter). Only the one on the active datacenter is read-write of
+# all the ones on the same shard.
+# - 'slave': for read-only slave
+# - 'standalone': single servers that are not part of replication,
+# such as read-only 'es1' hosts; wikitech, or tendril
+
+#FIXME: move node_exporter to standard and remove it from here when ready
+class profile::mariadb::monitor::prometheus(
+ $mysql_group,
+ $mysql_role,
+ $mysql_shard = '',
+ $socket = '/run/mysqld/mysqld.sock',
+ ) {
+
+ include role::prometheus::node_exporter
+ class { 'role::prometheus::mysqld_exporter':
+ socket => $socket,
+ }
+}
diff --git a/modules/role/manifests/labs/db/master.pp
b/modules/role/manifests/labs/db/master.pp
index b8820dd..97ce930 100644
--- a/modules/role/manifests/labs/db/master.pp
+++ b/modules/role/manifests/labs/db/master.pp
@@ -5,14 +5,14 @@
}
include ::standard
- include mariadb::packages_wmf
- include mariadb::service
- include role::mariadb::monitor
- include passwords::misc::scripts
+ include ::mariadb::packages_wmf
+ include ::mariadb::service
+ include ::profile::mariadb::monitor
+ include ::passwords::misc::scripts
$socket = '/var/run/mysqld/mysqld.sock'
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'labs',
mysql_role => 'master',
mysql_shard => 'tools',
diff --git a/modules/role/manifests/labs/db/replica.pp
b/modules/role/manifests/labs/db/replica.pp
index 943d6cf..f8883df 100644
--- a/modules/role/manifests/labs/db/replica.pp
+++ b/modules/role/manifests/labs/db/replica.pp
@@ -5,10 +5,10 @@
}
include ::standard
- class { 'mariadb::packages_wmf': }
- class { 'mariadb::service': }
- include role::mariadb::monitor
- include ::base::firewall
+ class { '::mariadb::packages_wmf': }
+ class { '::mariadb::service': }
+ include ::profile::mariadb::monitor
+ include ::profile::base::firewall
ferm::service{ 'mariadb_labs_db_replica':
proto => 'tcp',
@@ -23,13 +23,13 @@
rule => 'saddr @resolve((db1011.eqiad.wmnet)) proto tcp dport (3307)
ACCEPT;',
}
- include passwords::misc::scripts
+ include ::passwords::misc::scripts
- include role::labs::db::common
- include role::labs::db::views
- include role::labs::db::check_private_data
+ include ::role::labs::db::common
+ include ::role::labs::db::views
+ include ::role::labs::db::check_private_data
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'labs',
mysql_role => 'slave',
mysql_shard => 'multi',
diff --git a/modules/role/manifests/labs/db/slave.pp
b/modules/role/manifests/labs/db/slave.pp
index 1eadb90..c7b2c96 100644
--- a/modules/role/manifests/labs/db/slave.pp
+++ b/modules/role/manifests/labs/db/slave.pp
@@ -5,16 +5,16 @@
}
include ::standard
- include mariadb::packages_wmf
- include mariadb::service
- include role::mariadb::monitor
- include role::mariadb::ferm
- include passwords::misc::scripts
+ class { '::mariadb::packages_wmf': }
+ class { '::mariadb::service': }
+ include ::profile::mariadb::monitor
+ include ::role::mariadb::ferm
+ include ::passwords::misc::scripts
# FIXME: Add the socket location to make the transition easier.
$socket = '/var/run/mysqld/mysqld.sock'
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'labs',
mysql_role => 'slave',
mysql_shard => 'tools',
diff --git a/modules/role/manifests/mariadb.pp
b/modules/role/manifests/mariadb.pp
index 3d72e9d..5a0db5b 100644
--- a/modules/role/manifests/mariadb.pp
+++ b/modules/role/manifests/mariadb.pp
@@ -1,7 +1,6 @@
# Generic Server
#
# filtertags: labs-project-servermon labs-project-monitoring
-# lint:ignore:autoloader_layout
class role::mariadb {
system::role { 'mariadb':
@@ -11,149 +10,3 @@
include ::standard
include ::mariadb
}
-
-# root, repl, nagios, tendril, prometheus
-# WARNING: any root user will have access to these files
-# Do not apply to hosts with users with arbitrary roots
-# or any non-production mysql, such as labs-support hosts,
-# wikitech hosts, etc.
