[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add bstorm to shinken instance

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/405886 )

Change subject: cloud: add bstorm to shinken instance
..


cloud: add bstorm to shinken instance

Bug: T185493
Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 3d15b64..e982e80 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,bstorm,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,bstorm,chicocvenancio
 }
 
 define contactgroup {
@@ -52,5 +52,5 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members 
guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio
+members 
guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio,bstorm
 }
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 8dc99a8..98f167c 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -78,6 +78,13 @@
 }
 
 define contact {
+contact_namebstorm
+alias   bstorm
+email   bst...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namechicocvenancio
 alias   chicocvenancio
 email   fvenan...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/405886
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add bstorm to shinken instance

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/405886 )

Change subject: cloud: add bstorm to shinken instance
..

cloud: add bstorm to shinken instance

Bug: T185493
Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/86/405886/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 3d15b64..e982e80 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,bstorm,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,bstorm,chicocvenancio
 }
 
 define contactgroup {
@@ -52,5 +52,5 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members 
guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio
+members 
guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio,bstorm
 }
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 8dc99a8..98f167c 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -78,6 +78,13 @@
 }
 
 define contact {
+contact_namebstorm
+alias   bstorm
+email   bst...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namechicocvenancio
 alias   chicocvenancio
 email   fvenan...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/405886
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add aborrero to shinken contact groups

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/405885 )

Change subject: cloud: add aborrero to shinken contact groups
..


cloud: add aborrero to shinken contact groups

Bug: T178807
Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1
---
M modules/nagios_common/files/contactgroups-labs.cfg
1 file changed, 3 insertions(+), 3 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 1340a9b..3d15b64 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio
 }
 
 define contactgroup {
@@ -52,5 +52,5 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members 
guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio
+members 
guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/405885
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add aborrero to shinken contact groups

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/405885 )

Change subject: cloud: add aborrero to shinken contact groups
..

cloud: add aborrero to shinken contact groups

Bug: T178807
Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1
---
M modules/nagios_common/files/contactgroups-labs.cfg
1 file changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/85/405885/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 1340a9b..3d15b64 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio
 }
 
 define contactgroup {
@@ -52,5 +52,5 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members 
guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio
+members 
guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/405885
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: remove errant shinken line in contacts

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/405884 )

Change subject: cloud: remove errant shinken line in contacts
..


cloud: remove errant shinken line in contacts

Change-Id: I94be2073f6308aad280beffddcd801e02e14312c
---
M modules/nagios_common/files/contacts-labs.cfg
1 file changed, 0 insertions(+), 2 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 7b60651..8dc99a8 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -77,8 +77,6 @@
 service_notification_commands   notify-service-by-irc-ores
 }
 
-fvenan...@wikimedia.org
-
 define contact {
 contact_namechicocvenancio
 alias   chicocvenancio

-- 
To view, visit https://gerrit.wikimedia.org/r/405884
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I94be2073f6308aad280beffddcd801e02e14312c
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: remove errant shinken line in contacts

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/405884 )

Change subject: cloud: remove errant shinken line in contacts
..

cloud: remove errant shinken line in contacts

Change-Id: I94be2073f6308aad280beffddcd801e02e14312c
---
M modules/nagios_common/files/contacts-labs.cfg
1 file changed, 0 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/84/405884/1

diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 7b60651..8dc99a8 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -77,8 +77,6 @@
 service_notification_commands   notify-service-by-irc-ores
 }
 
-fvenan...@wikimedia.org
-
 define contact {
 contact_namechicocvenancio
 alias   chicocvenancio

-- 
To view, visit https://gerrit.wikimedia.org/r/405884
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I94be2073f6308aad280beffddcd801e02e14312c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "ircecho: Remove support for sysvinit script"

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/405882 )

Change subject: Revert "ircecho: Remove support for sysvinit script"
..


Revert "ircecho: Remove support for sysvinit script"

This reverts commit 218543a121f93c28e64c88ce6646be82a3f9a9c8.

This broke shinken-01.shinken.eqiad.wmflabs which is still Trusty and does 
monitoring for Tools, deployment-prep, etc

Change-Id: Icbc32180ee6e7418110d147413ebacdd8c306f43
---
M modules/ircecho/manifests/init.pp
A modules/ircecho/templates/initscripts/ircecho.sysvinit.erb
2 files changed, 145 insertions(+), 2 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/modules/ircecho/manifests/init.pp 
b/modules/ircecho/manifests/init.pp
index b0b225f..bd7e9d4 100644
--- a/modules/ircecho/manifests/init.pp
+++ b/modules/ircecho/manifests/init.pp
@@ -33,9 +33,10 @@
 notify  => Service['ircecho'],
 }
 
-systemd::service { 'ircecho':
+base::service_unit { 'ircecho':
 ensure => $ensure,
-content=> systemd_template('ircecho'),
+systemd=> systemd_template('ircecho'),
+sysvinit   => sysvinit_template('ircecho'),
 require=> File['/usr/local/bin/ircecho'],
 service_params => {
 hasrestart => true,
diff --git a/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb 
b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb
new file mode 100644
index 000..228834f
--- /dev/null
+++ b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb
@@ -0,0 +1,142 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:  irc-echoer
+# Required-Start:$remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop:  0 1 6
+# Short-Description: Input to IRC echoer
+# Description:   Input to IRC echoer
+### END INIT INFO
+
+# Author: Ryan Lane 
+#
+# Do NOT "set -e"
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Input to IRC echoer"
+DAEMON="/usr/local/bin/ircecho"
+USER="nobody"
+SCRIPTNAME="/etc/init.d/ircecho"
+NAME="ircecho"
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+   # Return
+   #   0 if daemon has been started
+   #   1 if daemon was already running
+   #   2 if daemon could not be started
+   start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet 
-c $USER --exec $DAEMON --test -- --infile=$INFILE $CHANS $NICK $SERVER > 
/dev/null \
+   || return 1
+   start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet 
-c $USER --exec $DAEMON -- --infile=$INFILE $CHANS $NICK $SERVER \
+   || return 2
+   # Add code here, if necessary, that waits for the process to be ready
+   # to handle requests from services started subsequently which depend
+   # on this one.  As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+   # Return
+   #   0 if daemon has been stopped
+   #   1 if daemon was already stopped
+   #   2 if daemon could not be stopped
+   #   other if a failure occurred
+   start-stop-daemon --stop --pidfile=/var/run/ircecho.pid --signal 9 
--quiet
+   RETVAL="$?"
+   [ "$RETVAL" = 2 ] && return 2
+   return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+   #
+   # If the daemon can reload its configuration without
+   # restarting (for example, when it is sent a SIGHUP),
+   # then implement that here.
+   #
+   do_stop
+   do_start
+   return 0
+}
+
+case "$1" in
+  start)
+   [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+   do_start
+   case "$?" in
+   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+   esac
+   ;;
+  stop)
+   [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+   do_stop
+   case "$?" in
+   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+   esac
+   ;;
+  status)
+   status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+   ;;
+  #reload|force-reload)
+   #
+   # If do_reload() is not implemented then leave this commented out
+   # and leave 'force-reload' as an alias for 'restart'.
+   #
+   #log_daemon_msg "Reloading $DESC" "$NAME"
+   

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "ircecho: Remove support for sysvinit script"

[Rush (Code Review)]

Hello Paladox, Alexandros Kosiaris, jenkins-bot, Dzahn,

I'd like you to do a code review.  Please visit

https://gerrit.wikimedia.org/r/405882

to review the following change.


Change subject: Revert "ircecho: Remove support for sysvinit script"
..

Revert "ircecho: Remove support for sysvinit script"

This reverts commit 218543a121f93c28e64c88ce6646be82a3f9a9c8.

This broke shinken-01.shinken.eqiad.wmflabs which is still Trusty and does 
monitoring for Tools, deployment-prep, etc

Change-Id: Icbc32180ee6e7418110d147413ebacdd8c306f43
---
M modules/ircecho/manifests/init.pp
A modules/ircecho/templates/initscripts/ircecho.sysvinit.erb
2 files changed, 145 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/82/405882/1

diff --git a/modules/ircecho/manifests/init.pp 
b/modules/ircecho/manifests/init.pp
index b0b225f..bd7e9d4 100644
--- a/modules/ircecho/manifests/init.pp
+++ b/modules/ircecho/manifests/init.pp
@@ -33,9 +33,10 @@
 notify  => Service['ircecho'],
 }
 
-systemd::service { 'ircecho':
+base::service_unit { 'ircecho':
 ensure => $ensure,
-content=> systemd_template('ircecho'),
+systemd=> systemd_template('ircecho'),
+sysvinit   => sysvinit_template('ircecho'),
 require=> File['/usr/local/bin/ircecho'],
 service_params => {
 hasrestart => true,
diff --git a/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb 
b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb
new file mode 100644
index 000..228834f
--- /dev/null
+++ b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb
@@ -0,0 +1,142 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:  irc-echoer
+# Required-Start:$remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop:  0 1 6
+# Short-Description: Input to IRC echoer
+# Description:   Input to IRC echoer
+### END INIT INFO
+
+# Author: Ryan Lane 
+#
+# Do NOT "set -e"
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Input to IRC echoer"
+DAEMON="/usr/local/bin/ircecho"
+USER="nobody"
+SCRIPTNAME="/etc/init.d/ircecho"
+NAME="ircecho"
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+   # Return
+   #   0 if daemon has been started
+   #   1 if daemon was already running
+   #   2 if daemon could not be started
+   start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet 
-c $USER --exec $DAEMON --test -- --infile=$INFILE $CHANS $NICK $SERVER > 
/dev/null \
+   || return 1
+   start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet 
-c $USER --exec $DAEMON -- --infile=$INFILE $CHANS $NICK $SERVER \
+   || return 2
+   # Add code here, if necessary, that waits for the process to be ready
+   # to handle requests from services started subsequently which depend
+   # on this one.  As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+   # Return
+   #   0 if daemon has been stopped
+   #   1 if daemon was already stopped
+   #   2 if daemon could not be stopped
+   #   other if a failure occurred
+   start-stop-daemon --stop --pidfile=/var/run/ircecho.pid --signal 9 
--quiet
+   RETVAL="$?"
+   [ "$RETVAL" = 2 ] && return 2
+   return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+   #
+   # If the daemon can reload its configuration without
+   # restarting (for example, when it is sent a SIGHUP),
+   # then implement that here.
+   #
+   do_stop
+   do_start
+   return 0
+}
+
+case "$1" in
+  start)
+   [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+   do_start
+   case "$?" in
+   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+   esac
+   ;;
+  stop)
+   [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+   do_stop
+   case "$?" in
+   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+   esac
+   ;;
+  status)
+   status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+   ;;
+  #reload|force-reload)
+   #
+   # If do_reload() is not implemented then leave this commented out
+   # 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add chicocvenancio to shinken

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/405880 )

Change subject: cloud: add chicocvenancio to shinken
..


cloud: add chicocvenancio to shinken

Bug: T185273
Change-Id: I471a70aec6bbde321474461384c16f397878db27
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 12 insertions(+), 3 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index c02377d..1340a9b 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio
 }
 
 define contactgroup {
@@ -52,5 +52,5 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,chasemp,madhuvishy,bd808,andrewbogott
+members 
guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio
 }
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index a8bf301..7b60651 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -77,6 +77,15 @@
 service_notification_commands   notify-service-by-irc-ores
 }
 
+fvenan...@wikimedia.org
+
+define contact {
+contact_namechicocvenancio
+alias   chicocvenancio
+email   fvenan...@wikimedia.org
+use generic-contact
+}
+
 define contact {
 contact_nameaborrero
 alias   Arturo Borrero

-- 
To view, visit https://gerrit.wikimedia.org/r/405880
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I471a70aec6bbde321474461384c16f397878db27
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add chicocvenancio to shinken

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/405880 )

Change subject: cloud: add chicocvenancio to shinken
..

cloud: add chicocvenancio to shinken

Bug: T185273
Change-Id: I471a70aec6bbde321474461384c16f397878db27
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 12 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/80/405880/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index c02377d..1340a9b 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio
 }
 
 define contactgroup {
@@ -52,5 +52,5 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,chasemp,madhuvishy,bd808,andrewbogott
+members 
guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio
 }
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index a8bf301..7b60651 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -77,6 +77,15 @@
 service_notification_commands   notify-service-by-irc-ores
 }
 
+fvenan...@wikimedia.org
+
+define contact {
+contact_namechicocvenancio
+alias   chicocvenancio
+email   fvenan...@wikimedia.org
+use generic-contact
+}
+
 define contact {
 contact_nameaborrero
 alias   Arturo Borrero

-- 
To view, visit https://gerrit.wikimedia.org/r/405880
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I471a70aec6bbde321474461384c16f397878db27
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova-network and neutron nova::common split

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/405366 )

Change subject: openstack: nova-network and neutron nova::common split
..

openstack: nova-network and neutron nova::common split

These two paths will not coexist in the same deployment,
and will not exist side by side long term so I am splitting
the configuration rather than mix them with template logic
or other logic branching for the same manifests.

Bug: T171494
Change-Id: Iba0aecdfaa1e35c24dbc13a27d0459ce570abe3b
---
C modules/openstack/manifests/nova/common/neutron.pp
R modules/openstack/manifests/nova/common/nova_network.pp
A modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb
A modules/openstack/templates/liberty/nova/common/neutron/nova.conf.erb
R modules/openstack/templates/liberty/nova/common/nova_network/api-paste.ini.erb
R modules/openstack/templates/liberty/nova/common/nova_network/nova.conf.erb
A modules/profile/manifests/openstack/base/nova/common/neutron.pp
R modules/profile/manifests/openstack/base/nova/common/nova_network.pp
M modules/profile/manifests/openstack/labtest/nova/common.pp
M modules/profile/manifests/openstack/labtestn/nova/common.pp
M modules/profile/manifests/openstack/main/nova/common.pp
M modules/role/manifests/wmcs/openstack/labtestn/control.pp
12 files changed, 190 insertions(+), 84 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/66/405366/1

diff --git a/modules/openstack/manifests/nova/common.pp 
b/modules/openstack/manifests/nova/common/neutron.pp
similarity index 69%
copy from modules/openstack/manifests/nova/common.pp
copy to modules/openstack/manifests/nova/common/neutron.pp
index affa993..46073b1 100644
--- a/modules/openstack/manifests/nova/common.pp
+++ b/modules/openstack/manifests/nova/common/neutron.pp
@@ -1,36 +1,6 @@
-class openstack::nova::common(
+class openstack::nova::common::neutron(
 $version,
-$nova_controller,
-$nova_api_host,
-$nova_api_host_ip,
-$dmz_cidr,
-$dhcp_domain,
-$quota_floating_ips,
-$dhcp_start,
-$network_flat_interface,
-$flat_network_bridge,
-$fixed_range,
-$network_public_interface,
-$network_public_ip,
-$zone,
-$scheduler_pool,
-$db_user,
-$db_pass,
-$db_host,
-$db_name,
-$ldap_user_pass,
-$libvirt_type,
-$live_migration_uri,
-$glance_host,
-$rabbit_user,
-$rabbit_host,
-$rabbit_pass,
-$spice_hostname,
-$keystone_auth_uri,
-$keystone_admin_uri,
 ) {
-
-$nova_controller_ip = ipresolve($nova_controller,4)
 
 $packages = [
 'unzip',
@@ -63,13 +33,13 @@
 
 file {
 '/etc/nova/nova.conf':
-content => 
template("openstack/${version}/nova/common/nova.conf.erb"),
+content => 
template("openstack/${version}/nova/common/neutron/nova.conf.erb"),
 owner   => 'nova',
 group   => 'nogroup',
 mode=> '0440',
 require => Package['nova-common'];
 '/etc/nova/api-paste.ini':
-content => 
template("openstack/${version}/nova/common/api-paste.ini.erb"),
+content => 
template("openstack/${version}/nova/common/neutron/api-paste.ini.erb"),
 owner   => 'nova',
 group   => 'nogroup',
 mode=> '0440',
diff --git a/modules/openstack/manifests/nova/common.pp 
b/modules/openstack/manifests/nova/common/nova_network.pp
similarity index 94%
rename from modules/openstack/manifests/nova/common.pp
rename to modules/openstack/manifests/nova/common/nova_network.pp
index affa993..fc1bf28 100644
--- a/modules/openstack/manifests/nova/common.pp
+++ b/modules/openstack/manifests/nova/common/nova_network.pp
@@ -1,4 +1,4 @@
-class openstack::nova::common(
+class openstack::nova::common::nova_network(
 $version,
 $nova_controller,
 $nova_api_host,
@@ -63,13 +63,13 @@
 
 file {
 '/etc/nova/nova.conf':
-content => 
template("openstack/${version}/nova/common/nova.conf.erb"),
+content => 
template("openstack/${version}/nova/common/nova_network/nova.conf.erb"),
 owner   => 'nova',
 group   => 'nogroup',
 mode=> '0440',
 require => Package['nova-common'];
 '/etc/nova/api-paste.ini':
-content => 
template("openstack/${version}/nova/common/api-paste.ini.erb"),
+content => 
template("openstack/${version}/nova/common/nova_network/api-paste.ini.erb"),
 owner   => 'nova',
 group   => 'nogroup',
 mode=> '0440',
diff --git 
a/modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb 
b/modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb
new file mode 100644
index 000..80e09dc
--- /dev/null
+++ b/modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb
@@ -0,0 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: icinga: add aborrero to sms group

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/404751 )

Change subject: icinga: add aborrero to sms group
..


icinga: add aborrero to sms group

Bug: T178807
Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5
---
M modules/nagios_common/files/contactgroups.cfg
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified
  Dzahn: Looks good to me, but someone else must approve



diff --git a/modules/nagios_common/files/contactgroups.cfg 
b/modules/nagios_common/files/contactgroups.cfg
index 7b861f6..efb4ee4 100644
--- a/modules/nagios_common/files/contactgroups.cfg
+++ b/modules/nagios_common/files/contactgroups.cfg
@@ -46,7 +46,7 @@
 
 define contactgroup {
 contactgroup_name   sms
-members 
akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron
+members 
akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron,aborrero
 }
 
 define contactgroup {

-- 
To view, visit https://gerrit.wikimedia.org/r/404751
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Arturo Borrero Gonzalez 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: icinga: add aborrero to sms group

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/404751 )

Change subject: icinga: add aborrero to sms group
..

icinga: add aborrero to sms group

Bug: T178807
Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5
---
M modules/nagios_common/files/contactgroups.cfg
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/51/404751/1

diff --git a/modules/nagios_common/files/contactgroups.cfg 
b/modules/nagios_common/files/contactgroups.cfg
index 7b861f6..efb4ee4 100644
--- a/modules/nagios_common/files/contactgroups.cfg
+++ b/modules/nagios_common/files/contactgroups.cfg
@@ -46,7 +46,7 @@
 
 define contactgroup {
 contactgroup_name   sms
-members 
akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron
+members 
akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron,aborrero
 }
 
 define contactgroup {

-- 
To view, visit https://gerrit.wikimedia.org/r/404751
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: labvirt settle on meltdown kernel

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/404588 )

Change subject: cloud: labvirt settle on meltdown kernel
..

cloud: labvirt settle on meltdown kernel

Bug: T184189
Change-Id: I8da97b71a88788eff8e107c8875baba9c511ca33
---
M modules/openstack/manifests/nova/compute/audit.pp
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/88/404588/1

diff --git a/modules/openstack/manifests/nova/compute/audit.pp 
b/modules/openstack/manifests/nova/compute/audit.pp
index e9ccb94..7e632c6 100644
--- a/modules/openstack/manifests/nova/compute/audit.pp
+++ b/modules/openstack/manifests/nova/compute/audit.pp
@@ -6,7 +6,7 @@
 # Virtio has shown to be non-determinstic on certain host:client kernel
 # version matchups (IO freezing)
 class openstack::nova::compute::audit(
-$whitelist_kernels=['4.4.0-81-generic', '4.4.0-109-generic'],
+$whitelist_kernels=['4.4.0-109-generic'],
 ) {
 
 if os_version('ubuntu >= trusty') {

-- 
To view, visit https://gerrit.wikimedia.org/r/404588
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8da97b71a88788eff8e107c8875baba9c511ca33
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: add arturo to existing shinken

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/404446 )

Change subject: tools: add arturo to existing shinken
..


tools: add arturo to existing shinken

Bug: T178807
Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518
---
M modules/nagios_common/files/contacts-labs.cfg
1 file changed, 7 insertions(+), 0 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 13d45f9..a8bf301 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -78,6 +78,13 @@
 }
 
 define contact {
+contact_nameaborrero
+alias   Arturo Borrero
+email   aborr...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namechasemp
 alias   Chase Pettet
 email   cpet...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/404446
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: add arturo to existing shinken

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/404446 )

Change subject: tools: add arturo to existing shinken
..

tools: add arturo to existing shinken

Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518
Bugs: T178807
---
M modules/nagios_common/files/contacts-labs.cfg
1 file changed, 7 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/46/404446/1

diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 13d45f9..a8bf301 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -78,6 +78,13 @@
 }
 
 define contact {
+contact_nameaborrero
+alias   Arturo Borrero
+email   aborr...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namechasemp
 alias   Chase Pettet
 email   cpet...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/404446
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: rm source from /usr/local/sbin/ferm_restart_handler

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/403411 )

Change subject: tools: rm source from /usr/local/sbin/ferm_restart_handler
..


tools: rm source from /usr/local/sbin/ferm_restart_handler

Otherwise it tries to eval even before in either absent or
present context and errors.

Change-Id: I31191600558b62eeda30614243e08914ec7f6998
---
M modules/toollabs/manifests/ferm_handlers.pp
1 file changed, 1 insertion(+), 5 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/toollabs/manifests/ferm_handlers.pp 
b/modules/toollabs/manifests/ferm_handlers.pp
index 21bca72..bb42bba 100644
--- a/modules/toollabs/manifests/ferm_handlers.pp
+++ b/modules/toollabs/manifests/ferm_handlers.pp
@@ -7,10 +7,6 @@
 
 file {'/usr/local/sbin/ferm_restart_handler':
 ensure => 'absent',
-source => 'puppet:///modules/toollabs/ferm_restart_handler.sh',
-owner  => 'root',
-group  => 'root',
-mode   => '0555',
 }
 
 file {'/usr/local/sbin/ferm_pre_handler':
@@ -29,7 +25,7 @@
 
 ferm::conf{'ferm_pre_handler':
 prio  => '00',
-content   => '@hook post "/usr/local/sbin/ferm_pre_handler";',
+content   => '@hook pre "/usr/local/sbin/ferm_pre_handler";',
 subscribe => File['/usr/local/sbin/ferm_pre_handler'],
 }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/403411
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I31191600558b62eeda30614243e08914ec7f6998
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: BryanDavis 
Gerrit-Reviewer: Merlijn van Deen 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: rm source from /usr/local/sbin/ferm_restart_handler

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/403411 )

Change subject: tools: rm source from /usr/local/sbin/ferm_restart_handler
..

tools: rm source from /usr/local/sbin/ferm_restart_handler

Otherwise it tries to eval even before in either absent or
present context and errors.

Change-Id: I31191600558b62eeda30614243e08914ec7f6998
---
M modules/toollabs/manifests/ferm_handlers.pp
1 file changed, 0 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/11/403411/1

diff --git a/modules/toollabs/manifests/ferm_handlers.pp 
b/modules/toollabs/manifests/ferm_handlers.pp
index 21bca72..dc396c2 100644
--- a/modules/toollabs/manifests/ferm_handlers.pp
+++ b/modules/toollabs/manifests/ferm_handlers.pp
@@ -7,10 +7,6 @@
 
 file {'/usr/local/sbin/ferm_restart_handler':
 ensure => 'absent',
-source => 'puppet:///modules/toollabs/ferm_restart_handler.sh',
-owner  => 'root',
-group  => 'root',
-mode   => '0555',
 }
 
 file {'/usr/local/sbin/ferm_pre_handler':

-- 
To view, visit https://gerrit.wikimedia.org/r/403411
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I31191600558b62eeda30614243e08914ec7f6998
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm pre hook to stop kube-proxy

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/403308 )

Change subject: tools: ferm pre hook to stop kube-proxy
..


tools: ferm pre hook to stop kube-proxy

There is a dangerous race condition here between
kube-proxy and ferm.  The only sane thing to do is
have one updating at a time.  This needs to be
revisited and reworked.

Bug: T182722
Change-Id: Icca8d25948451b31e3c0781c67906e93281939fa
---
M modules/role/manifests/toollabs/k8s/worker.pp
M modules/role/manifests/toollabs/proxy.pp
R modules/toollabs/files/ferm_post_handler.sh
A modules/toollabs/files/ferm_pre_handler.sh
A modules/toollabs/manifests/ferm_handlers.pp
D modules/toollabs/manifests/ferm_restart_handler.pp
6 files changed, 55 insertions(+), 23 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/role/manifests/toollabs/k8s/worker.pp 
b/modules/role/manifests/toollabs/k8s/worker.pp
index 928d82a..dd88f04 100644
--- a/modules/role/manifests/toollabs/k8s/worker.pp
+++ b/modules/role/manifests/toollabs/k8s/worker.pp
@@ -2,7 +2,7 @@
 class role::toollabs::k8s::worker {
 include ::toollabs::infrastructure
 include ::base::firewall
-include ::toollabs::ferm_restart_handler
+include ::toollabs::ferm_handlers
 
 $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), 
':2379'), 'https://'), ',')
 
diff --git a/modules/role/manifests/toollabs/proxy.pp 
b/modules/role/manifests/toollabs/proxy.pp
index c82cfef..4490ab9 100644
--- a/modules/role/manifests/toollabs/proxy.pp
+++ b/modules/role/manifests/toollabs/proxy.pp
@@ -3,7 +3,7 @@
 include ::toollabs::proxy
 include ::role::toollabs::k8s::webproxy
 include ::base::firewall
-include ::toollabs::ferm_restart_handler
+include ::toollabs::ferm_handlers
 
 ferm::service { 'proxymanager':
 proto  => 'tcp',
diff --git a/modules/toollabs/files/ferm_restart_handler.sh 
b/modules/toollabs/files/ferm_post_handler.sh
similarity index 97%
rename from modules/toollabs/files/ferm_restart_handler.sh
rename to modules/toollabs/files/ferm_post_handler.sh
index 692219d..e324bf4 100644
--- a/modules/toollabs/files/ferm_restart_handler.sh
+++ b/modules/toollabs/files/ferm_post_handler.sh
@@ -1,4 +1,4 @@
-#/bin/bash
+#!/bin/bash
 
 /usr/bin/logger -i -t ${0} "restart firewall components post ferm management"
 
diff --git a/modules/toollabs/files/ferm_pre_handler.sh 
b/modules/toollabs/files/ferm_pre_handler.sh
new file mode 100644
index 000..0a3301a
--- /dev/null
+++ b/modules/toollabs/files/ferm_pre_handler.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# https://kubernetes.io/docs/reference/generated/kube-proxy/
+# kube-proxy does its own competing state dump and restore
+# we stop kube-proxy here for the duration.
+# Ferm seems to handle these pre-hooks intelligently in that
+# a bad config or an unresolvable host in a rule is checked
+# before any prehooks.  In that case Ferm itself will stop
+# but kube-proxy will never be touched.
+/usr/bin/logger -i -t ${0} "stop kube-proxy"
+service kube-proxy stop
diff --git a/modules/toollabs/manifests/ferm_handlers.pp 
b/modules/toollabs/manifests/ferm_handlers.pp
new file mode 100644
index 000..21bca72
--- /dev/null
+++ b/modules/toollabs/manifests/ferm_handlers.pp
@@ -0,0 +1,41 @@
+# tldr; hook post ferm updates to let other interested
+#   parties resync their iptables state.
+# See: T182722
+# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks
+
+class toollabs::ferm_handlers{
+
+file {'/usr/local/sbin/ferm_restart_handler':
+ensure => 'absent',
+source => 'puppet:///modules/toollabs/ferm_restart_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+file {'/usr/local/sbin/ferm_pre_handler':
+source => 'puppet:///modules/toollabs/ferm_pre_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+file {'/usr/local/sbin/ferm_post_handler':
+source => 'puppet:///modules/toollabs/ferm_post_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+ferm::conf{'ferm_pre_handler':
+prio  => '00',
+content   => '@hook post "/usr/local/sbin/ferm_pre_handler";',
+subscribe => File['/usr/local/sbin/ferm_pre_handler'],
+}
+
+ferm::conf{'ferm_post_handler':
+prio  => '00',
+content   => '@hook post "/usr/local/sbin/ferm_post_handler";',
+subscribe => File['/usr/local/sbin/ferm_post_handler'],
+}
+}
diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp 
b/modules/toollabs/manifests/ferm_restart_handler.pp
deleted file mode 100644
index 58a4437..000
--- a/modules/toollabs/manifests/ferm_restart_handler.pp
+++ /dev/null
@@ -1,20 +0,0 @@
-# tldr; hook post ferm updates to let other interested

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm pre hook to stop kube-proxy

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/403308 )

Change subject: tools: ferm pre hook to stop kube-proxy
..

tools: ferm pre hook to stop kube-proxy

There is a dangerous race condition here between
kube-proxy and ferm.  The only sane thing to do is
have one updating at a time.  This needs to be
revisited and reworked.

Bug: T182722
Change-Id: Icca8d25948451b31e3c0781c67906e93281939fa
---
M modules/role/manifests/toollabs/k8s/worker.pp
M modules/role/manifests/toollabs/proxy.pp
R modules/toollabs/files/ferm_post_handler.sh
A modules/toollabs/files/ferm_pre_handler.sh
A modules/toollabs/manifests/ferm_handlers.pp
D modules/toollabs/manifests/ferm_restart_handler.pp
6 files changed, 55 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/08/403308/1

diff --git a/modules/role/manifests/toollabs/k8s/worker.pp 
b/modules/role/manifests/toollabs/k8s/worker.pp
index 928d82a..dd88f04 100644
--- a/modules/role/manifests/toollabs/k8s/worker.pp
+++ b/modules/role/manifests/toollabs/k8s/worker.pp
@@ -2,7 +2,7 @@
 class role::toollabs::k8s::worker {
 include ::toollabs::infrastructure
 include ::base::firewall
-include ::toollabs::ferm_restart_handler
+include ::toollabs::ferm_handlers
 
 $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), 
':2379'), 'https://'), ',')
 
diff --git a/modules/role/manifests/toollabs/proxy.pp 
b/modules/role/manifests/toollabs/proxy.pp
index c82cfef..4490ab9 100644
--- a/modules/role/manifests/toollabs/proxy.pp
+++ b/modules/role/manifests/toollabs/proxy.pp
@@ -3,7 +3,7 @@
 include ::toollabs::proxy
 include ::role::toollabs::k8s::webproxy
 include ::base::firewall
-include ::toollabs::ferm_restart_handler
+include ::toollabs::ferm_handlers
 
 ferm::service { 'proxymanager':
 proto  => 'tcp',
diff --git a/modules/toollabs/files/ferm_restart_handler.sh 
b/modules/toollabs/files/ferm_post_handler.sh
similarity index 97%
rename from modules/toollabs/files/ferm_restart_handler.sh
rename to modules/toollabs/files/ferm_post_handler.sh
index 692219d..e324bf4 100644
--- a/modules/toollabs/files/ferm_restart_handler.sh
+++ b/modules/toollabs/files/ferm_post_handler.sh
@@ -1,4 +1,4 @@
-#/bin/bash
+#!/bin/bash
 
 /usr/bin/logger -i -t ${0} "restart firewall components post ferm management"
 
diff --git a/modules/toollabs/files/ferm_pre_handler.sh 
b/modules/toollabs/files/ferm_pre_handler.sh
new file mode 100644
index 000..0a3301a
--- /dev/null
+++ b/modules/toollabs/files/ferm_pre_handler.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# https://kubernetes.io/docs/reference/generated/kube-proxy/
+# kube-proxy does its own competing state dump and restore
+# we stop kube-proxy here for the duration.
+# Ferm seems to handle these pre-hooks intelligently in that
+# a bad config or an unresolvable host in a rule is checked
+# before any prehooks.  In that case Ferm itself will stop
+# but kube-proxy will never be touched.
+/usr/bin/logger -i -t ${0} "stop kube-proxy"
+service kube-proxy stop
diff --git a/modules/toollabs/manifests/ferm_handlers.pp 
b/modules/toollabs/manifests/ferm_handlers.pp
new file mode 100644
index 000..a8c789a
--- /dev/null
+++ b/modules/toollabs/manifests/ferm_handlers.pp
@@ -0,0 +1,41 @@
+# tldr; hook post ferm updates to let other interested
+#   parties resync their iptables state.
+# See: T182722
+# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks
+
+class toollabs::ferm_handlers{
+
+file {'/usr/local/sbin/ferm_restart_handler':
+ensure => 'absent',
+source => 'puppet:///modules/toollabs/ferm_restart_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+file {'/usr/local/sbin/ferm_pre_handler':
+source => 'puppet:///modules/toollabs/ferm_pre_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+file {'/usr/local/sbin/ferm_post_handler':
+source => 'puppet:///modules/toollabs/ferm_post_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+ferm::conf{'ferm_pre_handler':
+prio  => 00,
+content   => '@hook post "/usr/local/sbin/ferm_pre_handler";',
+subscribe => File['/usr/local/sbin/ferm_pre_handler'],
+}
+
+ferm::conf{'ferm_post_handler':
+prio  => 00,
+content   => '@hook post "/usr/local/sbin/ferm_post_handler";',
+subscribe => File['/usr/local/sbin/ferm_post_handler'],
+}
+}
diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp 
b/modules/toollabs/manifests/ferm_restart_handler.pp
deleted file mode 100644
index 58a4437..000
--- a/modules/toollabs/manifests/ferm_restart_handler.pp
+++ /dev/null
@@ -1,20 +0,0 @@
-# tldr; hook post ferm updates to let other 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm handler updates

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/403231 )

Change subject: tools: ferm handler updates
..


tools: ferm handler updates

* Apply to workers and exclude master for now
* Remove user check handling as it's causing syntax issues in
  the context of ferm for not by user. Investigating.
* consolidate on base::fireall for now for proxy and workers

Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668
---
M modules/role/manifests/toollabs/k8s/master.pp
M modules/role/manifests/toollabs/k8s/worker.pp
M modules/toollabs/files/ferm_restart_handler.sh
3 files changed, 2 insertions(+), 8 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/modules/role/manifests/toollabs/k8s/master.pp 
b/modules/role/manifests/toollabs/k8s/master.pp
index 1c0d78c..7fd1e35 100644
--- a/modules/role/manifests/toollabs/k8s/master.pp
+++ b/modules/role/manifests/toollabs/k8s/master.pp
@@ -4,7 +4,6 @@
 ) {
 include ::toollabs::infrastructure
 include ::base::firewall
-include ::toollabs::ferm_restart_handler
 
 $master_host = hiera('k8s::master_host', $::fqdn)
 $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://')
diff --git a/modules/role/manifests/toollabs/k8s/worker.pp 
b/modules/role/manifests/toollabs/k8s/worker.pp
index 76f34fb..928d82a 100644
--- a/modules/role/manifests/toollabs/k8s/worker.pp
+++ b/modules/role/manifests/toollabs/k8s/worker.pp
@@ -1,6 +1,8 @@
 # filtertags: labs-project-tools
 class role::toollabs::k8s::worker {
 include ::toollabs::infrastructure
+include ::base::firewall
+include ::toollabs::ferm_restart_handler
 
 $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), 
':2379'), 'https://'), ',')
 
@@ -71,6 +73,4 @@
 ferm::rule {'rest-of-everything':
 rule => 'saddr 10.0.0.0/8 proto tcp dport (1:8472 8473:10249 
10251:10254 10256:65535) ACCEPT;'
 }
-
-include profile::base::firewall
 }
diff --git a/modules/toollabs/files/ferm_restart_handler.sh 
b/modules/toollabs/files/ferm_restart_handler.sh
index 5581387..692219d 100644
--- a/modules/toollabs/files/ferm_restart_handler.sh
+++ b/modules/toollabs/files/ferm_restart_handler.sh
@@ -1,10 +1,5 @@
 #/bin/bash
 
-if [[ $EUID -ne 0 ]]; then
-   echo "This script must be run as root" 1>&2
-   exit 1
-fi
-
 /usr/bin/logger -i -t ${0} "restart firewall components post ferm management"
 
 # Ferm expects to handle all firewall state

-- 
To view, visit https://gerrit.wikimedia.org/r/403231
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm handler updates

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/403231 )

Change subject: tools: ferm handler updates
..

tools: ferm handler updates

* Apply to workers and exclude master for now
* Remove user check handling as it's causing syntax issues in
  the context of ferm for not by user. Investigating.
* consolidate on base::fireall for now for proxy and workers

Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668
---
M modules/role/manifests/toollabs/k8s/master.pp
M modules/role/manifests/toollabs/k8s/worker.pp
M modules/toollabs/files/ferm_restart_handler.sh
3 files changed, 2 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/31/403231/1

diff --git a/modules/role/manifests/toollabs/k8s/master.pp 
b/modules/role/manifests/toollabs/k8s/master.pp
index 1c0d78c..7fd1e35 100644
--- a/modules/role/manifests/toollabs/k8s/master.pp
+++ b/modules/role/manifests/toollabs/k8s/master.pp
@@ -4,7 +4,6 @@
 ) {
 include ::toollabs::infrastructure
 include ::base::firewall
-include ::toollabs::ferm_restart_handler
 
 $master_host = hiera('k8s::master_host', $::fqdn)
 $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://')
diff --git a/modules/role/manifests/toollabs/k8s/worker.pp 
b/modules/role/manifests/toollabs/k8s/worker.pp
index 76f34fb..928d82a 100644
--- a/modules/role/manifests/toollabs/k8s/worker.pp
+++ b/modules/role/manifests/toollabs/k8s/worker.pp
@@ -1,6 +1,8 @@
 # filtertags: labs-project-tools
 class role::toollabs::k8s::worker {
 include ::toollabs::infrastructure
+include ::base::firewall
+include ::toollabs::ferm_restart_handler
 
 $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), 
':2379'), 'https://'), ',')
 
@@ -71,6 +73,4 @@
 ferm::rule {'rest-of-everything':
 rule => 'saddr 10.0.0.0/8 proto tcp dport (1:8472 8473:10249 
10251:10254 10256:65535) ACCEPT;'
 }
-
-include profile::base::firewall
 }
diff --git a/modules/toollabs/files/ferm_restart_handler.sh 
b/modules/toollabs/files/ferm_restart_handler.sh
index 5581387..692219d 100644
--- a/modules/toollabs/files/ferm_restart_handler.sh
+++ b/modules/toollabs/files/ferm_restart_handler.sh
@@ -1,10 +1,5 @@
 #/bin/bash
 
-if [[ $EUID -ne 0 ]]; then
-   echo "This script must be run as root" 1>&2
-   exit 1
-fi
-
 /usr/bin/logger -i -t ${0} "restart firewall components post ferm management"
 
 # Ferm expects to handle all firewall state

-- 
To view, visit https://gerrit.wikimedia.org/r/403231
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: toolforge: ferm hook to restart components post updates

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/403072 )

Change subject: toolforge: ferm hook to restart components post updates
..


toolforge: ferm hook to restart components post updates

http://ferm.foo-projects.org/download/2.1/ferm.html#hooks

* Ferm is not playing nice with other iptables tenants
* Tested an /etc/ferm/conf.d/00_hooks to see it run external
  scripts in what seems like a totally post updates state.  This
  hopefully allows kube-proxy, flannel, and docker to deal with
  Ferm stomping all around.

This is a midterm fix where other options are being explored
in the context of the task.  Right now any update to Ferm, even
a definition MAC, results in an outage for k8s in Toolforge.

Note - the task includes restarting kubelet in the service handling
post ferm update to mitigate.  This seems not to be necessary
so is excluded to reduce to necessary scope.

Bug: T182722
Change-Id: I5c700a2c8bce6050e8cb761450d3716a6b3f33c9
---
M modules/role/manifests/toollabs/k8s/master.pp
M modules/role/manifests/toollabs/proxy.pp
A modules/toollabs/files/ferm_restart_handler.sh
A modules/toollabs/manifests/ferm_restart_handler.pp
M modules/toollabs/manifests/proxy.pp
5 files changed, 45 insertions(+), 2 deletions(-)

Approvals:
  Arturo Borrero Gonzalez: Looks good to me, but someone else must approve
  Rush: Verified; Looks good to me, approved



diff --git a/modules/role/manifests/toollabs/k8s/master.pp 
b/modules/role/manifests/toollabs/k8s/master.pp
index 81647b4..1c0d78c 100644
--- a/modules/role/manifests/toollabs/k8s/master.pp
+++ b/modules/role/manifests/toollabs/k8s/master.pp
@@ -2,8 +2,9 @@
 class role::toollabs::k8s::master(
 $use_puppet_certs = false,
 ) {
-include ::base::firewall
 include ::toollabs::infrastructure
+include ::base::firewall
+include ::toollabs::ferm_restart_handler
 
 $master_host = hiera('k8s::master_host', $::fqdn)
 $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://')
diff --git a/modules/role/manifests/toollabs/proxy.pp 
b/modules/role/manifests/toollabs/proxy.pp
index be70d49..c82cfef 100644
--- a/modules/role/manifests/toollabs/proxy.pp
+++ b/modules/role/manifests/toollabs/proxy.pp
@@ -2,6 +2,8 @@
 class role::toollabs::proxy {
 include ::toollabs::proxy
 include ::role::toollabs::k8s::webproxy
+include ::base::firewall
+include ::toollabs::ferm_restart_handler
 
 ferm::service { 'proxymanager':
 proto  => 'tcp',
diff --git a/modules/toollabs/files/ferm_restart_handler.sh 
b/modules/toollabs/files/ferm_restart_handler.sh
new file mode 100644
index 000..5581387
--- /dev/null
+++ b/modules/toollabs/files/ferm_restart_handler.sh
@@ -0,0 +1,21 @@
+#/bin/bash
+
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+/usr/bin/logger -i -t ${0} "restart firewall components post ferm management"
+
+# Ferm expects to handle all firewall state
+# and that does not mesh well with dynamic chain management.
+# We tell the k8s stack here to restart
+#
+# This should be no more invasive than a rescheduling
+# of a POD to another worker.
+#
+# If we are living in an nftables world when you read
+# this, then this should be totally rethought.
+service docker restart
+service flannel restart
+service kube-proxy restart
diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp 
b/modules/toollabs/manifests/ferm_restart_handler.pp
new file mode 100644
index 000..58a4437
--- /dev/null
+++ b/modules/toollabs/manifests/ferm_restart_handler.pp
@@ -0,0 +1,20 @@
+# tldr; hook post ferm updates to let other interested
+#   parties resync their iptables state.
+# See: T182722
+class toollabs::ferm_restart_handler{
+
+file {'/usr/local/sbin/ferm_restart_handler':
+source => 'puppet:///modules/toollabs/ferm_restart_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks
+# https://phabricator.wikimedia.org/T182722
+ferm::conf{'ferm_restart_handler':
+prio  => 00,
+content   => '@hook post "/usr/local/sbin/ferm_restart_handler";',
+subscribe => File['/usr/local/sbin/ferm_restart_handler'],
+}
+}
diff --git a/modules/toollabs/manifests/proxy.pp 
b/modules/toollabs/manifests/proxy.pp
index 63953dd..9befba2 100644
--- a/modules/toollabs/manifests/proxy.pp
+++ b/modules/toollabs/manifests/proxy.pp
@@ -9,7 +9,6 @@
 
 include ::toollabs::infrastructure
 include ::redis::client::python
-include ::base::firewall
 
 if $ssl_install_certificate {
 sslcert::certificate { $ssl_certificate_name:

-- 
To view, visit https://gerrit.wikimedia.org/r/403072
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: wip: rabbitmq: handling users and initial setup

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/403202 )

Change subject: wip: rabbitmq: handling users and initial setup
..

wip: rabbitmq: handling users and initial setup

A few inconsistencies and issues across our stuff:

* labtestcontrol2001 did not have the management
  plugin enabled which made the cleanup cron invalid
* the queuecleanup script did not handle a queue
  not being present yet and they are created dynamically
  (this is not by necessarily an errant state)
* queuecleanup script had hard coded credentials
* There has been no way to manage rabbitmq users and
  this has largely been done adhoc and outside of
  Puppets purview resulting in inconsistencies
* Rabbitmq can run on the non-primary control node
  and really needs to in order to manage rabbit
  internals as rabbit has a local user database
  and settings.
* guest account had been left in use on installs
* header docs for rabbit/init.pp were confusing

Change-Id: I1870faa07e49603bd7eff9f38cc1202519aeb467
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
M modules/rabbitmq/files/drain_queue
A modules/rabbitmq/files/rabbit_random_guest.sh
M modules/rabbitmq/manifests/cleanup.pp
M modules/rabbitmq/manifests/init.pp
A modules/rabbitmq/manifests/user.pp
6 files changed, 142 insertions(+), 27 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/02/403202/1

diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index efd0127..ffececf 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -10,7 +10,6 @@
 ){
 
 class { '::rabbitmq':
-running  => $::fqdn == $nova_controller,
 file_handles => $file_handles,
 }
 contain '::rabbitmq'
diff --git a/modules/rabbitmq/files/drain_queue 
b/modules/rabbitmq/files/drain_queue
index bd14e4e..4b98dbf 100644
--- a/modules/rabbitmq/files/drain_queue
+++ b/modules/rabbitmq/files/drain_queue
@@ -28,17 +28,21 @@
 import urllib.parse
 
 
+def eprint(*args, **kwargs):
+print(*args, file=sys.stderr, **kwargs)
+
 def die(s):
-print('*** {}'.format(s), file=sys.stderr)
+eprint('*** {}'.format(s))
 exit(1)
 
-
-def http_req(verb, path, body=None):
+def http_req(username, password, verb, path, body=None):
 path = '/api%s' % path
 conn = http.client.HTTPConnection('localhost', 15672)
+credentials = '{}:{}'.format(username, password)
+b = credentials.encode()
 headers = {
 'Authorization': 'Basic {}'.format(
-base64.b64encode(b'guest:guest').decode('ascii')),
+base64.b64encode(b).decode('ascii')),
 }
 if body:
 headers['Content-Type'] = 'application/json'
@@ -53,11 +57,20 @@
 if resp.status == 401:
 die('Access refused: {}'.format(path))
 if resp.status == 404:
-die('Not found: {}'.format(path))
+# Rabbitmq manages queues dynamically so
+# the existence of a queue may depend on a message
+# ever needing to be delivered to it.  Even
+# necessary queues are often created on-demand.
+eprint('Queue not found!')
+return json.dumps('')
 if resp.status == 301:
 url = urllib.parse.urlparse(resp.getheader('location'))
 [host, port] = url.netloc.split(':')
-return http_req(verb, url.path + '?' + url.query, body)
+return http_req(username,
+password,
+verb,
+url.path + '?' + url.query,
+body)
 if resp.status < 200 or resp.status > 400:
 raise Exception(
 'Received {:d} {} for path {}\n{}'.format(
@@ -65,12 +78,19 @@
 return resp_body
 
 
-def http_json(verb, path, body=None):
-return json.loads(http_req(verb, path, body))
+def http_json(username, password, verb, path, body=None):
+return json.loads(http_req(username, password, verb, path, body))
 
 
-def message_count(queue):
-return http_json('GET', '/queues/%2F/{}'.format(queue))['messages_ready']
+def message_count(username, password, queue):
+out = http_json(username,
+ password,
+ 'GET',
+ '/queues/%2F/{}'.format(queue))
+if not out:
+return None
+return out['messages_ready']
+
 
 
 def main():
@@ -86,14 +106,29 @@
 parser.add_argument(
 'queue', metavar='QUEUE', nargs=1,
 help='queue to read messages from')
+parser.add_argument(
+'--username', default='drainqueue',
+help='username to connect to rabbitmq')
+parser.add_argument(
+'--password', default='',
+help='password to connect to rabbitmq')
+
 args = parser.parse_args()
 queue = args.queue[0]
+username = args.username
+password = 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: WIP: toolforge: ferm hook to restart components post updates

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/403072 )

Change subject: WIP: toolforge: ferm hook to restart components post updates
..

WIP: toolforge: ferm hook to restart components post updates

* Ferm is not playing nice with other iptables tenants
* Tested an /etc/ferm/conf.d/00_hooks to see it run external
  scripts in what seems like a totally post updates state.  This
  hopefully let's kube-proxy, flannel, and docker deal with
  Ferm stomping all around.

This is a midterm fix where other options are being explored
in the context of the task.  Right now any update to Ferm, even
a definition MAC, results in an outage for k8s in Toolforge.

Bug: T182722
Change-Id: I5c700a2c8bce6050e8cb761450d3716a6b3f33c9
---
M modules/role/manifests/toollabs/k8s/master.pp
M modules/role/manifests/toollabs/proxy.pp
A modules/toollabs/files/ferm_restart_handler.sh
A modules/toollabs/manifests/ferm_restart_handler.pp
M modules/toollabs/manifests/proxy.pp
5 files changed, 40 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/72/403072/1

diff --git a/modules/role/manifests/toollabs/k8s/master.pp 
b/modules/role/manifests/toollabs/k8s/master.pp
index 81647b4..1c0d78c 100644
--- a/modules/role/manifests/toollabs/k8s/master.pp
+++ b/modules/role/manifests/toollabs/k8s/master.pp
@@ -2,8 +2,9 @@
 class role::toollabs::k8s::master(
 $use_puppet_certs = false,
 ) {
-include ::base::firewall
 include ::toollabs::infrastructure
+include ::base::firewall
+include ::toollabs::ferm_restart_handler
 
 $master_host = hiera('k8s::master_host', $::fqdn)
 $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://')
diff --git a/modules/role/manifests/toollabs/proxy.pp 
b/modules/role/manifests/toollabs/proxy.pp
index be70d49..c82cfef 100644
--- a/modules/role/manifests/toollabs/proxy.pp
+++ b/modules/role/manifests/toollabs/proxy.pp
@@ -2,6 +2,8 @@
 class role::toollabs::proxy {
 include ::toollabs::proxy
 include ::role::toollabs::k8s::webproxy
+include ::base::firewall
+include ::toollabs::ferm_restart_handler
 
 ferm::service { 'proxymanager':
 proto  => 'tcp',
diff --git a/modules/toollabs/files/ferm_restart_handler.sh 
b/modules/toollabs/files/ferm_restart_handler.sh
new file mode 100644
index 000..9bffa6b
--- /dev/null
+++ b/modules/toollabs/files/ferm_restart_handler.sh
@@ -0,0 +1,16 @@
+#/bin/bash
+
+/usr/bin/logger -t ${0} "restart firewall components post ferm management"
+
+# Ferm expects to handle all firewall state
+# and that does not mesh well with dynamic chain management.
+# We tell the k8s stack here to restart
+#
+# This should be no more invasive than a rescheduling
+# of a POD to another worker.
+#
+# If we are living an nftables world when you read
+# this, then this should be totally rethought.
+sudo service docker restart
+sudo service flannel restart
+sudo service kube-proxy restart
diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp 
b/modules/toollabs/manifests/ferm_restart_handler.pp
new file mode 100644
index 000..2fc3034
--- /dev/null
+++ b/modules/toollabs/manifests/ferm_restart_handler.pp
@@ -0,0 +1,20 @@
+# tldr; hook post ferm updates to let other interested
+#   parties resync their iptables state.
+# See: T182722
+class toollabs::ferm_restart_handler{
+
+file {'/usr/local/sbin/ferm_restart_handler':
+source => 'puppet:///modules/toollabs/ferm_restart_handler.sh',
+owner  => 'root',
+group  => 'root',
+mode   => '0555',
+}
+
+# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks
+# https://phabricator.wikimedia.org/T182722
+ferm::conf{'ferm_firewall_processing':
+prio  => 00,
+content   => '@hook post  "/usr/local/sbin/ferm_restart_handler"',
+subscribe => File['/usr/local/sbin/ferm_restart_handler'], 
+}
+}
diff --git a/modules/toollabs/manifests/proxy.pp 
b/modules/toollabs/manifests/proxy.pp
index 63953dd..9befba2 100644
--- a/modules/toollabs/manifests/proxy.pp
+++ b/modules/toollabs/manifests/proxy.pp
@@ -9,7 +9,6 @@
 
 include ::toollabs::infrastructure
 include ::redis::client::python
-include ::base::firewall
 
 if $ssl_install_certificate {
 sslcert::certificate { $ssl_certificate_name:

-- 
To view, visit https://gerrit.wikimedia.org/r/403072
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5c700a2c8bce6050e8cb761450d3716a6b3f33c9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: these servers should be an HA pair

