Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/88057
Change subject: swift: inline swift::proxy::config
......................................................................
swift: inline swift::proxy::config
Despite what the comments say, swift::proxy::config is only used by
swift::proxy. Having it external makes us jump through some hoops
(virtual resources, scope.lookupvar etc.) that are unnecessary, so just
inline it and cleanup.
Change-Id: Idf1dad8f7fae8f9b5fd7bedad97b15b64f85776e
---
M manifests/role/swift.pp
M manifests/swift.pp
M templates/swift/proxy-server.conf.erb
3 files changed, 43 insertions(+), 64 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/57/88057/1
diff --git a/manifests/role/swift.pp b/manifests/role/swift.pp
index 222cd2d..032839c 100644
--- a/manifests/role/swift.pp
+++ b/manifests/role/swift.pp
@@ -36,7 +36,7 @@
}
}
class proxy inherits role::swift::pmtpa-prod {
- class { "::swift::proxy::config":
+ class { "::swift::proxy":
bind_port => "80",
proxy_address => "http://ms-fe.pmtpa.wmnet";,
num_workers => $::processorcount,
@@ -49,7 +49,6 @@
shard_container_list =>
"wikipedia-commons-local-thumb,wikipedia-de-local-thumb,wikipedia-en-local-thumb,wikipedia-fi-local-thumb,wikipedia-fr-local-thumb,wikipedia-he-local-thumb,wikipedia-hu-local-thumb,wikipedia-id-local-thumb,wikipedia-it-local-thumb,wikipedia-ja-local-thumb,wikipedia-ro-local-thumb,wikipedia-ru-local-thumb,wikipedia-th-local-thumb,wikipedia-tr-local-thumb,wikipedia-uk-local-thumb,wikipedia-zh-local-thumb,wikipedia-commons-local-public,wikipedia-de-local-public,wikipedia-en-local-public,wikipedia-fi-local-public,wikipedia-fr-local-public,wikipedia-he-local-public,wikipedia-hu-local-public,wikipedia-id-local-public,wikipedia-it-local-public,wikipedia-ja-local-public,wikipedia-ro-local-public,wikipedia-ru-local-public,wikipedia-th-local-public,wikipedia-tr-local-public,wikipedia-uk-local-public,wikipedia-zh-local-public,wikipedia-commons-local-temp,wikipedia-de-local-temp,wikipedia-en-local-temp,wikipedia-fi-local-temp,wikipedia-fr-local-temp,wikipedia-he-local-temp,wikipedia-hu-local-temp,wikipedia-id-local-temp,wikipedia-it-local-temp,wikipedia-ja-local-temp,wikipedia-ro-local-temp,wikipedia-ru-local-temp,wikipedia-th-local-temp,wikipedia-tr-local-temp,wikipedia-uk-local-temp,wikipedia-zh-local-temp,wikipedia-commons-local-transcoded,wikipedia-de-local-transcoded,wikipedia-en-local-transcoded,wikipedia-fi-local-transcoded,wikipedia-fr-local-transcoded,wikipedia-he-local-transcoded,wikipedia-hu-local-transcoded,wikipedia-id-local-transcoded,wikipedia-it-local-transcoded,wikipedia-ja-local-transcoded,wikipedia-ro-local-transcoded,wikipedia-ru-local-transcoded,wikipedia-th-local-transcoded,wikipedia-tr-local-transcoded,wikipedia-uk-local-transcoded,wikipedia-zh-local-transcoded,global-data-math-render",
backend_url_format => "sitelang"
}
- include ::swift::proxy
class { '::swift::proxy::monitoring':
host => 'ms-fe.pmtpa.wmnet',
}
@@ -87,7 +86,7 @@
}
}
class proxy inherits role::swift::eqiad-prod {
- class { "::swift::proxy::config":
+ class { "::swift::proxy":
bind_port => "80",
proxy_address => "http://ms-fe.eqiad.wmnet";,
num_workers => $::processorcount,
@@ -100,7 +99,6 @@
shard_container_list =>
"wikipedia-commons-local-thumb,wikipedia-de-local-thumb,wikipedia-en-local-thumb,wikipedia-fi-local-thumb,wikipedia-fr-local-thumb,wikipedia-he-local-thumb,wikipedia-hu-local-thumb,wikipedia-id-local-thumb,wikipedia-it-local-thumb,wikipedia-ja-local-thumb,wikipedia-ro-local-thumb,wikipedia-ru-local-thumb,wikipedia-th-local-thumb,wikipedia-tr-local-thumb,wikipedia-uk-local-thumb,wikipedia-zh-local-thumb,wikipedia-commons-local-public,wikipedia-de-local-public,wikipedia-en-local-public,wikipedia-fi-local-public,wikipedia-fr-local-public,wikipedia-he-local-public,wikipedia-hu-local-public,wikipedia-id-local-public,wikipedia-it-local-public,wikipedia-ja-local-public,wikipedia-ro-local-public,wikipedia-ru-local-public,wikipedia-th-local-public,wikipedia-tr-local-public,wikipedia-uk-local-public,wikipedia-zh-local-public,wikipedia-commons-local-temp,wikipedia-de-local-temp,wikipedia-en-local-temp,wikipedia-fi-local-temp,wikipedia-fr-local-temp,wikipedia-he-local-temp,wikipedia-hu-local-temp,wikipedia-id-local-temp,wikipedia-it-local-temp,wikipedia-ja-local-temp,wikipedia-ro-local-temp,wikipedia-ru-local-temp,wikipedia-th-local-temp,wikipedia-tr-local-temp,wikipedia-uk-local-temp,wikipedia-zh-local-temp,wikipedia-commons-local-transcoded,wikipedia-de-local-transcoded,wikipedia-en-local-transcoded,wikipedia-fi-local-transcoded,wikipedia-fr-local-transcoded,wikipedia-he-local-transcoded,wikipedia-hu-local-transcoded,wikipedia-id-local-transcoded,wikipedia-it-local-transcoded,wikipedia-ja-local-transcoded,wikipedia-ro-local-transcoded,wikipedia-ru-local-transcoded,wikipedia-th-local-transcoded,wikipedia-tr-local-transcoded,wikipedia-uk-local-transcoded,wikipedia-zh-local-transcoded,global-data-math-render",
backend_url_format => "sitelang"
}
- include ::swift::proxy
class { '::swift::proxy::monitoring':
host => 'ms-fe.eqiad.wmnet',
}
@@ -129,7 +127,7 @@
}
}
class proxy inherits role::swift::pmtpa-labs {
- class { "::swift::proxy::config":
+ class { "::swift::proxy":
bind_port => "80",
proxy_address =>
"http://swift-fe1.pmtpa.wmflabs";,
num_workers => $::processorcount * 2,
@@ -142,7 +140,6 @@
shard_container_list => "",
backend_url_format => "asis"
}
- include ::swift::proxy
}
class storage inherits role::swift::pmtpa-labs {
include ::swift::storage
@@ -175,7 +172,7 @@
}
}
class proxy inherits role::swift::pmtpa-labsupgrade {
- class { "::swift::proxy::config":
+ class { "::swift::proxy":
bind_port => "80",
proxy_address => "http://su-fe1.pmtpa.wmflabs";,
num_workers => $::processorcount * 2,
@@ -188,7 +185,6 @@
shard_container_list => "",
backend_url_format => "asis"
}
- include ::swift::proxy
}
class storage inherits role::swift::pmtpa-labsupgrade {
include ::swift::storage
diff --git a/manifests/swift.pp b/manifests/swift.pp
index 1a30485..fa8f168 100644
--- a/manifests/swift.pp
+++ b/manifests/swift.pp
@@ -89,12 +89,30 @@
}
}
-class swift::proxy {
- Class[swift::proxy::config] -> Class[swift::proxy]
+class swift::proxy(
+ $bind_port="8080",
+ $proxy_address,
+ $memcached_servers,
+ $num_workers,
+ $auth_backend,
+ $super_admin_key,
+ $rewrite_account,
+ $rewrite_password,
+ $rewrite_thumb_server,
+ $shard_container_list,
+ $backend_url_format
+ ) {
+ Class[swift::base] -> Class[swift::proxy]
- system_role { "swift:base": description => "swift frontend proxy" }
+ system_role { "swift::proxy": description => "swift frontend proxy" }
- realize File["/etc/swift/proxy-server.conf"]
+ file { "/etc/swift/proxy-server.conf":
+ owner => swift,
+ group => swift,
+ mode => 0440,
+ content => template("swift/proxy-server.conf.erb"),
+ require => Package['swift-proxy'],
+ }
package { ['swift-proxy', 'python-swauth']:
ensure => present;
@@ -121,41 +139,6 @@
description => 'Swift HTTP backend',
check_command => "check_http_url!$host!/monitoring/backend",
}
-}
-
-# TODO: document parameters
-
-# Class: swift::proxy::config
-#
-# This class configures a Swift Proxy.
-#
-# Only put virtual resources in this class, as it's included
-# on non-proxy swift nodes as well.
-#
-# Parameters:
-class swift::proxy::config(
- $bind_port="8080",
- $proxy_address,
- $memcached_servers,
- $num_workers,
- $auth_backend,
- $super_admin_key,
- $rewrite_account,
- $rewrite_password,
- $rewrite_thumb_server,
- $shard_container_list,
- $backend_url_format ) {
-
- Class[swift::base] -> Class[swift::proxy::config]
-
- # Virtual resource
- @file { "/etc/swift/proxy-server.conf":
- owner => swift,
- group => swift,
- mode => 0440,
- content => template("swift/proxy-server.conf.erb")