-class role::mariadb::grants::production(
- $shard = false,
- $prompt = '',
- $password = 'undefined',
- ) {
-
- include passwords::misc::scripts
- include passwords::tendril
- include passwords::nodepool
- include passwords::testreduce::mysql
- include passwords::racktables
- include passwords::prometheus
- include passwords::servermon
- include passwords::striker
- include passwords::labsdbaccounts
- include passwords::mysql::phabricator
-
- $root_pass = $passwords::misc::scripts::mysql_root_pass
- $repl_pass = $passwords::misc::scripts::mysql_repl_pass
- $nagios_pass = $passwords::misc::scripts::nagios_sql_pass
- $tendril_user = $passwords::tendril::db_user
- $tendril_pass = $passwords::tendril::db_pass
- $prometheus_pass = $passwords::prometheus::db_pass
-
- file { '/etc/mysql/production-grants.sql':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0400',
- content => template('role/mariadb/grants/production.sql.erb'),
- }
-
- file { '/root/.my.cnf':
- owner => 'root',
- group => 'root',
- mode => '0400',
- content => template('mariadb/root.my.cnf.erb'),
- }
-
- if $shard {
- $nodepool_pass = $passwords::nodepool::nodepooldb_pass
- $testreduce_pass = $passwords::testreduce::mysql::db_pass
- $testreduce_cli_pass = $passwords::testreduce::mysql::mysql_client_pass
- $racktables_user = $passwords::racktables::racktables_db_user
- $racktables_pass = $passwords::racktables::racktables_db_pass
- $servermon_pass = $passwords::servermon::db_password
- $striker_pass = $passwords::striker::application_db_password
- $striker_admin_pass = $passwords::striker::admin_db_password
- $labspuppet_pass = hiera('labspuppetbackend_mysql_password')
- $labsdbaccounts_pass = $passwords::labsdbaccounts::db_password
- $rddmarc_pass = $passwords::rddmarc::db_password
- $phab_admin_pass = $passwords::mysql::phabricator::admin_pass
- $phab_app_pass = $passwords::mysql::phabricator::app_pass
- $phab_bz_pass = $passwords::mysql::phabricator::bz_pass
- $phab_rt_pass = $passwords::mysql::phabricator::rt_pass
- $phab_manifest_pass = $passwords::mysql::phabricator::manifest_pass
- $phab_metrics_pass = $passwords::mysql::phabricator::metrics_pass
-
- file { '/etc/mysql/production-grants-shard.sql':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0400',
- content =>
template("role/mariadb/grants/production-${shard}.sql.erb"),
- }
- }
-}
-
-# wikiadmin, wikiuser
-class role::mariadb::grants::core {
-
- include passwords::misc::scripts
-
- $wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass
- $wikiuser_pass = $passwords::misc::scripts::wikiuser_pass
-
- file { '/etc/mysql/production-grants-core.sql':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0400',
- content => template('role/mariadb/grants/production-core.sql.erb'),
- }
-}
-
-# Annoy people in #wikimedia-operations
-class role::mariadb::monitor {
-
- class { 'mariadb::monitor_disk':
- contact_group => 'admins',
- }
-
- class { 'mariadb::monitor_process':
- contact_group => 'admins',
- }
-}
-
-# Annoy Sean
-class role::mariadb::monitor::dba {
-
- include mariadb::monitor_disk
- include mariadb::monitor_process
-}
-
-# mysql groups for monitoring
-# * mysql_group (required): general usage of the server, for example:
-# - 'core': production mediawiki servers
-# - 'dbstore': servers for backup and analytics
-# - 'labs': production and labs replicas of production
-# - 'misc': other services
-# * mysql_shard (optional): for 'core', 'misc' and 'pc' services, vertical
-# slices:
-# - 's1': English Wikipedia (see dblists on mediawiki-config)
-# - 'm1': puppet, bacula, etc.
