Faidon Liambotis has submitted this change and it was merged. Change subject: swift: inline swift::proxy::config ......................................................................
swift: inline swift::proxy::config Despite what the comments say, swift::proxy::config is only used by swift::proxy. Having it external makes us jump through some hoops (virtual resources, scope.lookupvar etc.) that are unnecessary, so just inline it and cleanup. Change-Id: Idf1dad8f7fae8f9b5fd7bedad97b15b64f85776e --- M manifests/role/swift.pp M manifests/swift.pp M templates/swift/proxy-server.conf.erb 3 files changed, 43 insertions(+), 64 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/swift.pp b/manifests/role/swift.pp index 222cd2d..032839c 100644 --- a/manifests/role/swift.pp +++ b/manifests/role/swift.pp @@ -36,7 +36,7 @@ } } class proxy inherits role::swift::pmtpa-prod { - class { "::swift::proxy::config": + class { "::swift::proxy": bind_port => "80", proxy_address => "http://ms-fe.pmtpa.wmnet", num_workers => $::processorcount, @@ -49,7 +49,6 @@ shard_container_list => "wikipedia-commons-local-thumb,wikipedia-de-local-thumb,wikipedia-en-local-thumb,wikipedia-fi-local-thumb,wikipedia-fr-local-thumb,wikipedia-he-local-thumb,wikipedia-hu-local-thumb,wikipedia-id-local-thumb,wikipedia-it-local-thumb,wikipedia-ja-local-thumb,wikipedia-ro-local-thumb,wikipedia-ru-local-thumb,wikipedia-th-local-thumb,wikipedia-tr-local-thumb,wikipedia-uk-local-thumb,wikipedia-zh-local-thumb,wikipedia-commons-local-public,wikipedia-de-local-public,wikipedia-en-local-public,wikipedia-fi-local-public,wikipedia-fr-local-public,wikipedia-he-local-public,wikipedia-hu-local-public,wikipedia-id-local-public,wikipedia-it-local-public,wikipedia-ja-local-public,wikipedia-ro-local-public,wikipedia-ru-local-public,wikipedia-th-local-public,wikipedia-tr-local-public,wikipedia-uk-local-public,wikipedia-zh-local-public,wikipedia-commons-local-temp,wikipedia-de-local-temp,wikipedia-en-local-temp,wikipedia-fi-local-temp,wikipedia-fr-local-temp,wikipedia-he-local-temp,wikipedia-hu-local-temp,wikipedia-id-local-temp,wikipedia-it-local-temp,wikipedia-ja-local-temp,wikipedia-ro-local-temp,wikipedia-ru-local-temp,wikipedia-th-local-temp,wikipedia-tr-local-temp,wikipedia-uk-local-temp,wikipedia-zh-local-temp,wikipedia-commons-local-transcoded,wikipedia-de-local-transcoded,wikipedia-en-local-transcoded,wikipedia-fi-local-transcoded,wikipedia-fr-local-transcoded,wikipedia-he-local-transcoded,wikipedia-hu-local-transcoded,wikipedia-id-local-transcoded,wikipedia-it-local-transcoded,wikipedia-ja-local-transcoded,wikipedia-ro-local-transcoded,wikipedia-ru-local-transcoded,wikipedia-th-local-transcoded,wikipedia-tr-local-transcoded,wikipedia-uk-local-transcoded,wikipedia-zh-local-transcoded,global-data-math-render", backend_url_format => "sitelang" } - include ::swift::proxy class { '::swift::proxy::monitoring': host => 'ms-fe.pmtpa.wmnet', } @@ -87,7 +86,7 @@ } } class proxy inherits role::swift::eqiad-prod { - class { "::swift::proxy::config": + class { "::swift::proxy": bind_port => "80", proxy_address => "http://ms-fe.eqiad.wmnet", num_workers => $::processorcount, @@ -100,7 +99,6 @@ shard_container_list => "wikipedia-commons-local-thumb,wikipedia-de-local-thumb,wikipedia-en-local-thumb,wikipedia-fi-local-thumb,wikipedia-fr-local-thumb,wikipedia-he-local-thumb,wikipedia-hu-local-thumb,wikipedia-id-local-thumb,wikipedia-it-local-thumb,wikipedia-ja-local-thumb,wikipedia-ro-local-thumb,wikipedia-ru-local-thumb,wikipedia-th-local-thumb,wikipedia-tr-local-thumb,wikipedia-uk-local-thumb,wikipedia-zh-local-thumb,wikipedia-commons-local-public,wikipedia-de-local-public,wikipedia-en-local-public,wikipedia-fi-local-public,wikipedia-fr-local-public,wikipedia-he-local-public,wikipedia-hu-local-public,wikipedia-id-local-public,wikipedia-it-local-public,wikipedia-ja-local-public,wikipedia-ro-local-public,wikipedia-ru-local-public,wikipedia-th-local-public,wikipedia-tr-local-public,wikipedia-uk-local-public,wikipedia-zh-local-public,wikipedia-commons-local-temp,wikipedia-de-local-temp,wikipedia-en-local-temp,wikipedia-fi-local-temp,wikipedia-fr-local-temp,wikipedia-he-local-temp,wikipedia-hu-local-temp,wikipedia-id-local-temp,wikipedia-it-local-temp,wikipedia-ja-local-temp,wikipedia-ro-local-temp,wikipedia-ru-local-temp,wikipedia-th-local-temp,wikipedia-tr-local-temp,wikipedia-uk-local-temp,wikipedia-zh-local-temp,wikipedia-commons-local-transcoded,wikipedia-de-local-transcoded,wikipedia-en-local-transcoded,wikipedia-fi-local-transcoded,wikipedia-fr-local-transcoded,wikipedia-he-local-transcoded,wikipedia-hu-local-transcoded,wikipedia-id-local-transcoded,wikipedia-it-local-transcoded,wikipedia-ja-local-transcoded,wikipedia-ro-local-transcoded,wikipedia-ru-local-transcoded,wikipedia-th-local-transcoded,wikipedia-tr-local-transcoded,wikipedia-uk-local-transcoded,wikipedia-zh-local-transcoded,global-data-math-render", backend_url_format => "sitelang" } - include ::swift::proxy class { '::swift::proxy::monitoring': host => 'ms-fe.eqiad.wmnet', } @@ -129,7 +127,7 @@ } } class proxy inherits role::swift::pmtpa-labs { - class { "::swift::proxy::config": + class { "::swift::proxy": bind_port => "80", proxy_address => "http://swift-fe1.pmtpa.wmflabs", num_workers => $::processorcount * 2, @@ -142,7 +140,6 @@ shard_container_list => "", backend_url_format => "asis" } - include ::swift::proxy } class storage inherits role::swift::pmtpa-labs { include ::swift::storage @@ -175,7 +172,7 @@ } } class proxy inherits role::swift::pmtpa-labsupgrade { - class { "::swift::proxy::config": + class { "::swift::proxy": bind_port => "80", proxy_address => "http://su-fe1.pmtpa.wmflabs", num_workers => $::processorcount * 2, @@ -188,7 +185,6 @@ shard_container_list => "", backend_url_format => "asis" } - include ::swift::proxy } class storage inherits role::swift::pmtpa-labsupgrade { include ::swift::storage diff --git a/manifests/swift.pp b/manifests/swift.pp index 1a30485..fa8f168 100644 --- a/manifests/swift.pp +++ b/manifests/swift.pp @@ -89,12 +89,30 @@ } } -class swift::proxy { - Class[swift::proxy::config] -> Class[swift::proxy] +class swift::proxy( + $bind_port="8080", + $proxy_address, + $memcached_servers, + $num_workers, + $auth_backend, + $super_admin_key, + $rewrite_account, + $rewrite_password, + $rewrite_thumb_server, + $shard_container_list, + $backend_url_format + ) { + Class[swift::base] -> Class[swift::proxy] - system_role { "swift:base": description => "swift frontend proxy" } + system_role { "swift::proxy": description => "swift frontend proxy" } - realize File["/etc/swift/proxy-server.conf"] + file { "/etc/swift/proxy-server.conf": + owner => swift, + group => swift, + mode => 0440, + content => template("swift/proxy-server.conf.erb"), + require => Package['swift-proxy'], + } package { ['swift-proxy', 'python-swauth']: ensure => present; @@ -121,41 +139,6 @@ description => 'Swift HTTP backend', check_command => "check_http_url!$host!/monitoring/backend", } -} - -# TODO: document parameters - -# Class: swift::proxy::config -# -# This class configures a Swift Proxy. -# -# Only put virtual resources in this class, as it's included -# on non-proxy swift nodes as well. -# -# Parameters: -class swift::proxy::config( - $bind_port="8080", - $proxy_address, - $memcached_servers, - $num_workers, - $auth_backend, - $super_admin_key, - $rewrite_account, - $rewrite_password, - $rewrite_thumb_server, - $shard_container_list, - $backend_url_format ) { - - Class[swift::base] -> Class[swift::proxy::config] - - # Virtual resource - @file { "/etc/swift/proxy-server.conf": - owner => swift, - group => swift, - mode => 0440, - content => template("swift/proxy-server.conf.erb") - } - } class swift::storage { diff --git a/templates/swift/proxy-server.conf.erb b/templates/swift/proxy-server.conf.erb index feabdd2..43f784a 100644 --- a/templates/swift/proxy-server.conf.erb +++ b/templates/swift/proxy-server.conf.erb @@ -1,8 +1,8 @@ # This file is managed by Puppet! [DEFAULT] -bind_port = <%= scope.lookupvar("swift::proxy::config::bind_port") %> -workers = <%= scope.lookupvar("swift::proxy::config::num_workers") %> +bind_port = <%= @bind_port %> +workers = <%= @num_workers %> user = swift # You can enable default statsD logging here and/or override it in sections # below: @@ -13,33 +13,33 @@ #log_statsd_metric_prefix = [pipeline:main] -<% if scope.lookupvar("swift::proxy::config::auth_backend") == 'swauth' -%> +<% if @auth_backend == 'swauth' -%> pipeline = rewrite healthcheck cache swauth cors proxy-logging proxy-server -<% elsif scope.lookupvar("swift::proxy::config::auth_backend") == 'tempauth' -%> +<% elsif @auth_backend == 'tempauth' -%> pipeline = rewrite healthcheck cache tempauth cors proxy-logging proxy-server <% end -%> [app:proxy-server] use = egg:swift#proxy -<% if scope.lookupvar("swift::proxy::config::auth_backend") == 'swauth' -%> +<% if @auth_backend == 'swauth' -%> allow_account_management = true -<% elsif scope.lookupvar("swift::proxy::config::auth_backend") == 'tempauth' -%> +<% elsif @auth_backend == 'tempauth' -%> account_autocreate = true <% end -%> -<% if scope.lookupvar("swift::proxy::config::auth_backend") == 'swauth' -%> +<% if @auth_backend == 'swauth' -%> [filter:swauth] use = egg:swauth#swauth token_life = 604800 -default_swift_cluster = local#<%= scope.lookupvar("swift::proxy::config::proxy_address") %>/v1 +default_swift_cluster = local#<%= @proxy_address %>/v1 set log_name = swauth -super_admin_key = <%= scope.lookupvar("swift::proxy::config::super_admin_key") %> -<% elsif scope.lookupvar("swift::proxy::config::auth_backend") == 'tempauth' -%> +super_admin_key = <%= @super_admin_key %> +<% elsif @auth_backend == 'tempauth' -%> [filter:tempauth] use = egg:swift#tempauth token_life = 604800 -user_admin_admin = <%= scope.lookupvar("swift::proxy::config::super_admin_key") %> .admin .reseller_admin <%= scope.lookupvar("swift::proxy::config::proxy_address") %>/v1/AUTH_admin -user_mw_media = <%= scope.lookupvar("swift::proxy::config::rewrite_password") %> .admin <%= scope.lookupvar("swift::proxy::config::proxy_address") %>/v1/AUTH_mw +user_admin_admin = <%= @super_admin_key %> .admin .reseller_admin <%= @proxy_address %>/v1/AUTH_admin +user_mw_media = <%= @rewrite_password %> .admin <%= @proxy_address %>/v1/AUTH_mw <% end -%> [filter:healthcheck] @@ -47,7 +47,7 @@ [filter:cache] use = egg:swift#memcache -memcache_servers = <%= scope.lookupvar("swift::proxy::config::memcached_servers").join(",") %> +memcache_servers = <%= @memcached_servers.join(",") %> memcache_serialization_support = 2 [filter:cors] @@ -59,18 +59,18 @@ [filter:rewrite] # the auth system turns our login and key into an account / token pair. # the account remains valid forever, but the token times out. -account = <%= scope.lookupvar("swift::proxy::config::rewrite_account") %> +account = <%= @rewrite_account %> # the name of the scaler cluster. -thumbhost = <%= scope.lookupvar("swift::proxy::config::rewrite_thumb_server") %> +thumbhost = <%= @rewrite_thumb_server %> # upload doesn"t like our User-agent (Python-urllib/2.6), otherwise we could call it using urllib2.urlopen() user_agent = Mozilla/5.0 # this list is the containers that should be sharded -shard_container_list = <%= scope.lookupvar("swift::proxy::config::shard_container_list") %> +shard_container_list = <%= @shard_container_list %> # backend_url_format controls whether we pass the URL through to the thumbhost unmolested # or mangle it to be consumed by mediawiki. ms5 takes URLs unmolested, mediawiki wants them # transformed to something more palatable (specifically, turning http://upload/proj/lang/ into http://lang.proj/ # valid options are 'asis' (leave it alone) and 'sitelang' (change upload to lang.site.org) -backend_url_format = <%= scope.lookupvar("swift::proxy::config::backend_url_format") %> +backend_url_format = <%= @backend_url_format %> -- To view, visit https://gerrit.wikimedia.org/r/88057 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idf1dad8f7fae8f9b5fd7bedad97b15b64f85776e Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits