Hashar has uploaded a new change for review.
https://gerrit.wikimedia.org/r/64031
Change subject: ** WIP ** role class for puppet agents ** WIP **
......................................................................
** WIP ** role class for puppet agents ** WIP **
This experimental patch creates to new puppet agent roles to be used on
either production or labs. The aim is to let labs user revert the
puppetmaster::self class by providing them with a role class that points
the server back to the labs puppetmaster.
Should be carefully reviewed by the ops gurus since that might impact
production.
Change-Id: I7192b102c3221eecaab19e094033ddd742051b43
---
M manifests/base.pp
M manifests/role/puppet.pp
2 files changed, 38 insertions(+), 15 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/31/64031/1
diff --git a/manifests/base.pp b/manifests/base.pp
index 2e5060d..24017cf 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -736,21 +736,9 @@
include base::tcptweaks
- class { base::puppet:
- server => $::realm ? {
- 'labs' => $::site ? {
- 'pmtpa' => 'virt0.wikimedia.org',
- 'eqiad' => 'virt1000.wikimedia.org',
- },
- default => "puppet",
- },
- certname => $::realm ? {
- # For labs, use instanceid.domain rather than the fqdn
- # to ensure we're always using a unique certname.
- # dc is an attribute from LDAP, it's set as the
instanceid.
- 'labs' => "${dc}.${domain}",
- default => undef,
- },
+ case $::realm {
+ 'production': { include role::puppet::agent::production }
+ 'labs': { include role::puppet::agent::labs }
}
include passwords::root,
diff --git a/manifests/role/puppet.pp b/manifests/role/puppet.pp
index ba3e7eb..82e62cf 100644
--- a/manifests/role/puppet.pp
+++ b/manifests/role/puppet.pp
@@ -73,3 +73,38 @@
}
}
}
+
+# Reapply the "default" puppet configuration on a labs instance
+# this should conflict with role::puppet::self
+class role::puppet::agent::labs {
+
+ system_role { 'role::puppet::agent::labs': description => 'Puppet
instance pointing to labs puppetmaster' }
+
+ if $::realm != 'labs' {
+ fail('This class should only be used on labs')
+ }
+
+ # Reapply the 'default' puppet configuration from base.
+ class { 'base::puppet':
+ server => $::site ? {
+ 'pmtpa' => 'virt0.wikimedia.org',
+ 'eqiad' => 'virt1000.wikimedia.org',
+ },
+ certname => "${::dc}.${::domain}",
+ }
+}
+
+class role::puppet::agent::production {
+
+ system_role { 'role::puppet::agent::production': description => 'Puppet
instance pointing to production puppetmaster' }
+
+ if $::realm != 'production' {
+ fail('This class should only be used on production')
+ }
+
+ class { 'base::puppet':
+ server => 'puppet',
+ certname => undef,
+ }
+
+}
--
To view, visit https://gerrit.wikimedia.org/r/64031
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7192b102c3221eecaab19e094033ddd742051b43
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