-# - most services are not segmented and will return the empty string ('')
-# * mysql_role (required). One of three:
-# - 'master': for the masters of each datacenter (one per shard and
-# datacenter). Only the one on the active datacenter is read-write of
-# all the ones on the same shard.
-# - 'slave': for read-only slave
-# - 'standalone': single servers that are not part of replication,
-# such as read-only 'es1' hosts; wikitech, or tendril
-
-#FIXME: move node_exporter to standard and remove it from here when ready
-#FIXME: temporarely make the socket '/tmp/mysql.sock' until all manifests
-# are updated
-class role::mariadb::groups(
- $mysql_group,
- $mysql_role,
- $mysql_shard = '',
- $socket = '/run/mysqld/mysqld.sock',
- ) {
-
- include role::prometheus::node_exporter
- class { 'role::prometheus::mysqld_exporter':
- socket => $socket,
- }
-}
-
-# lint:endignore
diff --git a/modules/role/manifests/mariadb/core.pp
b/modules/role/manifests/mariadb/core.pp
index ccdb2a0..744056f 100644
--- a/modules/role/manifests/mariadb/core.pp
+++ b/modules/role/manifests/mariadb/core.pp
@@ -20,9 +20,9 @@
include ::standard
include ::base::firewall
- include role::mariadb::monitor
- include passwords::misc::scripts
- include role::mariadb::ferm
+ include ::profile::mariadb::monitor
+ include ::passwords::misc::scripts
+ include ::role::mariadb::ferm
# Semi-sync replication
# off: for shard(s) of a single machine, with no slaves
@@ -36,7 +36,7 @@
$semi_sync = 'slave'
}
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'core',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -66,8 +66,8 @@
replication_role => $mysql_role,
}
- include role::mariadb::grants::core
- class { 'role::mariadb::grants::production':
+ class { 'profile::mariadb::grants::core': }
+ class { 'profile::mariadb::grants::production':
shard => 'core',
prompt => "PRODUCTION ${shard} ${mysql_role}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/dbstore.pp
b/modules/role/manifests/mariadb/dbstore.pp
index 15746bc..c4ecb33 100644
--- a/modules/role/manifests/mariadb/dbstore.pp
+++ b/modules/role/manifests/mariadb/dbstore.pp
@@ -14,19 +14,19 @@
include mariadb::service
include ::standard
- include ::base::firewall
- include passwords::misc::scripts
+ include ::profile::base::firewall
+ include ::passwords::misc::scripts
- class { 'role::mariadb::grants::production':
+ class { 'profile::mariadb::grants::production':
password => $passwords::misc::scripts::mysql_root_pass,
prompt => 'DBSTORE',
}
- include role::mariadb::monitor::dba
+ class { 'profile::mariadb::monitor::dba': }
include passwords::misc::scripts
include role::mariadb::ferm
- class {'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'dbstore',
mysql_role => 'slave',
socket => $socket,
diff --git a/modules/role/manifests/mariadb/dbstore_multiinstance.pp
b/modules/role/manifests/mariadb/dbstore_multiinstance.pp
index 01f761a..0c4bc63 100644
--- a/modules/role/manifests/mariadb/dbstore_multiinstance.pp
+++ b/modules/role/manifests/mariadb/dbstore_multiinstance.pp
@@ -4,7 +4,7 @@
}
include ::standard
- include ::base::firewall
+ class { 'profile::base::firewall': }
#FIXME:
ferm::service { 'dbstore_multiinstance':
proto => 'tcp',
@@ -13,15 +13,15 @@
}
#TODO: define one group per shard
- class {'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'dbstore',
mysql_shard => 's1',
mysql_role => 'slave',
socket => '/run/mysqld/mysqld.s1.sock',
}
- class {'mariadb::packages_wmf': }
- class {'mariadb::service':
+ class { 'mariadb::packages_wmf': }
+ class { 'mariadb::service':