- }
-
}
class swift::storage {
diff --git a/templates/swift/proxy-server.conf.erb
b/templates/swift/proxy-server.conf.erb
index feabdd2..fb4c448 100644
--- a/templates/swift/proxy-server.conf.erb
+++ b/templates/swift/proxy-server.conf.erb
@@ -1,8 +1,8 @@
# This file is managed by Puppet!
[DEFAULT]
-bind_port = <%= scope.lookupvar("swift::proxy::config::bind_port") %>
-workers = <%= scope.lookupvar("swift::proxy::config::num_workers") %>
+bind_port = <%= @bind_port %>
+workers = <%= @num_workers %>
user = swift
# You can enable default statsD logging here and/or override it in sections
# below:
@@ -13,33 +13,33 @@
#log_statsd_metric_prefix =
[pipeline:main]
-<% if scope.lookupvar("swift::proxy::config::auth_backend") == 'swauth' -%>
+<% if @auth_backend == 'swauth' -%>
pipeline = rewrite healthcheck cache swauth cors proxy-logging proxy-server
-<% elsif scope.lookupvar("swift::proxy::config::auth_backend") == 'tempauth'
-%>
+<% elsif @auth_backend == 'tempauth' -%>
pipeline = rewrite healthcheck cache tempauth cors proxy-logging proxy-server
<% end -%>
[app:proxy-server]
use = egg:swift#proxy
-<% if scope.lookupvar("swift::proxy::config::auth_backend") == 'swauth' -%>
+<% if @auth_backend == 'swauth' -%>
allow_account_management = true
-<% elsif scope.lookupvar("swift::proxy::config::auth_backend") == 'tempauth'
-%>
+<% elsif @auth_backend == 'tempauth' -%>
account_autocreate = true
<% end -%>
-<% if scope.lookupvar("swift::proxy::config::auth_backend") == 'swauth' -%>
+<% if @auth_backend == 'swauth' -%>
[filter:swauth]
use = egg:swauth#swauth
token_life = 604800
-default_swift_cluster = local#<%=
scope.lookupvar("swift::proxy::config::proxy_address") %>/v1
+default_swift_cluster = local#<%= @proxy_address %>/v1
set log_name = swauth
-super_admin_key = <%= scope.lookupvar("swift::proxy::config::super_admin_key")
%>
-<% elsif scope.lookupvar("swift::proxy::config::auth_backend") == 'tempauth'
-%>
+super_admin_key = <%= @super_admin_key %>
+<% elsif @auth_backend == 'tempauth' -%>
[filter:tempauth]
use = egg:swift#tempauth
token_life = 604800
-user_admin_admin = <%=
scope.lookupvar("swift::proxy::config::super_admin_key") %> .admin
.reseller_admin <%= scope.lookupvar("swift::proxy::config::proxy_address")
%>/v1/AUTH_admin
-user_mw_media = <%= scope.lookupvar("swift::proxy::config::rewrite_password")
%> .admin <%= scope.lookupvar("swift::proxy::config::proxy_address")
%>/v1/AUTH_mw
+user_admin_admin = <%= @super_admin_key") %> .admin .reseller_admin <%=
@proxy_address %>/v1/AUTH_admin
+user_mw_media = <%= @rewrite_password") %> .admin <%= @proxy_address
%>/v1/AUTH_mw
<% end -%>
[filter:healthcheck]
@@ -47,7 +47,7 @@
[filter:cache]
use = egg:swift#memcache
-memcache_servers = <%=
scope.lookupvar("swift::proxy::config::memcached_servers").join(",") %>
+memcache_servers = <%= @memcached_servers").join(",") %>
memcache_serialization_support = 2
[filter:cors]
@@ -59,18 +59,18 @@
[filter:rewrite]
# the auth system turns our login and key into an account / token pair.
# the account remains valid forever, but the token times out.
-account = <%= scope.lookupvar("swift::proxy::config::rewrite_account") %>
+account = <%= @rewrite_account %>
# the name of the scaler cluster.
-thumbhost = <%= scope.lookupvar("swift::proxy::config::rewrite_thumb_server")
%>
+thumbhost = <%= @rewrite_thumb_server %>
# upload doesn"t like our User-agent (Python-urllib/2.6), otherwise we could
call it using urllib2.urlopen()
user_agent = Mozilla/5.0
# this list is the containers that should be sharded
-shard_container_list = <%=
scope.lookupvar("swift::proxy::config::shard_container_list") %>
+shard_container_list = <%= @shard_container_list %>
# backend_url_format controls whether we pass the URL through to the thumbhost
unmolested
# or mangle it to be consumed by mediawiki. ms5 takes URLs unmolested,
mediawiki wants them
# transformed to something more palatable (specifically, turning
http://upload/proj/lang/ into http://lang.proj/
# valid options are 'asis' (leave it alone) and 'sitelang' (change upload to
lang.site.org)
-backend_url_format = <%=
scope.lookupvar("swift::proxy::config::backend_url_format") %>
+backend_url_format = <%= @backend_url_format %>
--
To view, visit https://gerrit.wikimedia.org/r/88057
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idf1dad8f7fae8f9b5fd7bedad97b15b64f85776e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