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/402115 )

Change subject: openstack: these servers should be an HA pair
..


openstack: these servers should be an HA pair

Bug: T167559
Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd
---
M manifests/site.pp
1 file changed, 1 insertion(+), 7 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/site.pp b/manifests/site.pp
index acfad3b..9ddd340 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -935,7 +935,7 @@
 include ::ldap::role::client::labs
 }
 
-node 'labtestneutron2001.codfw.wmnet' {
+node /^labtestneutron200[1-2]\.codfw.wmnet$/ {
 role(wmcs::openstack::labtestn::net)
 }
 
@@ -955,12 +955,6 @@
 
 node 'labtestnet2002.codfw.wmnet' {
 role(wmcs::openstack::labtest::net_standby)
-}
-
-node 'labtestneutron2002.codfw.wmnet' {
-# WIP
-include ::standard
-include ::base::firewall
 }
 
 node 'labtestnet2001.codfw.wmnet' {

-- 
To view, visit https://gerrit.wikimedia.org/r/402115
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: these servers should be an HA pair

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/402115 )

Change subject: openstack: these servers should be an HA pair
..

openstack: these servers should be an HA pair

Bug: T167559
Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd
---
M manifests/site.pp
1 file changed, 1 insertion(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/15/402115/1

diff --git a/manifests/site.pp b/manifests/site.pp
index acfad3b..ebe2582 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -935,7 +935,7 @@
 include ::ldap::role::client::labs
 }
 
-node 'labtestneutron2001.codfw.wmnet' {
+node 'labtestneutron200[1-2].codfw.wmnet' {
 role(wmcs::openstack::labtestn::net)
 }
 
@@ -955,12 +955,6 @@
 
 node 'labtestnet2002.codfw.wmnet' {
 role(wmcs::openstack::labtest::net_standby)
-}
-
-node 'labtestneutron2002.codfw.wmnet' {
-# WIP
-include ::standard
-include ::base::firewall
 }
 
 node 'labtestnet2001.codfw.wmnet' {

-- 
To view, visit https://gerrit.wikimedia.org/r/402115
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: need overlay module for overlay2 for k8s

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/402068 )

Change subject: tools: need overlay module for overlay2 for k8s
..

tools: need overlay module for overlay2 for k8s

* This is currently effecting PAWS especially

Bug: T184018
Change-Id: I34a66dae503bc560bf35ce4bec499ed2be842d5f
---
M hieradata/labs/tools/common.yaml
M modules/base/manifests/kernel.pp
M modules/profile/manifests/base.pp
3 files changed, 20 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/68/402068/1

diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml
index 3e03999..3fd5a68 100644
--- a/hieradata/labs/tools/common.yaml
+++ b/hieradata/labs/tools/common.yaml
@@ -1,5 +1,6 @@
 profile::base::labs::unattended_wmf: 'absent'
 profile::base::labs::unattended_distro: 'absent'
+profile::base::overlayfs: true
 
 "profile::base::core_dump_pattern": core
 classes:
diff --git a/modules/base/manifests/kernel.pp b/modules/base/manifests/kernel.pp
index bde24bb..0908703 100644
--- a/modules/base/manifests/kernel.pp
+++ b/modules/base/manifests/kernel.pp
@@ -3,7 +3,11 @@
 # Settings related to the Linux kernel (currently only blacklisting
 # risky kernel modules and adding /etc/modules-load.d/ on Trusty)
 #
-class base::kernel
+# [*overlayfs*]
+#  bool for whether overlay module is needed
+
+class base::kernel(
+$overlayfs,
 {
 if os_version('ubuntu == trusty') {
 # This directory is shipped by systemd, but trusty's upstart job for
@@ -17,10 +21,17 @@
 }
 }
 
+if ! $overlayfs {
+kmod::blacklist { 'wmf_overlay':
+modules => [
+'overlayfs',
+'overlay',
+],
+}
+}
+
 kmod::blacklist { 'wmf':
 modules => [
-'overlayfs',
-'overlay',
 'aufs',
 'usbip-core',
 'usbip-host',
diff --git a/modules/profile/manifests/base.pp 
b/modules/profile/manifests/base.pp
index 430a405..131e65d 100644
--- a/modules/profile/manifests/base.pp
+++ b/modules/profile/manifests/base.pp
@@ -21,6 +21,7 @@
 $check_raid_retry = hiera('profile::base::check_raid_retry', 10),
 $check_smart = hiera('profile::base::check_smart', false),
 $puppet_major_version = hiera('puppet_major_version', undef),
+$overlayfs = heira('profile::base::overlayfs', false),
 ) {
 require ::profile::base::certificates
 class { '::apt':
@@ -87,7 +88,10 @@
 allowed_hosts => $nrpe_allowed_hosts,
 }
 
-class { '::base::kernel': }
+class { '::base::kernel':
+overlayfs => $overlayfs,
+}
+
 class { '::base::debdeploy': }
 
 if $facts['has_ipmi'] {

-- 
To view, visit https://gerrit.wikimedia.org/r/402068
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I34a66dae503bc560bf35ce4bec499ed2be842d5f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: fix dependency order on dir and mount for instances

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/401742 )

Change subject: nova: fix dependency order on dir and mount for instances
..


nova: fix dependency order on dir and mount for instances

Bug: T171494
Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e
---
M modules/profile/manifests/openstack/base/nova/compute/service.pp
1 file changed, 14 insertions(+), 11 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp 
b/modules/profile/manifests/openstack/base/nova/compute/service.pp
index 27fc19a..e0f2bb3 100644
--- a/modules/profile/manifests/openstack/base/nova/compute/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp
@@ -11,10 +11,6 @@
 
 require_package('conntrack')
 
-if $::fqdn =~ /^labvirt100[0-9].eqiad.wmnet/ {
-openstack::nova::compute::partition{ '/dev/sdb':}
-}
-
 interface::tagged { $network_flat_interface:
 base_interface => $network_flat_tagged_base_interface,
 vlan_id=> $network_flat_interface_vlan,
@@ -23,18 +19,24 @@
 down   => 'ip link set $IFACE down',
 }
 
+if $::fqdn =~ /^labvirt100[0-9].eqiad.wmnet/ {
+openstack::nova::compute::partition{ '/dev/sdb':
+before => File['/var/lib/nova/instances'],
+}
+}
+
+file { '/var/lib/nova/instances':
+ensure => 'directory',
+owner  => 'nova',
+group  => 'nova',
+}
+
 mount { '/var/lib/nova/instances':
 ensure  => mounted,
 device  => $instance_dev,
 fstype  => 'xfs',
 options => 'defaults',
-}
-
-file { '/var/lib/nova/instances':
-ensure  => 'directory',
-owner   => 'nova',
-group   => 'nova',
-require => Mount['/var/lib/nova/instances'],
+require => File['/var/lib/nova/instances'],
 }
 
 # Increase the size of conntrack table size (default is 65536)
@@ -55,6 +57,7 @@
 libvirt_type => $libvirt_type,
 certname => $certname,
 ca_target=> $ca_target,
+require  => Mount['/var/lib/nova/instances'],
 }
 contain '::openstack::nova::compute::service'
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/401742
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: fix dependency order on dir and mount for instances

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/401742 )

Change subject: nova: fix dependency order on dir and mount for instances
..

nova: fix dependency order on dir and mount for instances

Bug: T171494
Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e
---
M modules/profile/manifests/openstack/base/nova/compute/service.pp
1 file changed, 7 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/42/401742/1

diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp 
b/modules/profile/manifests/openstack/base/nova/compute/service.pp
index 27fc19a..116c1a2 100644
--- a/modules/profile/manifests/openstack/base/nova/compute/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp
@@ -23,18 +23,18 @@
 down   => 'ip link set $IFACE down',
 }
 
+file { '/var/lib/nova/instances':
+ensure  => 'directory',
+owner   => 'nova',
+group   => 'nova',
+}
+
 mount { '/var/lib/nova/instances':
 ensure  => mounted,
 device  => $instance_dev,
 fstype  => 'xfs',
 options => 'defaults',
-}
-
-file { '/var/lib/nova/instances':
-ensure  => 'directory',
-owner   => 'nova',
-group   => 'nova',
-require => Mount['/var/lib/nova/instances'],
+require => File['/var/lib/nova/instances'],
 }
 
 # Increase the size of conntrack table size (default is 65536)

-- 
To view, visit https://gerrit.wikimedia.org/r/401742
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: add compute profiles for labtestn virt role

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/401740 )

Change subject: nova: add compute profiles for labtestn virt role
..


nova: add compute profiles for labtestn virt role

Change-Id: I1970761282ce32530528a013988eb6000b01503f
---
M modules/role/manifests/wmcs/openstack/labtestn/virt.pp
1 file changed, 2 insertions(+), 0 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp 
b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
index 6832d63..81d0331 100644
--- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
+++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
@@ -2,4 +2,6 @@
 system::role { $name: }
 include ::standard
 include ::profile::openstack::labtestn::cloudrepo
+include ::profile::openstack::labtestn::nova::common
+include ::profile::openstack::labtestn::nova::compute::service
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/401740
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1970761282ce32530528a013988eb6000b01503f
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: add comment to interval options for nfs-exportd

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/401735 )

Change subject: labstore: add comment to interval options for nfs-exportd
..


labstore: add comment to interval options for nfs-exportd

Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886
---
M modules/labstore/files/nfs-exportd
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/labstore/files/nfs-exportd 
b/modules/labstore/files/nfs-exportd
index 8af1ac3..7b7aac1 100755
--- a/modules/labstore/files/nfs-exportd
+++ b/modules/labstore/files/nfs-exportd
@@ -226,7 +226,7 @@
 '--interval',
 type=int,
 default=0,
-help='Set interval to rerun at',
+help='Set interval to rerun at.  Default is 0 which means run once.',
 )
 
 argparser.add_argument(

-- 
To view, visit https://gerrit.wikimedia.org/r/401735
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: add compute profiles for labtestn virt role

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/401740 )

Change subject: nova: add compute profiles for labtestn virt role
..

nova: add compute profiles for labtestn virt role

Change-Id: I1970761282ce32530528a013988eb6000b01503f
---
M modules/role/manifests/wmcs/openstack/labtestn/virt.pp
1 file changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/40/401740/1

diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp 
b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
index 6832d63..81d0331 100644
--- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
+++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
@@ -2,4 +2,6 @@
 system::role { $name: }
 include ::standard
 include ::profile::openstack::labtestn::cloudrepo
+include ::profile::openstack::labtestn::nova::common
+include ::profile::openstack::labtestn::nova::compute::service
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/401740
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1970761282ce32530528a013988eb6000b01503f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: add comment to interval options for nfs-exportd

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/401735 )

Change subject: labstore: add comment to interval options for nfs-exportd
..

labstore: add comment to interval options for nfs-exportd

Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886
---
M modules/labstore/files/nfs-exportd
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/35/401735/1

diff --git a/modules/labstore/files/nfs-exportd 
b/modules/labstore/files/nfs-exportd
index 8af1ac3..7b7aac1 100755
--- a/modules/labstore/files/nfs-exportd
+++ b/modules/labstore/files/nfs-exportd
@@ -226,7 +226,7 @@
 '--interval',
 type=int,
 default=0,
-help='Set interval to rerun at',
+help='Set interval to rerun at.  Default is 0 which means run once.',
 )
 
 argparser.add_argument(

-- 
To view, visit https://gerrit.wikimedia.org/r/401735
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: correct yaml from 399223

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/401517 )

Change subject: labstore: correct yaml from 399223
..


labstore: correct yaml from 399223

Bug: T183229
Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4
---
M modules/labstore/files/nfs-mounts.yaml
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/labstore/files/nfs-mounts.yaml 
b/modules/labstore/files/nfs-mounts.yaml
index 8be6c44..1e86b6b 100644
--- a/modules/labstore/files/nfs-mounts.yaml
+++ b/modules/labstore/files/nfs-mounts.yaml
@@ -35,7 +35,7 @@
 gid: 50116
 mounts:
   project: true
-  wikidata-primary-sources-tool
+  wikidata-primary-sources-tool:
 gid: 53586
 mounts:
   dumps: true

-- 
To view, visit https://gerrit.wikimedia.org/r/401517
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: correct yaml from 399223

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/401517 )

Change subject: labstore: correct yaml from 399223
..

labstore: correct yaml from 399223

Bug: T183229
Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4
---
M modules/labstore/files/nfs-mounts.yaml
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/17/401517/1

diff --git a/modules/labstore/files/nfs-mounts.yaml 
b/modules/labstore/files/nfs-mounts.yaml
index 8be6c44..1e86b6b 100644
--- a/modules/labstore/files/nfs-mounts.yaml
+++ b/modules/labstore/files/nfs-mounts.yaml
@@ -35,7 +35,7 @@
 gid: 50116
 mounts:
   project: true
-  wikidata-primary-sources-tool
+  wikidata-primary-sources-tool:
 gid: 53586
 mounts:
   dumps: true

-- 
To view, visit https://gerrit.wikimedia.org/r/401517
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: dumps: add wikidata-primary-sources-tool mount

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/399223 )

Change subject: dumps: add wikidata-primary-sources-tool mount
..


dumps: add wikidata-primary-sources-tool mount

Bug: T183229
Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3
---
M modules/labstore/files/nfs-mounts.yaml
1 file changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/labstore/files/nfs-mounts.yaml 
b/modules/labstore/files/nfs-mounts.yaml
index ef88c2b..8be6c44 100644
--- a/modules/labstore/files/nfs-mounts.yaml
+++ b/modules/labstore/files/nfs-mounts.yaml
@@ -35,6 +35,10 @@
 gid: 50116
 mounts:
   project: true
+  wikidata-primary-sources-tool
+gid: 53586
+mounts:
+  dumps: true
   wikidata-query:
 gid: 52354
 mounts:

-- 
To view, visit https://gerrit.wikimedia.org/r/399223
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: whitelist kernel versions for compute

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/399243 )

Change subject: openstack: whitelist kernel versions for compute
..


openstack: whitelist kernel versions for compute

Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce
---
A modules/openstack/manifests/nova/compute/audit.pp
M modules/openstack/manifests/nova/compute/service.pp
2 files changed, 26 insertions(+), 17 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/nova/compute/audit.pp 
b/modules/openstack/manifests/nova/compute/audit.pp
new file mode 100644
index 000..582a365
--- /dev/null
+++ b/modules/openstack/manifests/nova/compute/audit.pp
@@ -0,0 +1,17 @@
+# Whitelist candidate kernel version for compute nodes
+
+# 3.13 have a KSM bug and instance suspension causes complete system lockup
+# see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917
+# 3.19 series kernels, instance clocks die after resuming from suspension
+# Virtio has shown to be non-determinstic on certain host:client kernel
+# version matchups (IO freezing)
+class openstack::nova::compute::audit(
+$whitelist_kernels=['4.4.0-81-generic'],
+) {
+
+if os_version('ubuntu >= trusty') {
+if ! ($::kernelrelease in $whitelist_kernels) {
+fail("nova-compute is only valid for ${whitelist_kernels} and not 
${::kernelrelease}")
+}
+}
+}
diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index 342c43c..3d1bbb7 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -8,23 +8,7 @@
 $ca_target,
 ){
 
-# Check for buggy kernels.  There are a lot of them!
-if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, 
'3.13.0-46') < 0) {
-# see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917
-fail('nova-compute not installed on buggy kernels.  Old versions of 
3.13 have a KSM bug.  Try installing linux-image-generic-lts-xenial')
-} elsif $::kernelrelease =~ /^3\.13\..*/ {
-fail('nova-compute not installed on buggy kernels.  On 3.13 series 
kernels, instance suspension causes complete system lockup.  Try installing 
linux-image-generic-lts-xenial')
-} elsif $::kernelrelease =~ /^3\.19\..*/ {
-fail('nova-compute not installed on buggy kernels.  On 3.19 series 
kernels, instance clocks die after resuming from suspension.  Try installing 
linux-image-generic-lts-xenial')
-}
-
-# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the 
netfilter code
-# was split from the bridge kernel module into a separate module 
(br_netfilter)
-if (versioncmp($::kernelversion, '3.18') >= 0) {
-kmod::module { 'br_netfilter':
-ensure => 'present',
-}
-}
+require openstack::nova::compute::audit
 
 # Without qemu-system, apt will install qemu-kvm by default,
 # which is somewhat broken.
@@ -182,6 +166,14 @@
 require   => Package['nova-compute'],
 }
 
+# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the 
netfilter code
+# was split from the bridge kernel module into a separate module 
(br_netfilter)
+if (versioncmp($::kernelversion, '3.18') >= 0) {
+kmod::module { 'br_netfilter':
+ensure => 'present',
+}
+}
+
 # By default trusty allows the creation of user namespaces by unprivileged 
users
 # (Debian defaulted to disallowing these since the feature was introduced 
for security reasons)
 # Unprivileged user namespaces are not something we need in general (and 
especially

-- 
To view, visit https://gerrit.wikimedia.org/r/399243
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce
Gerrit-PatchSet: 10
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Alex Monk 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: Muehlenhoff 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: rabbitmq: drain_queue is defined dupe

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/401508 )

Change subject: rabbitmq: drain_queue is defined dupe
..


rabbitmq: drain_queue is defined dupe

Remove from cleanup manifest and use require

Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96
---
M modules/rabbitmq/manifests/cleanup.pp
1 file changed, 2 insertions(+), 8 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/rabbitmq/manifests/cleanup.pp 
b/modules/rabbitmq/manifests/cleanup.pp
index 616f728..ac2afa0 100644
--- a/modules/rabbitmq/manifests/cleanup.pp
+++ b/modules/rabbitmq/manifests/cleanup.pp
@@ -6,19 +6,13 @@
 $enabled=false,
 ) {
 
+require rabbitmq
+
 if ($enabled) {
 $ensure = 'present'
 }
 else {
 $ensure = 'absent'
-}
-
-file { '/usr/local/sbin/drain_queue':
-ensure => 'present',
-owner  => 'root',
-group  => 'root',
-mode   => '0655',
-source => 'puppet:///modules/rabbitmq/drain_queue',
 }
 
 # These logfiles will be rotated by an already-existing wildcard logrotate 
rule for rabbit

-- 
To view, visit https://gerrit.wikimedia.org/r/401508
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: rabbitmq: drain_queue is defined dupe

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/401508 )

Change subject: rabbitmq: drain_queue is defined dupe
..

rabbitmq: drain_queue is defined dupe

Remove from cleanup manifest and use require

Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96
---
M modules/rabbitmq/manifests/cleanup.pp
1 file changed, 2 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/08/401508/1

diff --git a/modules/rabbitmq/manifests/cleanup.pp 
b/modules/rabbitmq/manifests/cleanup.pp
index 616f728..ac2afa0 100644
--- a/modules/rabbitmq/manifests/cleanup.pp
+++ b/modules/rabbitmq/manifests/cleanup.pp
@@ -6,19 +6,13 @@
 $enabled=false,
 ) {
 
+require rabbitmq
+
 if ($enabled) {
 $ensure = 'present'
 }
 else {
 $ensure = 'absent'
-}
-
-file { '/usr/local/sbin/drain_queue':
-ensure => 'present',
-owner  => 'root',
-group  => 'root',
-mode   => '0655',
-source => 'puppet:///modules/rabbitmq/drain_queue',
 }
 
 # These logfiles will be rotated by an already-existing wildcard logrotate 
rule for rabbit

-- 
To view, visit https://gerrit.wikimedia.org/r/401508
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: only run rabbitmq cleanup on active control node

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398900 )

Change subject: openstack: only run rabbitmq cleanup on active control node
..


openstack: only run rabbitmq cleanup on active control node

Bug: T183144
Change-Id: I861913e384d7c9677d3346a77267f2526795111b
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
A modules/rabbitmq/manifests/cleanup.pp
M modules/rabbitmq/manifests/init.pp
3 files changed, 41 insertions(+), 14 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, but someone else must approve
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index ecb48ed..efd0127 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -15,6 +15,11 @@
 }
 contain '::rabbitmq'
 
+class {'::rabbitmq::cleanup':
+enabled => $::fqdn == $nova_controller,
+}
+contain '::rabbitmq::cleanup'
+
 class { '::rabbitmq::monitor':
 rabbit_monitor_username => $monitor_user,
 rabbit_monitor_password => $monitor_password,
@@ -41,14 +46,5 @@
 ferm::rule{'beam_nova':
 ensure => 'present',
 rule   =>  "saddr ${labs_hosts_range} proto tcp dport (5672 56918) 
ACCEPT;",
-}
-
-# These logfiles will be rotated by an already-existing wildcard logrotate 
rule for rabbit
-cron {
-'drain and log rabbit notifications.error queue':
-ensure  => 'present',
-user=> 'root',
-minute  => '35',
-command => '/usr/local/sbin/drain_queue notifications.error >> 
/var/log/rabbitmq/notifications_error.log 2>&1',
 }
 }
diff --git a/modules/rabbitmq/manifests/cleanup.pp 
b/modules/rabbitmq/manifests/cleanup.pp
new file mode 100644
index 000..616f728
--- /dev/null
+++ b/modules/rabbitmq/manifests/cleanup.pp
@@ -0,0 +1,31 @@
+# Rabbit does a poor job of cleaning up queues
+# that are not being consumed and this becomes costly
+# over time.
+
+class rabbitmq::cleanup(
+$enabled=false,
+) {
+
+if ($enabled) {
+$ensure = 'present'
+}
+else {
+$ensure = 'absent'
+}
+
+file { '/usr/local/sbin/drain_queue':
+ensure => 'present',
+owner  => 'root',
+group  => 'root',
+mode   => '0655',
+source => 'puppet:///modules/rabbitmq/drain_queue',
+}
+
+# These logfiles will be rotated by an already-existing wildcard logrotate 
rule for rabbit
+cron { 'drain and log rabbit notifications.error queue':
+ensure  => $ensure,
+user=> 'root',
+minute  => '35',
+command => '/usr/local/sbin/drain_queue notifications.error >> 
/var/log/rabbitmq/notifications_error.log 2>&1',
+}
+}
diff --git a/modules/rabbitmq/manifests/init.pp 
b/modules/rabbitmq/manifests/init.pp
index f102954..3e905ff 100644
--- a/modules/rabbitmq/manifests/init.pp
+++ b/modules/rabbitmq/manifests/init.pp
@@ -53,11 +53,6 @@
 require => Package['rabbitmq-server'],
 }
 
-service { 'rabbitmq-server':
-ensure  => $running,
-require => Package['rabbitmq-server'],
-}
-
 file { '/usr/local/sbin/drain_queue':
 ensure => 'present',
 owner  => 'root',
@@ -65,4 +60,9 @@
 mode   => '0655',
 source => 'puppet:///modules/rabbitmq/drain_queue',
 }
+
+service { 'rabbitmq-server':
+ensure  => $running,
+require => Package['rabbitmq-server'],
+}
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398900
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I861913e384d7c9677d3346a77267f2526795111b
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: BryanDavis 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: whitelist kernel versions for compute

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/399243 )

Change subject: openstack: whitelist kernel versions for compute
..

openstack: whitelist kernel versions for compute

Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce
---
A modules/openstack/manifests/nova/compute/audit.pp
M modules/openstack/manifests/nova/compute/service.pp
2 files changed, 19 insertions(+), 17 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/43/399243/1

diff --git a/modules/openstack/manifests/nova/compute/audit.pp 
b/modules/openstack/manifests/nova/compute/audit.pp
new file mode 100644
index 000..dc3251c
--- /dev/null
+++ b/modules/openstack/manifests/nova/compute/audit.pp
@@ -0,0 +1,18 @@
+class openstack::nova::compute::audit(
+$kernel_releases,
+){
+
+if os_version('ubuntu >= trusty') {
+if ! ($::kernelrelease in $kernel_releases) {
+fail("nova-compute is only valid for ${kernel_releases} and not 
${::kernelrelease}"
+}
+}
+
+# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the 
netfilter code
+# was split from the bridge kernel module into a separate module 
(br_netfilter)
+if (versioncmp($::kernelversion, '3.18') >= 0) {
+kmod::module { 'br_netfilter':
+ensure => 'present',
+}
+}
+}
diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index 342c43c..2caae78 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -8,23 +8,7 @@
 $ca_target,
 ){
 
-# Check for buggy kernels.  There are a lot of them!
-if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, 
'3.13.0-46') < 0) {
-# see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917
-fail('nova-compute not installed on buggy kernels.  Old versions of 
3.13 have a KSM bug.  Try installing linux-image-generic-lts-xenial')
-} elsif $::kernelrelease =~ /^3\.13\..*/ {
-fail('nova-compute not installed on buggy kernels.  On 3.13 series 
kernels, instance suspension causes complete system lockup.  Try installing 
linux-image-generic-lts-xenial')
-} elsif $::kernelrelease =~ /^3\.19\..*/ {
-fail('nova-compute not installed on buggy kernels.  On 3.19 series 
kernels, instance clocks die after resuming from suspension.  Try installing 
linux-image-generic-lts-xenial')
-}
-
-# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the 
netfilter code
-# was split from the bridge kernel module into a separate module 
(br_netfilter)
-if (versioncmp($::kernelversion, '3.18') >= 0) {
-kmod::module { 'br_netfilter':
-ensure => 'present',
-}
-}
+require openstack::nova::compute::audit
 
 # Without qemu-system, apt will install qemu-kvm by default,
 # which is somewhat broken.

-- 
To view, visit https://gerrit.wikimedia.org/r/399243
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: dumps: add wikidata-primary-sources-tool mount

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/399223 )

Change subject: dumps: add wikidata-primary-sources-tool mount
..

dumps: add wikidata-primary-sources-tool mount

Bug: T183229
Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3
---
M modules/labstore/files/nfs-mounts.yaml
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/399223/1

diff --git a/modules/labstore/files/nfs-mounts.yaml 
b/modules/labstore/files/nfs-mounts.yaml
index ef88c2b..8be6c44 100644
--- a/modules/labstore/files/nfs-mounts.yaml
+++ b/modules/labstore/files/nfs-mounts.yaml
@@ -35,6 +35,10 @@
 gid: 50116
 mounts:
   project: true
+  wikidata-primary-sources-tool
+gid: 53586
+mounts:
+  dumps: true
   wikidata-query:
 gid: 52354
 mounts:

-- 
To view, visit https://gerrit.wikimedia.org/r/399223
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labvirt role shuffle

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/399183 )

Change subject: openstack: labvirt role shuffle
..


openstack: labvirt role shuffle

Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d
---
M manifests/site.pp
M modules/role/manifests/wmcs/openstack/labtest/virt.pp
M modules/role/manifests/wmcs/openstack/labtestn/virt.pp
3 files changed, 7 insertions(+), 4 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/site.pp b/manifests/site.pp
index ce067d3..897722f 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -938,9 +938,12 @@
 role(wmcs::openstack::labtestn::net)
 }
 
-node /^labtestvirt200[1-3]\.codfw\.wmnet$/ {
+node /^labtestvirt200[1-2]\.codfw\.wmnet$/ {
 role(wmcs::openstack::labtest::virt)
-include ::standard
+}
+
+node /^labtestvirt2003\.codfw\.wmnet$/ {
+role(wmcs::openstack::labtestn::virt)
 }
 
 node 'labtestmetal2001.codfw.wmnet' {
diff --git a/modules/role/manifests/wmcs/openstack/labtest/virt.pp 
b/modules/role/manifests/wmcs/openstack/labtest/virt.pp
index f85e6bd..464aff7 100644
--- a/modules/role/manifests/wmcs/openstack/labtest/virt.pp
+++ b/modules/role/manifests/wmcs/openstack/labtest/virt.pp
@@ -1,5 +1,6 @@
 class role::wmcs::openstack::labtest::virt {
 system::role { $name: }
+include ::standard
 include ::profile::openstack::labtest::cloudrepo
 include ::profile::openstack::labtest::nova::common
 include ::profile::openstack::labtest::nova::compute::service
diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp 
b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
index 5c59e23..6832d63 100644
--- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
+++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
@@ -1,6 +1,5 @@
 class role::wmcs::openstack::labtestn::virt {
 system::role { $name: }
+include ::standard
 include ::profile::openstack::labtestn::cloudrepo
-include ::profile::openstack::labtestn::nova::common
-include ::profile::openstack::labtestn::nova::compute::service
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/399183
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labvirt role shuffle

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/399183 )

Change subject: openstack: labvirt role shuffle
..

openstack: labvirt role shuffle

Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d
---
M manifests/site.pp
M modules/role/manifests/wmcs/openstack/labtest/virt.pp
M modules/role/manifests/wmcs/openstack/labtestn/virt.pp
3 files changed, 7 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/83/399183/1

diff --git a/manifests/site.pp b/manifests/site.pp
index e90e837..f846172 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1004,9 +1004,12 @@
 role(wmcs::openstack::labtestn::net)
 }
 
-node /^labtestvirt200[1-3]\.codfw\.wmnet$/ {
+node /^labtestvirt200[1-2]\.codfw\.wmnet$/ {
 role(wmcs::openstack::labtest::virt)
-include ::standard
+}
+
+node /^labtestvirt2003\.codfw\.wmnet$/ {
+role(wmcs::openstack::labtestn::virt)
 }
 
 node 'labtestmetal2001.codfw.wmnet' {
diff --git a/modules/role/manifests/wmcs/openstack/labtest/virt.pp 
b/modules/role/manifests/wmcs/openstack/labtest/virt.pp
index f85e6bd..464aff7 100644
--- a/modules/role/manifests/wmcs/openstack/labtest/virt.pp
+++ b/modules/role/manifests/wmcs/openstack/labtest/virt.pp
@@ -1,5 +1,6 @@
 class role::wmcs::openstack::labtest::virt {
 system::role { $name: }
+include ::standard
 include ::profile::openstack::labtest::cloudrepo
 include ::profile::openstack::labtest::nova::common
 include ::profile::openstack::labtest::nova::compute::service
diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp 
b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
index 5c59e23..81d0331 100644
--- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
+++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp
@@ -1,5 +1,6 @@
 class role::wmcs::openstack::labtestn::virt {
 system::role { $name: }
+include ::standard
 include ::profile::openstack::labtestn::cloudrepo
 include ::profile::openstack::labtestn::nova::common
 include ::profile::openstack::labtestn::nova::compute::service

-- 
To view, visit https://gerrit.wikimedia.org/r/399183
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: only run rabbitmq cleanup on active control node

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398900 )

Change subject: openstack: only run rabbitmq cleanup on active control node
..

openstack: only run rabbitmq cleanup on active control node

Bug: T183144
Change-Id: I861913e384d7c9677d3346a77267f2526795111b
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
A modules/rabbitmq/manifests/cleanup.pp
M modules/rabbitmq/manifests/init.pp
3 files changed, 42 insertions(+), 14 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/00/398900/1

diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index ecb48ed..f7e1360 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -15,6 +15,11 @@
 }
 contain '::rabbitmq'
 
+class {'::rabbitmq::cleanup':
+   enabled => $::fqdn == $nova_controller,
+}
+contain '::rabbitmq::cleanup'
+
 class { '::rabbitmq::monitor':
 rabbit_monitor_username => $monitor_user,
 rabbit_monitor_password => $monitor_password,
@@ -41,14 +46,5 @@
 ferm::rule{'beam_nova':
 ensure => 'present',
 rule   =>  "saddr ${labs_hosts_range} proto tcp dport (5672 56918) 
ACCEPT;",
-}
-
-# These logfiles will be rotated by an already-existing wildcard logrotate 
rule for rabbit
-cron {
-'drain and log rabbit notifications.error queue':
-ensure  => 'present',
-user=> 'root',
-minute  => '35',
-command => '/usr/local/sbin/drain_queue notifications.error >> 
/var/log/rabbitmq/notifications_error.log 2>&1',
 }
 }
diff --git a/modules/rabbitmq/manifests/cleanup.pp 
b/modules/rabbitmq/manifests/cleanup.pp
new file mode 100644
index 000..227cb7c
--- /dev/null
+++ b/modules/rabbitmq/manifests/cleanup.pp
@@ -0,0 +1,32 @@
+# Rabbit does a poor job of cleaning up queues
+# that are not being consumed and this becomes costly
+# over time.
+
+class rabbitmq::cleanup(
+$enabled=false,
+) {
+
+if ($enabled) {
+$ensure = 'present'
+}
+else {
+$ensure = 'absent'
+}
+
+file { '/usr/local/sbin/drain_queue':
+ensure => 'present',
+owner  => 'root',
+group  => 'root',
+mode   => '0655',
+source => 'puppet:///modules/rabbitmq/drain_queue',
+}
+
+# These logfiles will be rotated by an already-existing wildcard logrotate 
rule for rabbit
+cron {
+'drain and log rabbit notifications.error queue':
+ensure  => $ensure,
+user=> 'root',
+minute  => '35',
+command => '/usr/local/sbin/drain_queue notifications.error >> 
/var/log/rabbitmq/notifications_error.l$
+}
+}
diff --git a/modules/rabbitmq/manifests/init.pp 
b/modules/rabbitmq/manifests/init.pp
index f102954..3e905ff 100644
--- a/modules/rabbitmq/manifests/init.pp
+++ b/modules/rabbitmq/manifests/init.pp
@@ -53,11 +53,6 @@
 require => Package['rabbitmq-server'],
 }
 
-service { 'rabbitmq-server':
-ensure  => $running,
-require => Package['rabbitmq-server'],
-}
-
 file { '/usr/local/sbin/drain_queue':
 ensure => 'present',
 owner  => 'root',
@@ -65,4 +60,9 @@
 mode   => '0655',
 source => 'puppet:///modules/rabbitmq/drain_queue',
 }
+
+service { 'rabbitmq-server':
+ensure  => $running,
+require => Package['rabbitmq-server'],
+}
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398900
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I861913e384d7c9677d3346a77267f2526795111b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: set monitor_password as var for rabbit base

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398483 )

Change subject: openstack: set monitor_password as var for rabbit base
..


openstack: set monitor_password as var for rabbit base

Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index d87f6a9..ecb48ed 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -24,7 +24,7 @@
 class { '::profile::prometheus::rabbitmq_exporter':
 prometheus_nodes=> $monitoring_host,
 rabbit_monitor_username => $monitor_user,
-rabbit_monitor_password => monitor_password,
+rabbit_monitor_password => $monitor_password,
 }
 contain '::profile::prometheus::rabbitmq_exporter'
 

-- 
To view, visit https://gerrit.wikimedia.org/r/398483
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: set monitor_password as var for rabbit base

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398483 )

Change subject: openstack: set monitor_password as var for rabbit base
..

openstack: set monitor_password as var for rabbit base

Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/83/398483/1

diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index d87f6a9..ecb48ed 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -24,7 +24,7 @@
 class { '::profile::prometheus::rabbitmq_exporter':
 prometheus_nodes=> $monitoring_host,
 rabbit_monitor_username => $monitor_user,
-rabbit_monitor_password => monitor_password,
+rabbit_monitor_password => $monitor_password,
 }
 contain '::profile::prometheus::rabbitmq_exporter'
 

-- 
To view, visit https://gerrit.wikimedia.org/r/398483
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: prometheus: rabbitmq use @ for vars in templete fulfillment

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398482 )

Change subject: prometheus: rabbitmq use @ for vars in templete fulfillment
..


prometheus: rabbitmq use @ for vars in templete fulfillment

Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913
---
M modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
1 file changed, 3 insertions(+), 3 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb 
b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
index b03ff52..4316550 100644
--- a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
+++ b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
@@ -1,4 +1,4 @@
 ---
-server: <%= $rabbit_host %>
-username: <%= $rabbit_monitor_username %>
-password: <%= $rabbit_monitor_password %>
+server: <%= @rabbit_host %>
+username: <%= @rabbit_monitor_username %>
+password: <%= @rabbit_monitor_password %>

-- 
To view, visit https://gerrit.wikimedia.org/r/398482
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: prometheus: rabbitmq use @ for vars in templete fulfillment

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398482 )

Change subject: prometheus: rabbitmq use @ for vars in templete fulfillment
..

prometheus: rabbitmq use @ for vars in templete fulfillment

Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913
---
M modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
1 file changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/82/398482/1

diff --git a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb 
b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
index b03ff52..4316550 100644
--- a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
+++ b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb
@@ -1,4 +1,4 @@
 ---
-server: <%= $rabbit_host %>
-username: <%= $rabbit_monitor_username %>
-password: <%= $rabbit_monitor_password %>
+server: <%= @rabbit_host %>
+username: <%= @rabbit_monitor_username %>
+password: <%= @rabbit_monitor_password %>

-- 
To view, visit https://gerrit.wikimedia.org/r/398482
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: type for rabbitmq base

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398479 )

Change subject: openstack: type for rabbitmq base
..


openstack: type for rabbitmq base

This is round 2 so hopefully that is it.

Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
1 file changed, 3 insertions(+), 3 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index b046a5a..d87f6a9 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -22,9 +22,9 @@
 contain '::rabbitmq::monitor'
 
 class { '::profile::prometheus::rabbitmq_exporter':
-prometheus_nodes => $monitoring_host,
-monitor_user => $monitor_user,
-monitor_password => $monitor_password,
+prometheus_nodes=> $monitoring_host,
+rabbit_monitor_username => $monitor_user,
+rabbit_monitor_password => monitor_password,
 }
 contain '::profile::prometheus::rabbitmq_exporter'
 

-- 
To view, visit https://gerrit.wikimedia.org/r/398479
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: type for rabbitmq base

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398479 )

Change subject: openstack: type for rabbitmq base
..

openstack: type for rabbitmq base

This is round 2 so hopefully that is it.

Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
1 file changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/79/398479/1

diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index b046a5a..d87f6a9 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -22,9 +22,9 @@
 contain '::rabbitmq::monitor'
 
 class { '::profile::prometheus::rabbitmq_exporter':
-prometheus_nodes => $monitoring_host,
-monitor_user => $monitor_user,
-monitor_password => $monitor_password,
+prometheus_nodes=> $monitoring_host,
+rabbit_monitor_username => $monitor_user,
+rabbit_monitor_password => monitor_password,
 }
 contain '::profile::prometheus::rabbitmq_exporter'
 

-- 
To view, visit https://gerrit.wikimedia.org/r/398479
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: profile/manifests/openstack/base/rabbitmq typo

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398478 )

Change subject: openstack: profile/manifests/openstack/base/rabbitmq typo
..


openstack: profile/manifests/openstack/base/rabbitmq typo

Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index a93f882..b046a5a 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -22,7 +22,7 @@
 contain '::rabbitmq::monitor'
 
 class { '::profile::prometheus::rabbitmq_exporter':
-prometheusnodes  => $monitoring_host,
+prometheus_nodes => $monitoring_host,
 monitor_user => $monitor_user,
 monitor_password => $monitor_password,
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398478
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: profile/manifests/openstack/base/rabbitmq typo

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398478 )

Change subject: openstack: profile/manifests/openstack/base/rabbitmq typo
..

openstack: profile/manifests/openstack/base/rabbitmq typo

Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda
---
M modules/profile/manifests/openstack/base/rabbitmq.pp
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/78/398478/1

diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp 
b/modules/profile/manifests/openstack/base/rabbitmq.pp
index a93f882..b046a5a 100644
--- a/modules/profile/manifests/openstack/base/rabbitmq.pp
+++ b/modules/profile/manifests/openstack/base/rabbitmq.pp
@@ -22,7 +22,7 @@
 contain '::rabbitmq::monitor'
 
 class { '::profile::prometheus::rabbitmq_exporter':
-prometheusnodes  => $monitoring_host,
+prometheus_nodes => $monitoring_host,
 monitor_user => $monitor_user,
 monitor_password => $monitor_password,
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398478
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: rush: add a helper script for localrun

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398470 )

Change subject: rush: add a helper script for localrun
..


rush: add a helper script for localrun

Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67
---
A modules/admin/files/home/rush/bin/plocal.sh
1 file changed, 11 insertions(+), 0 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/admin/files/home/rush/bin/plocal.sh 
b/modules/admin/files/home/rush/bin/plocal.sh
new file mode 100644
index 000..8746d0f
--- /dev/null
+++ b/modules/admin/files/home/rush/bin/plocal.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# shim to get started using utils/localrun
+sudo puppet agent --test
+cd /root
+git clone https://gerrit.wikimedia.org/r/operations/puppet
+cd /srv
+git clone https://gerrit.wikimedia.org/r/labs/private
+cd /root
+ln -s /root/puppet/hieradata/ /etc/puppet/hieradata
+ln -s /srv/private /etc/puppet/private
+alias run='cd /root/puppet/utils/ && ./localrun'

-- 
To view, visit https://gerrit.wikimedia.org/r/398470
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: rush: add a helper script for localrun

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398470 )

Change subject: rush: add a helper script for localrun
..

rush: add a helper script for localrun

Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67
---
A modules/admin/files/home/rush/bin/plocal.sh
1 file changed, 11 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/70/398470/1

diff --git a/modules/admin/files/home/rush/bin/plocal.sh 
b/modules/admin/files/home/rush/bin/plocal.sh
new file mode 100644
index 000..8746d0f
--- /dev/null
+++ b/modules/admin/files/home/rush/bin/plocal.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# shim to get started using utils/localrun
+sudo puppet agent --test
+cd /root
+git clone https://gerrit.wikimedia.org/r/operations/puppet
+cd /srv
+git clone https://gerrit.wikimedia.org/r/labs/private
+cd /root
+ln -s /root/puppet/hieradata/ /etc/puppet/hieradata
+ln -s /srv/private /etc/puppet/private
+alias run='cd /root/puppet/utils/ && ./localrun'

-- 
To view, visit https://gerrit.wikimedia.org/r/398470
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: remove duplicate definition in compute/service

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398463 )

Change subject: openstack: remove duplicate definition in compute/service
..


openstack: remove duplicate definition in compute/service

This build on 398312

Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136
---
M modules/openstack/manifests/nova/compute/service.pp
1 file changed, 0 insertions(+), 14 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index e163a83..342c43c 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -60,20 +60,6 @@
 require => Exec['set_shell_for_nova'],
 }
 
-
-# nova-compute adds the user with /bin/false
-# but resize, live migration, etc
-# need the nova use to have a real shell, as it uses ssh.
-user { 'nova':
-ensure  => 'present',
-shell   => '/bin/bash',
-require => Package['nova-compute'],
-}
-
-ssh::userkey { 'nova':
-content => secret('ssh/nova/nova.pub'),
-}
-
 # qemu-kvm and qemu-system are alternative packages to meet the needs of
 # libvirt.
 #  Lately, Precise has been installing qemu-kvm by default.  That's

-- 
To view, visit https://gerrit.wikimedia.org/r/398463
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: remove duplicate definition in compute/service

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398463 )

Change subject: openstack: remove duplicate definition in compute/service
..

openstack: remove duplicate definition in compute/service

This build on 398312

Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136
---
M modules/openstack/manifests/nova/compute/service.pp
1 file changed, 0 insertions(+), 14 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/63/398463/1

diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index e163a83..342c43c 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -60,20 +60,6 @@
 require => Exec['set_shell_for_nova'],
 }
 
-
-# nova-compute adds the user with /bin/false
-# but resize, live migration, etc
-# need the nova use to have a real shell, as it uses ssh.
-user { 'nova':
-ensure  => 'present',
-shell   => '/bin/bash',
-require => Package['nova-compute'],
-}
-
-ssh::userkey { 'nova':
-content => secret('ssh/nova/nova.pub'),
-}
-
 # qemu-kvm and qemu-system are alternative packages to meet the needs of
 # libvirt.
 #  Lately, Precise has been installing qemu-kvm by default.  That's

-- 
To view, visit https://gerrit.wikimedia.org/r/398463
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova/compute/server.pp manage nova shell

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398312 )

Change subject: openstack: nova/compute/server.pp manage nova shell
..


openstack: nova/compute/server.pp manage nova shell

nova-common installs the nova user and several places
throughout the code set sane nova ownership permissions
so using a native User resources becomes complicated
without moving it higher up in the process and having
logic to pick a shell for the user post nova-common.
Instead set the shell using usermod in the only place
we want it it not to be /bin/false.

Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6
---
M modules/openstack/manifests/nova/compute/service.pp
1 file changed, 18 insertions(+), 1 deletion(-)

Approvals:
  Andrew Bogott: Looks good to me, but someone else must approve
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index 9829b07..e163a83 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -44,6 +44,23 @@
 require => Package['qemu-system'],
 }
 
+# use exec to set the shell to not shadow the manage
+# the user for the package which causes Puppet
+# to see the user as a dependency anywhere the
+# nova user is used to ensure good permission
+exec {'set_shell_for_nova':
+command   => '/usr/sbin/usermod -c "shell set for online operations" 
-s /bin/bash nova',
+unless=> '/bin/grep "nova:" /etc/passwd | /bin/grep 
":\/bin\/bash"',
+logoutput => true,
+require   => Package['nova-compute'],
+}
+
+ssh::userkey { 'nova':
+content => secret('ssh/nova/nova.pub'),
+require => Exec['set_shell_for_nova'],
+}
+
+
 # nova-compute adds the user with /bin/false
 # but resize, live migration, etc
 # need the nova use to have a real shell, as it uses ssh.
@@ -112,7 +129,7 @@
 owner   => 'nova',
 group   => 'nova',
 mode=> '0700',
-require => User['nova'],
+require => Package['nova-compute'],
 }
 
 file { '/var/lib/nova/.ssh/id_rsa':

-- 
To view, visit https://gerrit.wikimedia.org/r/398312
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Alex Monk 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova/compute/server.pp manage nova shell

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398312 )

Change subject: openstack: nova/compute/server.pp manage nova shell
..

openstack: nova/compute/server.pp manage nova shell

nova-common installs the nova user and several places
throughout the code set sane nova ownership permissions
so using a native User resources becomes complicated
without moving it higher up in the process and having
logic to pick a shell for the user post nova-common.
Instead set the shell using usermod in the only place
we want it it not to be /bin/false.

Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6
---
M modules/openstack/manifests/nova/compute/service.pp
1 file changed, 18 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/12/398312/1

diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index 9829b07..89ca132 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -44,6 +44,23 @@
 require => Package['qemu-system'],
 }
 
+# use exec to set the shell to not shadow the manage
+# the user for the package which causes Puppet
+# to see the user as a dependency anywhere the
+# nova user is used to ensure good permission
+exec {'set_shell_for_nova':
+command => '/usr/sbin/usermod -c "shell set for online operations" 
-s /bin/bash nova',
+unless  => '/bin/grep "nova:" /etc/passwd | /bin/grep 
":\/bin\/bash"',
+logoutput   => true,
+require => Package['nova-compute'],
+}
+
+ssh::userkey { 'nova':
+content => secret('ssh/nova/nova.pub'),
+require => Exec['set_shell_for_nova'],
+}
+
+
 # nova-compute adds the user with /bin/false
 # but resize, live migration, etc
 # need the nova use to have a real shell, as it uses ssh.
@@ -112,7 +129,7 @@
 owner   => 'nova',
 group   => 'nova',
 mode=> '0700',
-require => User['nova'],
+require   => Package['nova-compute'],
 }
 
 file { '/var/lib/nova/.ssh/id_rsa':

-- 
To view, visit https://gerrit.wikimedia.org/r/398312
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova::common dependency handled higher up

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398266 )

Change subject: openstack: nova::common dependency handled higher up
..


openstack: nova::common dependency handled higher up

Historically the openstack module was a mishmash of
dependency handling and we are now consolidating on using
the profile layer to order things appropriately.

There is no actual need to have openstack::nova::common
as a dependency of (for ex) openstack::nova::compute::service
as apt handles pulling in nova-common and related dependencies
in the case of a vanilla deployment of nova::compute::service
and in our deployment scenarios it is either duplicated
logic or conflicting.

see:  apt-cache rdepends nova-common for instance
on any compute/control/net node.

Bug: T171494
Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08
---
M modules/openstack/manifests/nova/api/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/conductor/service.pp
M modules/openstack/manifests/nova/scheduler/service.pp
M modules/openstack/manifests/nova/spiceproxy/service.pp
5 files changed, 0 insertions(+), 8 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/nova/api/service.pp 
b/modules/openstack/manifests/nova/api/service.pp
index 8011e9b..f144a13 100644
--- a/modules/openstack/manifests/nova/api/service.pp
+++ b/modules/openstack/manifests/nova/api/service.pp
@@ -4,8 +4,6 @@
 $active,
 ) {
 
-require openstack::nova::common
-
 package { 'nova-api':
 ensure  => 'present',
 }
diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index 15f5f07..9829b07 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -8,8 +8,6 @@
 $ca_target,
 ){
 
-include openstack::nova::common
-
 # Check for buggy kernels.  There are a lot of them!
 if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, 
'3.13.0-46') < 0) {
 # see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917
diff --git a/modules/openstack/manifests/nova/conductor/service.pp 
b/modules/openstack/manifests/nova/conductor/service.pp
index c5f9d62..abe768f 100644
--- a/modules/openstack/manifests/nova/conductor/service.pp
+++ b/modules/openstack/manifests/nova/conductor/service.pp
@@ -7,8 +7,6 @@
 $active,
 ) {
 
-require openstack::nova::common
-
 package { 'nova-conductor':
 ensure  => 'present',
 }
diff --git a/modules/openstack/manifests/nova/scheduler/service.pp 
b/modules/openstack/manifests/nova/scheduler/service.pp
index 285406a..eea04a3 100644
--- a/modules/openstack/manifests/nova/scheduler/service.pp
+++ b/modules/openstack/manifests/nova/scheduler/service.pp
@@ -5,7 +5,6 @@
 $version,
 ){
 
-require openstack::nova::common
 package { 'nova-scheduler':
 ensure  => 'present',
 }
diff --git a/modules/openstack/manifests/nova/spiceproxy/service.pp 
b/modules/openstack/manifests/nova/spiceproxy/service.pp
index df359a0..90889db 100644
--- a/modules/openstack/manifests/nova/spiceproxy/service.pp
+++ b/modules/openstack/manifests/nova/spiceproxy/service.pp
@@ -7,7 +7,6 @@
 $version,
 ){
 
-require openstack::nova::common
 package { ['nova-spiceproxy', 'nova-consoleauth', 'spice-html5', 
'websockify']:
 ensure  => 'present',
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398266
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Alex Monk 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova::common dependency handled higher up

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398266 )

Change subject: openstack: nova::common dependency handled higher up
..

openstack: nova::common dependency handled higher up

Historically the openstack module was a mishmash of
dependency handling and we are now consolidating on using
the profile layer to order things appropriately.

There is no actual need to have openstack::nova::common
as a dependency of (for ex) openstack::nova::compute::service
as apt handles pulling in nova-common and related dependencies
in the case of a vanilla deployment of nova::compute::service
and in our deployment scenarios it is either duplicated
logic or conflicting.

see:  apt-cache rdepends nova-common for instance
on any compute/control/net node.

Bug: T171494
Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08
---
M modules/openstack/manifests/nova/api/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/conductor/service.pp
M modules/openstack/manifests/nova/scheduler/service.pp
M modules/openstack/manifests/nova/spiceproxy/service.pp
5 files changed, 0 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/66/398266/1

diff --git a/modules/openstack/manifests/nova/api/service.pp 
b/modules/openstack/manifests/nova/api/service.pp
index 8011e9b..f144a13 100644
--- a/modules/openstack/manifests/nova/api/service.pp
+++ b/modules/openstack/manifests/nova/api/service.pp
@@ -4,8 +4,6 @@
 $active,
 ) {
 
-require openstack::nova::common
-
 package { 'nova-api':
 ensure  => 'present',
 }
diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index 15f5f07..9829b07 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -8,8 +8,6 @@
 $ca_target,
 ){
 
-include openstack::nova::common
-
 # Check for buggy kernels.  There are a lot of them!
 if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, 
'3.13.0-46') < 0) {
 # see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917
diff --git a/modules/openstack/manifests/nova/conductor/service.pp 
b/modules/openstack/manifests/nova/conductor/service.pp
index c5f9d62..abe768f 100644
--- a/modules/openstack/manifests/nova/conductor/service.pp
+++ b/modules/openstack/manifests/nova/conductor/service.pp
@@ -7,8 +7,6 @@
 $active,
 ) {
 
-require openstack::nova::common
-
 package { 'nova-conductor':
 ensure  => 'present',
 }
diff --git a/modules/openstack/manifests/nova/scheduler/service.pp 
b/modules/openstack/manifests/nova/scheduler/service.pp
index 285406a..eea04a3 100644
--- a/modules/openstack/manifests/nova/scheduler/service.pp
+++ b/modules/openstack/manifests/nova/scheduler/service.pp
@@ -5,7 +5,6 @@
 $version,
 ){
 
-require openstack::nova::common
 package { 'nova-scheduler':
 ensure  => 'present',
 }
diff --git a/modules/openstack/manifests/nova/spiceproxy/service.pp 
b/modules/openstack/manifests/nova/spiceproxy/service.pp
index df359a0..90889db 100644
--- a/modules/openstack/manifests/nova/spiceproxy/service.pp
+++ b/modules/openstack/manifests/nova/spiceproxy/service.pp
@@ -7,7 +7,6 @@
 $version,
 ){
 
-require openstack::nova::common
 package { ['nova-spiceproxy', 'nova-consoleauth', 'spice-html5', 
'websockify']:
 ensure  => 'present',
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398266
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Revert "cloud: setup for attended upgrade process""

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398259 )

Change subject: Revert "Revert "cloud: setup for attended upgrade process""
..