override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main
service is \
disabled, use mariadb@<instance_name> instead'; exit 1\"",
}
@@ -40,7 +40,7 @@
binlog_format => 'ROW',
}
- file {'/etc/mysql/mysqld.conf.d':
+ file { '/etc/mysql/mysqld.conf.d':
ensure => directory,
owner => root,
group => root,
@@ -103,6 +103,14 @@
}
role::prometheus::mysqld_exporter_instance { 's7': port => 13317, }
}
+ $s8 = hiera('role::mariadb::dbstore_multiinstance::s8', false)
+ if $s8 {
+ mariadb::instance { 's8':
+ port => 3318,
+ innodb_buffer_pool_size => $s8,
+ }
+ role::prometheus::mysqld_exporter_instance { 's8': port => 13318, }
+ }
$x1 = hiera('role::mariadb::dbstore_multiinstance::x1', false)
if $x1 {
diff --git a/modules/role/manifests/mariadb/labs_deprecated.pp
b/modules/role/manifests/mariadb/labs_deprecated.pp
index f2c2e2a..b943b21 100644
--- a/modules/role/manifests/mariadb/labs_deprecated.pp
+++ b/modules/role/manifests/mariadb/labs_deprecated.pp
@@ -8,15 +8,15 @@
}
include ::standard
- include role::mariadb::monitor
+ include ::profile::mariadb::monitor
include passwords::misc::scripts
include role::mariadb::ferm
- include ::base::firewall
+ include ::profile::base::firewall
include role::labs::db::common
include role::labs::db::views
include role::labs::db::check_private_data
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'labs',
mysql_role => 'slave',
socket => '/tmp/mysql.sock',
diff --git a/modules/role/manifests/mariadb/misc.pp
b/modules/role/manifests/mariadb/misc.pp
index 8de997c..22a4f1f 100644
--- a/modules/role/manifests/mariadb/misc.pp
+++ b/modules/role/manifests/mariadb/misc.pp
@@ -19,11 +19,11 @@
}
include ::standard
- include role::mariadb::monitor
- include passwords::misc::scripts
- include ::base::firewall
- include role::mariadb::ferm
- class { 'role::mariadb::groups':
+ include ::profile::mariadb::monitor
+ include ::passwords::misc::scripts
+ include ::profile::base::firewall
+ include ::role::mariadb::ferm
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'misc',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -41,7 +41,7 @@
read_only => $read_only,
}
- class { 'role::mariadb::grants::production':
+ class { 'profile::mariadb::grants::production':
shard => $shard,
prompt => "MISC ${shard}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/misc/phabricator.pp
b/modules/role/manifests/mariadb/misc/phabricator.pp
index e5942a2..0f07107 100644
--- a/modules/role/manifests/mariadb/misc/phabricator.pp
+++ b/modules/role/manifests/mariadb/misc/phabricator.pp
@@ -22,12 +22,12 @@
false => 'slave',
}
- include role::mariadb::monitor
- include passwords::misc::scripts
- include ::base::firewall
- include role::mariadb::ferm
+ include ::profile::mariadb::monitor
+ include ::passwords::misc::scripts
+ include ::profile::base::firewall
+ include ::role::mariadb::ferm
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'misc',
mysql_shard => $shard,
mysql_role => $mysql_role,
@@ -75,7 +75,7 @@
content => template('role/phabricator/init.sql.erb'),
}
- class { 'role::mariadb::grants::production':
+ class { 'profile::mariadb::grants::production':
shard => $shard,
prompt => "MISC ${shard}",
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/parsercache.pp
b/modules/role/manifests/mariadb/parsercache.pp
index 0fd04c1..0c7dfc7 100644
--- a/modules/role/manifests/mariadb/parsercache.pp
+++ b/modules/role/manifests/mariadb/parsercache.pp
@@ -6,11 +6,11 @@
) {
include ::standard
- include ::base::firewall
- include role::mariadb::monitor
- include role::mariadb::ferm
- include passwords::misc::scripts
