Andrew Bogott has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/398290 )
Change subject: labsaliaser: handle requests for the simple hostname 'puppet'
......................................................................
labsaliaser: handle requests for the simple hostname 'puppet'
This reverts commit ddec1f256693c9770076805fe934928e661e8e2d and
solves the problem in a much simpler way, by just inserting
the IP for the primary puppetmaster into extra_records.
Bug: T181375
Change-Id: I42755fecbaaf98ea0d82fbf6502624ed8c3cb490
---
M hieradata/common/profile/openstack/base.yaml
M hieradata/common/profile/openstack/base/pdns/recursor.yaml
M hieradata/common/profile/openstack/labtest.yaml
M modules/dnsrecursor/files/labs-ip-alias-dump.py
M modules/dnsrecursor/manifests/labsaliaser.pp
M modules/profile/manifests/openstack/base/pdns/recursor/service.pp
M modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
7 files changed, 19 insertions(+), 29 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/common/profile/openstack/base.yaml
b/hieradata/common/profile/openstack/base.yaml
index c701317..b85d3c1 100644
--- a/hieradata/common/profile/openstack/base.yaml
+++ b/hieradata/common/profile/openstack/base.yaml
@@ -7,4 +7,3 @@
profile::openstack::base::ldap_user_name_attribute: 'cn'
profile::openstack::base::ldap_user_dn:
'uid=novaadmin,ou=people,dc=wikimedia,dc=org'
profile::openstack::base::monitoring_host: 'labmon1001.eqiad.wmnet'
-profile::openstack::base::puppetmaster_hostname:
'labs-puppetmaster.wikimedia.org'
diff --git a/hieradata/common/profile/openstack/base/pdns/recursor.yaml
b/hieradata/common/profile/openstack/base/pdns/recursor.yaml
index 812f839..ef8a6aa 100644
--- a/hieradata/common/profile/openstack/base/pdns/recursor.yaml
+++ b/hieradata/common/profile/openstack/base/pdns/recursor.yaml
@@ -1,7 +1,8 @@
-# Extra records that the Labs DNS resolver should respond to.
+# Extra records that the Labs DNS recursor should respond to.
# Used for things that would ideally be in a .svc. DNS zone but
# we do not have one. REMEMBER THE TRAILING DOT.
profile::openstack::base::pdns::recursor::aliaser_extra_records:
tools-db.tools.eqiad.wmflabs.: 10.64.37.9 # labsdb1005.eqiad.wmnet / tools-db
tools-redis.tools.eqiad.wmflabs.: 10.68.22.56 #
tools-redis-1001.tools.eqiad.wmflabs
tools-redis.eqiad.wmflabs.: 10.68.22.56 #
tools-redis-1001.tools.eqiad.wmflabs
+ puppet.: 208.80.154.158 # labpuppetmaster1001.wikimedia.org
diff --git a/hieradata/common/profile/openstack/labtest.yaml
b/hieradata/common/profile/openstack/labtest.yaml
index 6a61ef4..579a46f 100644
--- a/hieradata/common/profile/openstack/labtest.yaml
+++ b/hieradata/common/profile/openstack/labtest.yaml
@@ -14,4 +14,9 @@
profile::openstack::labtest::osm_host: 'labtestwikitech.wikimedia.org'
profile::openstack::labtest::ldap_hosts: ['labtestservices2001.wikimedia.org']
profile::openstack::labtest::statsd_host: 'labmon1001.eqiad.wmnet'
-profile::openstack::labtest::puppetmaster_hostname:
'labtest-puppetmaster.wikimedia.org'
+
+# Extra records that the Labs DNS recursor should respond to.
+# Used for things that would ideally be in a .svc. DNS zone but
+# we do not have one. REMEMBER THE TRAILING DOT.
+profile::openstack::labtest::pdns::recursor::aliaser_extra_records:
+ puppet.: 208.80.153.108 # labtestpuppetmaster2001.wikimedia.org
diff --git a/modules/dnsrecursor/files/labs-ip-alias-dump.py
b/modules/dnsrecursor/files/labs-ip-alias-dump.py
index 02342b0..98b7e65 100644
--- a/modules/dnsrecursor/files/labs-ip-alias-dump.py
+++ b/modules/dnsrecursor/files/labs-ip-alias-dump.py
@@ -110,10 +110,8 @@
"""
-output += 'puppetmaster_hostname = \"%s\"\n' % config['puppetmaster_hostname']
-output += 'extra_records = {}\n'
-
if 'extra_records' in config:
+ output += 'extra_records = {}\n'
extra_records = config['extra_records']
for q in sorted(extra_records.keys()):
@@ -124,17 +122,12 @@
comment=q
)
-output += """
+ output += """
function preresolve(remoteip, domain, qtype)
if extra_records[domain]
then
return 0, {
{qtype=pdns.A, content=extra_records[domain], ttl=300, place="1"},
- }
- elseif domain == 'puppet.'