Revert "Revert "cloud: setup for attended upgrade process""

This reverts commit ea71c8fe2f97359599a6f87c04c2d000e05c474a.

There was a mistake in the variable names.

Change-Id: Ibccc1e3050412d9ac9bddbd14069a118c7808256
Signed-off-by: Arturo Borrero Gonzalez 
---
M hieradata/labs.yaml
A hieradata/labs/project-proxy/common.yaml
M hieradata/labs/tools/common.yaml
M modules/apt/manifests/unattendedupgrades.pp
M modules/profile/manifests/base/labs.pp
5 files changed, 50 insertions(+), 7 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index aa078d5..bf7c323 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -17,6 +17,8 @@
   recursor: 'labs-recursor0.wikimedia.org'
   recursor_secondary: 'labs-recursor1.wikimedia.org'
 
+profile::base::labs::unattended_wmf: 'present'
+profile::base::labs::unattended_distro: 'present'
 profile::openstack::main::version: 'liberty'
 profile::openstack::base::region: "%{::site}"
 profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org'
diff --git a/hieradata/labs/project-proxy/common.yaml 
b/hieradata/labs/project-proxy/common.yaml
new file mode 100644
index 000..9a76d8a
--- /dev/null
+++ b/hieradata/labs/project-proxy/common.yaml
@@ -0,0 +1,2 @@
+profile::base::labs::unattended_wmf: 'absent'
+profile::base::labs::unattended_distro: 'absent'
diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml
index c62e87a..3e03999 100644
--- a/hieradata/labs/tools/common.yaml
+++ b/hieradata/labs/tools/common.yaml
@@ -1,3 +1,6 @@
+profile::base::labs::unattended_wmf: 'absent'
+profile::base::labs::unattended_distro: 'absent'
+
 "profile::base::core_dump_pattern": core
 classes:
 - role::aptly::client
diff --git a/modules/apt/manifests/unattendedupgrades.pp 
b/modules/apt/manifests/unattendedupgrades.pp
index c02745c..414afcc 100644
--- a/modules/apt/manifests/unattendedupgrades.pp
+++ b/modules/apt/manifests/unattendedupgrades.pp
@@ -1,13 +1,26 @@
-class apt::unattendedupgrades($ensure=present) {
+# Manage unattended updates across cloud instances
+#  Note: security updates can not be disabled (enabled by default)
+#
+# [*unattended_wmf*]
+#  present/absent to enable/disable wmf packages
+#
+# [*unattended_distro*]
+#  present/absent to enable/disable updates in stable packages
+
+class apt::unattendedupgrades(
+$unattended_distro='present',
+$unattended_wmf='present',
+) {
+
 # package installation should enable security upgrades by default
 package { 'unattended-upgrades':
-ensure => $ensure,
+ensure => 'present',
 }
 
 # dpkg tries to determine the most conservative default action in case of
 # conffile conflict. This tells dpkg to use that action without asking
 apt::conf { 'dpkg-force-confdef':
-ensure   => present,
+ensure   => 'present',
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confdef',
@@ -16,20 +29,36 @@
 # In case of conffile conflicts, tell dpkg to keep the old conffile without
 # asking
 apt::conf { 'dpkg-force-confold':
-ensure   => present,
+ensure   => 'present',
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confold',
 }
 
 apt::conf { 'auto-upgrades':
-ensure   => $ensure,
+ensure   => 'present',
 priority => '20',
 key  => 'APT::Periodic::Unattended-Upgrade',
 value=> '1',
 }
 
+# https://wiki.debian.org/StableUpdates
+# https://www.debian.org/News/2011/20110215
+apt::conf { 'unattended-upgrades-updates':
+ensure   => $unattended_distro,
+priority => '52',
+# Key with trailing '::' to append to potentially existing entry
+key  => 'Unattended-Upgrade::Origins-Pattern::',
+# lint:ignore:single_quote_string_with_variables
+value=> 'origin=${distro_id},codename=${distro_codename}-updates',
+# lint:endignore
+}
+
+# Unattended should update WMF packages
+# https://apt.wikimedia.org/wikimedia/
+# https://wikitech.wikimedia.org/wiki/APT_repository
 apt::conf { 'unattended-upgrades-wikimedia':
+ensure   => $unattended_wmf,
 priority => '51',
 # Key with trailing '::' to append to potentially existing entry
 key  => 'Unattended-Upgrade::Origins-Pattern::',
diff --git a/modules/profile/manifests/base/labs.pp 
b/modules/profile/manifests/base/labs.pp
index 23816b3..59c9b25 100644
--- a/modules/profile/manifests/base/labs.pp
+++ b/modules/profile/manifests/base/labs.pp
@@ -1,6 +1,13 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "mariadb: Remove mariadb.pp and move some old roles t...

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398257 )

Change subject: Revert "mariadb: Remove mariadb.pp and move some old roles to 
profiles"
..


Revert "mariadb: Remove mariadb.pp and move some old roles to profiles"

This reverts commit c698af4785282bf45358377b04ab2dd9f4ac3f5f.

Change-Id: I9dbe26e09fda0d9fb7d53e962c9b6958b203db17
---
M manifests/site.pp
M modules/profile/manifests/mariadb/core/multiinstance.pp
D modules/profile/manifests/mariadb/grants/core.pp
D modules/profile/manifests/mariadb/grants/production.pp
M modules/profile/manifests/mariadb/misc/eventlogging/database.pp
D modules/profile/manifests/mariadb/monitor/dba.pp
D modules/profile/manifests/mariadb/monitor/prometheus.pp
M modules/role/manifests/labs/db/master.pp
M modules/role/manifests/labs/db/replica.pp
M modules/role/manifests/labs/db/slave.pp
M modules/role/manifests/mariadb.pp
M modules/role/manifests/mariadb/core.pp
M modules/role/manifests/mariadb/dbstore.pp
M modules/role/manifests/mariadb/dbstore_multiinstance.pp
M modules/role/manifests/mariadb/labs_deprecated.pp
M modules/role/manifests/mariadb/misc.pp
M modules/role/manifests/mariadb/misc/phabricator.pp
M modules/role/manifests/mariadb/parsercache.pp
M modules/role/manifests/mariadb/sanitarium_multiinstance.pp
M modules/role/manifests/mariadb/sanitarium_multisource.pp
M modules/role/manifests/mariadb/tendril.pp
M modules/role/manifests/mariadb/wikitech.pp
22 files changed, 238 insertions(+), 206 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/manifests/site.pp b/manifests/site.pp
index c51e706..6618172 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -595,6 +595,7 @@
 # tendril db
 node 'db1011.eqiad.wmnet' {
 role(mariadb::tendril)
+include ::base::firewall
 }
 
 node 'dbstore1001.eqiad.wmnet' {
diff --git a/modules/profile/manifests/mariadb/core/multiinstance.pp 
b/modules/profile/manifests/mariadb/core/multiinstance.pp
index 8f669c4..0f82887 100644
--- a/modules/profile/manifests/mariadb/core/multiinstance.pp
+++ b/modules/profile/manifests/mariadb/core/multiinstance.pp
@@ -18,8 +18,16 @@
 srange => '$PRODUCTION_NETWORKS',
 }
 
-class { 'mariadb::packages_wmf': }
-class { 'mariadb::service':
+#TODO: define one group per shard
+class {'role::mariadb::groups':
+mysql_group => 'core',
+mysql_shard => 's1',
+mysql_role  => 'slave',
+socket  => '/run/mysqld/mysqld.s1.sock',
+}
+
+class {'mariadb::packages_wmf': }
+class {'mariadb::service':
 override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main 
service is \
 disabled, use mariadb@ instead'; exit 1\"",
 }
@@ -38,7 +46,7 @@
 binlog_format => 'ROW',
 }
 
-file { '/etc/mysql/mysqld.conf.d':
+file {'/etc/mysql/mysqld.conf.d':
 ensure => directory,
 owner  => root,
 group  => root,
diff --git a/modules/profile/manifests/mariadb/grants/core.pp 
b/modules/profile/manifests/mariadb/grants/core.pp
deleted file mode 100644
index 346401c..000
--- a/modules/profile/manifests/mariadb/grants/core.pp
+++ /dev/null
@@ -1,16 +0,0 @@
-# wikiadmin, wikiuser
-class profile::mariadb::grants::core {
-
-include passwords::misc::scripts
-
-$wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass
-$wikiuser_pass  = $passwords::misc::scripts::wikiuser_pass
-
-file { '/etc/mysql/production-grants-core.sql':
-ensure  => present,
-owner   => 'root',
-group   => 'root',
-mode=> '0400',
-content => template('role/mariadb/grants/production-core.sql.erb'),
-}
-}
diff --git a/modules/profile/manifests/mariadb/grants/production.pp 
b/modules/profile/manifests/mariadb/grants/production.pp
deleted file mode 100644
index 4151434..000
--- a/modules/profile/manifests/mariadb/grants/production.pp
+++ /dev/null
@@ -1,72 +0,0 @@
-# root, repl, nagios, tendril, prometheus
-# WARNING: any root user will have access to these files
-# Do not apply to hosts with users with arbitrary roots
-# or any non-production mysql, such as labs-support hosts,
-# wikitech hosts, etc.
-class profile::mariadb::grants::production(
-$shard= false,
-$prompt   = '',
-$password = 'undefined',
-) {
-
-include passwords::misc::scripts
-include passwords::tendril
-include passwords::nodepool
-include passwords::testreduce::mysql
-include passwords::racktables
-include passwords::prometheus
-include passwords::servermon
-include passwords::striker
-include passwords::labsdbaccounts
-include passwords::mysql::phabricator
-
-$root_pass   = $passwords::misc::scripts::mysql_root_pass
-$repl_pass   = $passwords::misc::scripts::mysql_repl_pass
-$nagios_pass = $passwords::misc::scripts::nagios_sql_pass
-$tendril_user= 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "mariadb: Remove mariadb.pp and move some old roles t...

[Rush (Code Review)]

Hello Giuseppe Lavagetto, Marostegui, jenkins-bot, Jcrespo,

I'd like you to do a code review.  Please visit

https://gerrit.wikimedia.org/r/398257

to review the following change.


Change subject: Revert "mariadb: Remove mariadb.pp and move some old roles to 
profiles"
..

Revert "mariadb: Remove mariadb.pp and move some old roles to profiles"

This reverts commit c698af4785282bf45358377b04ab2dd9f4ac3f5f.

Change-Id: I9dbe26e09fda0d9fb7d53e962c9b6958b203db17
---
M manifests/site.pp
M modules/profile/manifests/mariadb/core/multiinstance.pp
D modules/profile/manifests/mariadb/grants/core.pp
D modules/profile/manifests/mariadb/grants/production.pp
M modules/profile/manifests/mariadb/misc/eventlogging/database.pp
D modules/profile/manifests/mariadb/monitor/dba.pp
D modules/profile/manifests/mariadb/monitor/prometheus.pp
M modules/role/manifests/labs/db/master.pp
M modules/role/manifests/labs/db/replica.pp
M modules/role/manifests/labs/db/slave.pp
M modules/role/manifests/mariadb.pp
M modules/role/manifests/mariadb/core.pp
M modules/role/manifests/mariadb/dbstore.pp
M modules/role/manifests/mariadb/dbstore_multiinstance.pp
M modules/role/manifests/mariadb/labs_deprecated.pp
M modules/role/manifests/mariadb/misc.pp
M modules/role/manifests/mariadb/misc/phabricator.pp
M modules/role/manifests/mariadb/parsercache.pp
M modules/role/manifests/mariadb/sanitarium_multiinstance.pp
M modules/role/manifests/mariadb/sanitarium_multisource.pp
M modules/role/manifests/mariadb/tendril.pp
M modules/role/manifests/mariadb/wikitech.pp
22 files changed, 238 insertions(+), 206 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/57/398257/1

diff --git a/manifests/site.pp b/manifests/site.pp
index c51e706..6618172 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -595,6 +595,7 @@
 # tendril db
 node 'db1011.eqiad.wmnet' {
 role(mariadb::tendril)
+include ::base::firewall
 }
 
 node 'dbstore1001.eqiad.wmnet' {
diff --git a/modules/profile/manifests/mariadb/core/multiinstance.pp 
b/modules/profile/manifests/mariadb/core/multiinstance.pp
index 8f669c4..0f82887 100644
--- a/modules/profile/manifests/mariadb/core/multiinstance.pp
+++ b/modules/profile/manifests/mariadb/core/multiinstance.pp
@@ -18,8 +18,16 @@
 srange => '$PRODUCTION_NETWORKS',
 }
 
-class { 'mariadb::packages_wmf': }
-class { 'mariadb::service':
+#TODO: define one group per shard
+class {'role::mariadb::groups':
+mysql_group => 'core',
+mysql_shard => 's1',
+mysql_role  => 'slave',
+socket  => '/run/mysqld/mysqld.s1.sock',
+}
+
+class {'mariadb::packages_wmf': }
+class {'mariadb::service':
 override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main 
service is \
 disabled, use mariadb@ instead'; exit 1\"",
 }
@@ -38,7 +46,7 @@
 binlog_format => 'ROW',
 }
 
-file { '/etc/mysql/mysqld.conf.d':
+file {'/etc/mysql/mysqld.conf.d':
 ensure => directory,
 owner  => root,
 group  => root,
diff --git a/modules/profile/manifests/mariadb/grants/core.pp 
b/modules/profile/manifests/mariadb/grants/core.pp
deleted file mode 100644
index 346401c..000
--- a/modules/profile/manifests/mariadb/grants/core.pp
+++ /dev/null
@@ -1,16 +0,0 @@
-# wikiadmin, wikiuser
-class profile::mariadb::grants::core {
-
-include passwords::misc::scripts
-
-$wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass
-$wikiuser_pass  = $passwords::misc::scripts::wikiuser_pass
-
-file { '/etc/mysql/production-grants-core.sql':
-ensure  => present,
-owner   => 'root',
-group   => 'root',
-mode=> '0400',
-content => template('role/mariadb/grants/production-core.sql.erb'),
-}
-}
diff --git a/modules/profile/manifests/mariadb/grants/production.pp 
b/modules/profile/manifests/mariadb/grants/production.pp
deleted file mode 100644
index 4151434..000
--- a/modules/profile/manifests/mariadb/grants/production.pp
+++ /dev/null
@@ -1,72 +0,0 @@
-# root, repl, nagios, tendril, prometheus
-# WARNING: any root user will have access to these files
-# Do not apply to hosts with users with arbitrary roots
-# or any non-production mysql, such as labs-support hosts,
-# wikitech hosts, etc.
-class profile::mariadb::grants::production(
-$shard= false,
-$prompt   = '',
-$password = 'undefined',
-) {
-
-include passwords::misc::scripts
-include passwords::tendril
-include passwords::nodepool
-include passwords::testreduce::mysql
-include passwords::racktables
-include passwords::prometheus
-include passwords::servermon
-include passwords::striker
-include passwords::labsdbaccounts
-include passwords::mysql::phabricator
-
-$root_pass   = $passwords::misc::scripts::mysql_root_pass
-$repl_pass   = 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "cloud: setup for attended upgrade process"

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398256 )

Change subject: Revert "cloud: setup for attended upgrade process"
..


Revert "cloud: setup for attended upgrade process"

This reverts commit 8f9bdd5b83781fceacd86cc2122dd4802465038a.