- class { 'role::mariadb::groups':
+ include ::profile::base::firewall
+ include ::profile::mariadb::monitor
+ include ::profile::mariadb::ferm
+ include ::passwords::misc::scripts
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'parsercache',
mysql_shard => $shard,
mysql_role => 'master',
@@ -24,8 +24,8 @@
include mariadb::packages_wmf
include mariadb::service
- include role::mariadb::grants::core
- class { 'role::mariadb::grants::production':
+ include ::profile::mariadb::grants::core
+ class { 'profile::mariadb::grants::production':
shard => 'parsercache',
prompt => 'PARSERCACHE',
password => $passwords::misc::scripts::mysql_root_pass,
diff --git a/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
b/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
index 15507a9..8de72c4 100644
--- a/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
+++ b/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
@@ -13,19 +13,12 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
#FIXME:
ferm::service { 'sanitarium_multiinstance':
proto => 'tcp',
port => '3311:3320',
srange => '$PRODUCTION_NETWORKS',
- }
-
- #TODO: define one group per shard
- class { 'role::mariadb::groups':
- mysql_group => 'labs',
- mysql_role => 'slave',
- socket => '/run/mysqld/mysqld.s2.sock',
}
include role::labs::db::common
diff --git a/modules/role/manifests/mariadb/sanitarium_multisource.pp
b/modules/role/manifests/mariadb/sanitarium_multisource.pp
index 497f4db..0eeaf40 100644
--- a/modules/role/manifests/mariadb/sanitarium_multisource.pp
+++ b/modules/role/manifests/mariadb/sanitarium_multisource.pp
@@ -15,12 +15,12 @@
include ::standard
include passwords::misc::scripts
- include ::base::firewall
+ include ::profile::base::firewall
include role::mariadb::ferm
include role::labs::db::common
include role::labs::db::check_private_data
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'labs',
mysql_role => 'slave',
socket => '/run/mysqld/mysqld.sock',
diff --git a/modules/role/manifests/mariadb/tendril.pp
b/modules/role/manifests/mariadb/tendril.pp
index 84f9b79..9b0507b 100644
--- a/modules/role/manifests/mariadb/tendril.pp
+++ b/modules/role/manifests/mariadb/tendril.pp
@@ -9,11 +9,12 @@
include mariadb::service
include ::standard
- include role::mariadb::monitor::dba
+ include ::profile::mariadb::monitor::dba
include passwords::misc::scripts
+ include ::profile::base::firewall
include role::mariadb::ferm
- class {'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'tendril',
mysql_role => 'standalone',
socket => '/tmp/mysql.sock',
diff --git a/modules/role/manifests/mariadb/wikitech.pp
b/modules/role/manifests/mariadb/wikitech.pp
index 81ca30b..46f9d57 100644
--- a/modules/role/manifests/mariadb/wikitech.pp
+++ b/modules/role/manifests/mariadb/wikitech.pp
@@ -6,10 +6,10 @@
}
include ::standard
- include role::mariadb::grants::core
- include role::mariadb::monitor
+ include ::profile::mariadb::grants::core
+ include ::profile::mariadb::monitor
include passwords::misc::scripts
- class { 'role::mariadb::groups':
+ class { 'profile::mariadb::monitor::prometheus':
mysql_group => 'wikitech',
mysql_role => 'standalone',
socket => '/tmp/mysql.sock',
--
To view, visit https://gerrit.wikimedia.org/r/398258
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0f363da42c8792572152f5b515e46e11c66b28b5
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jcrespo <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Marostegui <[email protected]>
Gerrit-Reviewer: Rush <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
