[MediaWiki-commits] [Gerrit] operations/puppet[production]: profile::hadoop::*: include labs firewall use case

Elukey (Code Review) Fri, 05 Jan 2018 02:55:18 -0800

Elukey has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/402323 )


Change subject: profile::hadoop::*: include labs firewall use case
......................................................................

profile::hadoop::*: include labs firewall use case

This change is needed to allow to bootstrap and deploy
properly Hadoop clusters in labs.

Bug: T167790
Change-Id: I67ad4e3b2b3b8c706685cf96f845d506a61fc69c
---
M modules/profile/manifests/hadoop/firewall/master.pp
M modules/profile/manifests/hadoop/worker.pp
2 files changed, 28 insertions(+), 14 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/402323/1

diff --git a/modules/profile/manifests/hadoop/firewall/master.pp 
b/modules/profile/manifests/hadoop/firewall/master.pp
index 90501e2..e285caa 100644
--- a/modules/profile/manifests/hadoop/firewall/master.pp
+++ b/modules/profile/manifests/hadoop/firewall/master.pp
@@ -4,82 +4,90 @@
 #
 class profile::hadoop::firewall::master {
 
+    if $::realm == 'production' {
+        $analytics_druid_srange = '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))'
+        $analytics_only_srange = '$ANALYTICS_NETWORKS'
+    } else {
+        $analytics_druid_srange = '$DOMAIN_NETWORKS'
+        $analytics_only_srange = '$DOMAIN_NETWORKS'
+    }
+
     ferm::service{ 'hadoop-hdfs-namenode':
         proto  => 'tcp',
         port   => '8020',
-        srange => '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))',
+        srange => $analytics_druid_srange,
     }
 
     ferm::service{ 'hadoop-hdfs-zkfc':
         proto  => 'tcp',
         port   => '8019',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-hdfs-namenode-http-ui':
         proto  => 'tcp',
         port   => '50070',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-hdfs-namenode-jmx':
         proto  => 'tcp',
         port   => '9980',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-yarn-resourcemanager-scheduler':
         proto  => 'tcp',
         port   => '8030',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-yarn-resourcemanager-tracker':
         proto  => 'tcp',
         port   => '8031',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-yarn-resourcemanager':
         proto  => 'tcp',
         port   => '8032',
-        srange => '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))',
+        srange => $analytics_druid_srange,
     }
 
     ferm::service{ 'hadoop-yarn-resourcemanager-admin':
         proto  => 'tcp',
         port   => '8033',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-yarn-resourcemanager-http-ui':
         proto  => 'tcp',
         port   => '8088',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-mapreduce-historyserver':
         proto  => 'tcp',
         port   => '10020',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-mapreduce-historyserver-admin':
         proto  => 'tcp',
         port   => '10033',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-mapreduce-historyserver-http-ui':
         proto  => 'tcp',
         port   => '19888',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 
     ferm::service{ 'hadoop-yarn-resourcemanager-jmx':
         proto  => 'tcp',
         port   => '9983',
-        srange => '$ANALYTICS_NETWORKS',
+        srange => $analytics_only_srange,
     }
 }
 
diff --git a/modules/profile/manifests/hadoop/worker.pp 
b/modules/profile/manifests/hadoop/worker.pp
index 6af651b..52d024b 100644
--- a/modules/profile/manifests/hadoop/worker.pp
+++ b/modules/profile/manifests/hadoop/worker.pp
@@ -89,11 +89,17 @@
         require => Package['python3-numpy'],
     }
 
+    if $::realm == 'production' {
+        $analytics_srange = '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))'
+    } else {
+        $analytics_srange = '$DOMAIN_NETWORKS'
+    }
+
     # This allows Hadoop daemons to talk to each other.
     ferm::service{ 'hadoop-access':
         proto  => 'tcp',
         port   => '1024:65535',
-        srange => '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))',
+        srange => $analytics_srange,
     }
 
     if $monitoring_enabled {

-- 
To view, visit https://gerrit.wikimedia.org/r/402323
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I67ad4e3b2b3b8c706685cf96f845d506a61fc69c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Elukey <ltosc...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: profile::hadoop::*: include labs firewall use case

Reply via email to