- then
- return 0, {
- {qtype=pdns.CNAME, content=puppetmaster_hostname},
}
end
return -1, {}
diff --git a/modules/dnsrecursor/manifests/labsaliaser.pp
b/modules/dnsrecursor/manifests/labsaliaser.pp
index fa6c2fb..7bde055 100644
--- a/modules/dnsrecursor/manifests/labsaliaser.pp
+++ b/modules/dnsrecursor/manifests/labsaliaser.pp
@@ -5,7 +5,6 @@
$extra_records,
$alias_file,
$observer_project_name,
- $puppetmaster_hostname,
) {
$config = {
@@ -14,7 +13,6 @@
'output_path' => $alias_file,
'nova_api_url' => $nova_api_url,
'extra_records' => $extra_records,
- 'puppetmaster_hostname' => $puppetmaster_hostname,
'observer_project_name' => $observer_project_name,
}
diff --git a/modules/profile/manifests/openstack/base/pdns/recursor/service.pp
b/modules/profile/manifests/openstack/base/pdns/recursor/service.pp
index 7a541fb..2c67985 100644
--- a/modules/profile/manifests/openstack/base/pdns/recursor/service.pp
+++ b/modules/profile/manifests/openstack/base/pdns/recursor/service.pp
@@ -4,18 +4,16 @@
# via floating IP, but they often want to do DNS lookups for the
# public IP of other instances (e.g. beta.wmflabs.org).
#
-# This recursor does three useful things:
+# This recursor does two useful things:
#
# - It maintains a mapping between floating and private IPs
# for select instances. Anytime the upstream DNS server returns
# a public IP in that mapping, we return the corresponding private
-# IP instead.
+# IP instead. This includes a deploy-specific resolution for the
+# puppet. domain.
#
# - It relays requests for *.wmflabs to the auth server that knows
# about such things (defined as $labs_forward)
-#
-# - It defines a cname for 'puppet' that resolves to the
deployment-appropriate
-# puppetmaster
#
# Other than that it should act like any other WMF recursor.
#
@@ -30,7 +28,6 @@
$tld = hiera('profile::openstack::base::pdns::tld'),
$private_reverse =
hiera('profile::openstack::base::pdns::private_reverse'),
$aliaser_extra_records =
hiera('profile::openstack::base::pdns::recursor::aliaser_extra_records'),
- $puppetmaster_hostname =
hiera('profile::openstack::base::puppetmaster_hostname'),
) {
include ::network::constants
@@ -82,7 +79,6 @@
password => $observer_password,
nova_api_url => "http://${nova_controller}:35357/v3";,
extra_records => $aliaser_extra_records,
- puppetmaster_hostname => $puppetmaster_hostname,
alias_file => $alias_file,
observer_project_name => $observer_project,
}
diff --git
a/modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
b/modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
index 5ca4762..53967e5 100644
--- a/modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
+++ b/modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
@@ -5,16 +5,14 @@
$pdns_recursor = hiera('profile::openstack::labtest::pdns::recursor'),
$tld = hiera('profile::openstack::labtest::pdns::tld'),
$private_reverse =
hiera('profile::openstack::labtest::pdns::private_reverse'),
- $puppetmaster_hostname =
hiera('profile::openstack::labtest::puppetmaster_hostname'),
) {
class {'::profile::openstack::base::pdns::recursor::service':
- nova_controller => $nova_controller,
- observer_password => $observer_password,
- pdns_host => $pdns_host,
- pdns_recursor => $pdns_recursor,
- tld => $tld,
- private_reverse => $private_reverse,
- puppetmaster_hostname => $puppetmaster_hostname
+ nova_controller => $nova_controller,
+ observer_password => $observer_password,
+ pdns_host => $pdns_host,
+ pdns_recursor => $pdns_recursor,
+ tld => $tld,
+ private_reverse => $private_reverse,
}
}
--
To view, visit https://gerrit.wikimedia.org/r/398290
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I42755fecbaaf98ea0d82fbf6502624ed8c3cb490
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Volans <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