Change-Id: Iaf6f7cff34b4c0fa74c2cab5947d27467983d264
---
M hieradata/labs.yaml
D hieradata/labs/project-proxy/common.yaml
M hieradata/labs/tools/common.yaml
M modules/apt/manifests/unattendedupgrades.pp
M modules/profile/manifests/base/labs.pp
5 files changed, 7 insertions(+), 50 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index 786efaa..aa078d5 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -17,8 +17,6 @@
   recursor: 'labs-recursor0.wikimedia.org'
   recursor_secondary: 'labs-recursor1.wikimedia.org'
 
-profile::base::labs::unattended_distro: 'present'
-profile::base::labs::unattended_wmf: 'present'
 profile::openstack::main::version: 'liberty'
 profile::openstack::base::region: "%{::site}"
 profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org'
diff --git a/hieradata/labs/project-proxy/common.yaml 
b/hieradata/labs/project-proxy/common.yaml
deleted file mode 100644
index 48de25f..000
--- a/hieradata/labs/project-proxy/common.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-profile::base::labs::unattended_wmf: 'absent'
-profile::base::labs::unattended_updates: 'absent'
diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml
index dba5753..c62e87a 100644
--- a/hieradata/labs/tools/common.yaml
+++ b/hieradata/labs/tools/common.yaml
@@ -1,6 +1,3 @@
-profile::base::labs::unattended_wmf: 'absent'
-profile::base::labs::unattended_updates: 'absent'
-
 "profile::base::core_dump_pattern": core
 classes:
 - role::aptly::client
diff --git a/modules/apt/manifests/unattendedupgrades.pp 
b/modules/apt/manifests/unattendedupgrades.pp
index ab22e72..c02745c 100644
--- a/modules/apt/manifests/unattendedupgrades.pp
+++ b/modules/apt/manifests/unattendedupgrades.pp
@@ -1,26 +1,13 @@
-# Manage unattended updates across cloud instances
-#  Note: security updates can not be disabled (enabled by default)
-#
-# [*unattended_wmf*]
-#  present/absent to enable/disable wmf packages
-#
-# [*unattended_updates*]
-#  present/absent to enable/disable updates suite packages
-
-class apt::unattendedupgrades(
-$unattended_distro='present',
-$unattended_wmf='present',
-) {
-
+class apt::unattendedupgrades($ensure=present) {
 # package installation should enable security upgrades by default
 package { 'unattended-upgrades':
-ensure => 'present',
+ensure => $ensure,
 }
 
 # dpkg tries to determine the most conservative default action in case of
 # conffile conflict. This tells dpkg to use that action without asking
 apt::conf { 'dpkg-force-confdef':
-ensure   => 'present',
+ensure   => present,
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confdef',
@@ -29,36 +16,20 @@
 # In case of conffile conflicts, tell dpkg to keep the old conffile without
 # asking
 apt::conf { 'dpkg-force-confold':
-ensure   => 'present',
+ensure   => present,
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confold',
 }
 
 apt::conf { 'auto-upgrades':
-ensure   => 'present',
+ensure   => $ensure,
 priority => '20',
 key  => 'APT::Periodic::Unattended-Upgrade',
 value=> '1',
 }
 
-# https://wiki.debian.org/StableUpdates
-# https://www.debian.org/News/2011/20110215
-apt::conf { 'unattended-upgrades-updates':
-ensure   => $unattended_distro,
-priority => '52',
-# Key with trailing '::' to append to potentially existing entry
-key  => 'Unattended-Upgrade::Origins-Pattern::',
-# lint:ignore:single_quote_string_with_variables
-value=> 'origin=${distro_id},codename=${distro_codename}-updates',
-# lint:endignore
-}
-
-# Unattended should update WMF packages
-# https://apt.wikimedia.org/wikimedia/
-# https://wikitech.wikimedia.org/wiki/APT_repository
 apt::conf { 'unattended-upgrades-wikimedia':
-ensure   => $unattended_wmf,
 priority => '51',
 # Key with trailing '::' to append to potentially existing entry
 key  => 'Unattended-Upgrade::Origins-Pattern::',
diff --git a/modules/profile/manifests/base/labs.pp 
b/modules/profile/manifests/base/labs.pp
index 5e37cbc..23816b3 100644
--- a/modules/profile/manifests/base/labs.pp
+++ b/modules/profile/manifests/base/labs.pp
@@ -1,13 +1,6 @@
-class profile::base::labs(
-$unattended_wmf = hiera('profile::base::labs::unattended_wmf'),
-$unattended_updates = 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "cloud: setup for attended upgrade process"

[Rush (Code Review)]

Hello Arturo Borrero Gonzalez, Yuvipanda, Merlijn van Deen, jenkins-bot,

I'd like you to do a code review.  Please visit

https://gerrit.wikimedia.org/r/398256

to review the following change.


Change subject: Revert "cloud: setup for attended upgrade process"
..

Revert "cloud: setup for attended upgrade process"

This reverts commit 8f9bdd5b83781fceacd86cc2122dd4802465038a.

Change-Id: Iaf6f7cff34b4c0fa74c2cab5947d27467983d264
---
M hieradata/labs.yaml
D hieradata/labs/project-proxy/common.yaml
M hieradata/labs/tools/common.yaml
M modules/apt/manifests/unattendedupgrades.pp
M modules/profile/manifests/base/labs.pp
5 files changed, 7 insertions(+), 50 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/56/398256/1

diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index 786efaa..aa078d5 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -17,8 +17,6 @@
   recursor: 'labs-recursor0.wikimedia.org'
   recursor_secondary: 'labs-recursor1.wikimedia.org'
 
-profile::base::labs::unattended_distro: 'present'
-profile::base::labs::unattended_wmf: 'present'
 profile::openstack::main::version: 'liberty'
 profile::openstack::base::region: "%{::site}"
 profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org'
diff --git a/hieradata/labs/project-proxy/common.yaml 
b/hieradata/labs/project-proxy/common.yaml
deleted file mode 100644
index 48de25f..000
--- a/hieradata/labs/project-proxy/common.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-profile::base::labs::unattended_wmf: 'absent'
-profile::base::labs::unattended_updates: 'absent'
diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml
index dba5753..c62e87a 100644
--- a/hieradata/labs/tools/common.yaml
+++ b/hieradata/labs/tools/common.yaml
@@ -1,6 +1,3 @@
-profile::base::labs::unattended_wmf: 'absent'
-profile::base::labs::unattended_updates: 'absent'
-
 "profile::base::core_dump_pattern": core
 classes:
 - role::aptly::client
diff --git a/modules/apt/manifests/unattendedupgrades.pp 
b/modules/apt/manifests/unattendedupgrades.pp
index ab22e72..c02745c 100644
--- a/modules/apt/manifests/unattendedupgrades.pp
+++ b/modules/apt/manifests/unattendedupgrades.pp
@@ -1,26 +1,13 @@
-# Manage unattended updates across cloud instances
-#  Note: security updates can not be disabled (enabled by default)
-#
-# [*unattended_wmf*]
-#  present/absent to enable/disable wmf packages
-#
-# [*unattended_updates*]
-#  present/absent to enable/disable updates suite packages
-
-class apt::unattendedupgrades(
-$unattended_distro='present',
-$unattended_wmf='present',
-) {
-
+class apt::unattendedupgrades($ensure=present) {
 # package installation should enable security upgrades by default
 package { 'unattended-upgrades':
-ensure => 'present',
+ensure => $ensure,
 }
 
 # dpkg tries to determine the most conservative default action in case of
 # conffile conflict. This tells dpkg to use that action without asking
 apt::conf { 'dpkg-force-confdef':
-ensure   => 'present',
+ensure   => present,
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confdef',
@@ -29,36 +16,20 @@
 # In case of conffile conflicts, tell dpkg to keep the old conffile without
 # asking
 apt::conf { 'dpkg-force-confold':
-ensure   => 'present',
+ensure   => present,
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confold',
 }
 
 apt::conf { 'auto-upgrades':
-ensure   => 'present',
+ensure   => $ensure,
 priority => '20',
 key  => 'APT::Periodic::Unattended-Upgrade',
 value=> '1',
 }
 
-# https://wiki.debian.org/StableUpdates
-# https://www.debian.org/News/2011/20110215
-apt::conf { 'unattended-upgrades-updates':
-ensure   => $unattended_distro,
-priority => '52',
-# Key with trailing '::' to append to potentially existing entry
-key  => 'Unattended-Upgrade::Origins-Pattern::',
-# lint:ignore:single_quote_string_with_variables
-value=> 'origin=${distro_id},codename=${distro_codename}-updates',
-# lint:endignore
-}
-
-# Unattended should update WMF packages
-# https://apt.wikimedia.org/wikimedia/
-# https://wikitech.wikimedia.org/wiki/APT_repository
 apt::conf { 'unattended-upgrades-wikimedia':
-ensure   => $unattended_wmf,
 priority => '51',
 # Key with trailing '::' to append to potentially existing entry
 key  => 'Unattended-Upgrade::Origins-Pattern::',
diff --git a/modules/profile/manifests/base/labs.pp 
b/modules/profile/manifests/base/labs.pp
index 5e37cbc..23816b3 100644
--- a/modules/profile/manifests/base/labs.pp
+++ b/modules/profile/manifests/base/labs.pp
@@ -1,13 +1,6 @@

[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: setup for attended upgrade process

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/394200 )

Change subject: cloud: setup for attended upgrade process
..


cloud: setup for attended upgrade process

exclude:
* project-proxy
* tools

Bug: T181647
Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111
---
M hieradata/labs.yaml
A hieradata/labs/project-proxy/common.yaml
M hieradata/labs/tools/common.yaml
M modules/apt/manifests/unattendedupgrades.pp
M modules/profile/manifests/base/labs.pp
5 files changed, 50 insertions(+), 7 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index aa078d5..786efaa 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -17,6 +17,8 @@
   recursor: 'labs-recursor0.wikimedia.org'
   recursor_secondary: 'labs-recursor1.wikimedia.org'
 
+profile::base::labs::unattended_distro: 'present'
+profile::base::labs::unattended_wmf: 'present'
 profile::openstack::main::version: 'liberty'
 profile::openstack::base::region: "%{::site}"
 profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org'
diff --git a/hieradata/labs/project-proxy/common.yaml 
b/hieradata/labs/project-proxy/common.yaml
new file mode 100644
index 000..48de25f
--- /dev/null
+++ b/hieradata/labs/project-proxy/common.yaml
@@ -0,0 +1,2 @@
+profile::base::labs::unattended_wmf: 'absent'
+profile::base::labs::unattended_updates: 'absent'
diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml
index c62e87a..dba5753 100644
--- a/hieradata/labs/tools/common.yaml
+++ b/hieradata/labs/tools/common.yaml
@@ -1,3 +1,6 @@
+profile::base::labs::unattended_wmf: 'absent'
+profile::base::labs::unattended_updates: 'absent'
+
 "profile::base::core_dump_pattern": core
 classes:
 - role::aptly::client
diff --git a/modules/apt/manifests/unattendedupgrades.pp 
b/modules/apt/manifests/unattendedupgrades.pp
index c02745c..ab22e72 100644
--- a/modules/apt/manifests/unattendedupgrades.pp
+++ b/modules/apt/manifests/unattendedupgrades.pp
@@ -1,13 +1,26 @@
-class apt::unattendedupgrades($ensure=present) {
+# Manage unattended updates across cloud instances
+#  Note: security updates can not be disabled (enabled by default)
+#
+# [*unattended_wmf*]
+#  present/absent to enable/disable wmf packages
+#
+# [*unattended_updates*]
+#  present/absent to enable/disable updates suite packages
+
+class apt::unattendedupgrades(
+$unattended_distro='present',
+$unattended_wmf='present',
+) {
+
 # package installation should enable security upgrades by default
 package { 'unattended-upgrades':
-ensure => $ensure,
+ensure => 'present',
 }
 
 # dpkg tries to determine the most conservative default action in case of
 # conffile conflict. This tells dpkg to use that action without asking
 apt::conf { 'dpkg-force-confdef':
-ensure   => present,
+ensure   => 'present',
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confdef',
@@ -16,20 +29,36 @@
 # In case of conffile conflicts, tell dpkg to keep the old conffile without
 # asking
 apt::conf { 'dpkg-force-confold':
-ensure   => present,
+ensure   => 'present',
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confold',
 }
 
 apt::conf { 'auto-upgrades':
-ensure   => $ensure,
+ensure   => 'present',
 priority => '20',
 key  => 'APT::Periodic::Unattended-Upgrade',
 value=> '1',
 }
 
+# https://wiki.debian.org/StableUpdates
+# https://www.debian.org/News/2011/20110215
+apt::conf { 'unattended-upgrades-updates':
+ensure   => $unattended_distro,
+priority => '52',
+# Key with trailing '::' to append to potentially existing entry
+key  => 'Unattended-Upgrade::Origins-Pattern::',
+# lint:ignore:single_quote_string_with_variables
+value=> 'origin=${distro_id},codename=${distro_codename}-updates',
+# lint:endignore
+}
+
+# Unattended should update WMF packages
+# https://apt.wikimedia.org/wikimedia/
+# https://wikitech.wikimedia.org/wiki/APT_repository
 apt::conf { 'unattended-upgrades-wikimedia':
+ensure   => $unattended_wmf,
 priority => '51',
 # Key with trailing '::' to append to potentially existing entry
 key  => 'Unattended-Upgrade::Origins-Pattern::',
diff --git a/modules/profile/manifests/base/labs.pp 
b/modules/profile/manifests/base/labs.pp
index 23816b3..5e37cbc 100644
--- a/modules/profile/manifests/base/labs.pp
+++ b/modules/profile/manifests/base/labs.pp
@@ -1,6 +1,13 @@
-class profile::base::labs {
-include ::apt::unattendedupgrades
+class profile::base::labs(
+$unattended_wmf = 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: sane class dependency handling for labtest[n]

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398169 )

Change subject: openstack: sane class dependency handling for labtest[n]
..


openstack: sane class dependency handling for labtest[n]

Bug: T171494
Change-Id: I6f235999ff42c91637d845c2c1a457e59ab6099f
---
M modules/profile/manifests/openstack/base/nova/api/service.pp
M modules/profile/manifests/openstack/base/nova/compute/service.pp
M modules/profile/manifests/openstack/base/nova/conductor/service.pp
M modules/profile/manifests/openstack/base/nova/fullstack/service.pp
M modules/profile/manifests/openstack/base/nova/network/service.pp
M modules/profile/manifests/openstack/base/nova/scheduler/service.pp
M modules/profile/manifests/openstack/base/nova/spiceproxy/service.pp
M modules/profile/manifests/openstack/labtest/clientlib.pp
M modules/profile/manifests/openstack/labtest/cloudrepo.pp
M modules/profile/manifests/openstack/labtest/designate/service.pp
M modules/profile/manifests/openstack/labtest/glance.pp
M modules/profile/manifests/openstack/labtest/horizon/dashboard.pp
M modules/profile/manifests/openstack/labtest/keystone/service.pp
M modules/profile/manifests/openstack/labtest/nova/api/service.pp
M modules/profile/manifests/openstack/labtest/nova/common.pp
M modules/profile/manifests/openstack/labtest/nova/compute/service.pp
M modules/profile/manifests/openstack/labtest/nova/conductor/service.pp
M modules/profile/manifests/openstack/labtest/nova/network/service.pp
M modules/profile/manifests/openstack/labtest/nova/scheduler/service.pp
M modules/profile/manifests/openstack/labtest/nova/spiceproxy/service.pp
M modules/profile/manifests/openstack/labtest/observerenv.pp
M modules/profile/manifests/openstack/labtest/pdns/dns_floating_ip_updater.pp
M modules/profile/manifests/openstack/labtest/rabbitmq.pp
M modules/profile/manifests/openstack/labtestn/clientlib.pp
24 files changed, 33 insertions(+), 2 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/base/nova/api/service.pp 
b/modules/profile/manifests/openstack/base/nova/api/service.pp
index f1b5993..35a40f2 100644
--- a/modules/profile/manifests/openstack/base/nova/api/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/api/service.pp
@@ -5,8 +5,10 @@
 class {'::openstack::nova::api::service':
 active => ($::fqdn == $nova_api_host),
 }
+contain '::openstack::nova::api::service'
 
 class {'::openstack::nova::api::monitor':
 active => ($::fqdn == $nova_api_host),
 }
+contain '::openstack::nova::api::monitor'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp 
b/modules/profile/manifests/openstack/base/nova/compute/service.pp
index 1764deb..27fc19a 100644
--- a/modules/profile/manifests/openstack/base/nova/compute/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp
@@ -56,4 +56,5 @@
 certname => $certname,
 ca_target=> $ca_target,
 }
+contain '::openstack::nova::compute::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/conductor/service.pp 
b/modules/profile/manifests/openstack/base/nova/conductor/service.pp
index a6eeeb0..a0462ff 100644
--- a/modules/profile/manifests/openstack/base/nova/conductor/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/conductor/service.pp
@@ -5,4 +5,5 @@
 class {'::openstack::nova::conductor::service':
 active => $::fqdn == $nova_controller,
 }
+contain '::openstack::nova::conductor::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp 
b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp
index ca83640..dbb95e1 100644
--- a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp
@@ -7,4 +7,5 @@
 active   => ($::fqdn == $nova_api_host),
 password => $osstackcanary_pass,
 }
+contain '::openstack::nova::fullstack::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/network/service.pp 
b/modules/profile/manifests/openstack/base/nova/network/service.pp
index 355f1d0..f952115 100644
--- a/modules/profile/manifests/openstack/base/nova/network/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/network/service.pp
@@ -34,4 +34,5 @@
 dns_recursor   => $dns_recursor,
 dns_recursor_secondary => $dns_recursor_secondary,
 }
+contain '::openstack::nova::network::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp 
b/modules/profile/manifests/openstack/base/nova/scheduler/service.pp
index d6ad90d..61da5d8 100644
--- a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp
+++ 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: sane class dependency handling for labtest[n]

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398169 )

Change subject: openstack: sane class dependency handling for labtest[n]
..

openstack: sane class dependency handling for labtest[n]

Bug: T171494
Change-Id: I6f235999ff42c91637d845c2c1a457e59ab6099f
---
M modules/profile/manifests/openstack/base/nova/api/service.pp
M modules/profile/manifests/openstack/base/nova/compute/service.pp
M modules/profile/manifests/openstack/base/nova/conductor/service.pp
M modules/profile/manifests/openstack/base/nova/fullstack/service.pp
M modules/profile/manifests/openstack/base/nova/network/service.pp
M modules/profile/manifests/openstack/base/nova/scheduler/service.pp
M modules/profile/manifests/openstack/base/nova/spiceproxy/service.pp
M modules/profile/manifests/openstack/labtest/clientlib.pp
M modules/profile/manifests/openstack/labtest/cloudrepo.pp
M modules/profile/manifests/openstack/labtest/designate/service.pp
M modules/profile/manifests/openstack/labtest/glance.pp
M modules/profile/manifests/openstack/labtest/horizon/dashboard.pp
M modules/profile/manifests/openstack/labtest/keystone/service.pp
M modules/profile/manifests/openstack/labtest/nova/api/service.pp
M modules/profile/manifests/openstack/labtest/nova/common.pp
M modules/profile/manifests/openstack/labtest/nova/compute/service.pp
M modules/profile/manifests/openstack/labtest/nova/conductor/service.pp
M modules/profile/manifests/openstack/labtest/nova/network/service.pp
M modules/profile/manifests/openstack/labtest/nova/scheduler/service.pp
M modules/profile/manifests/openstack/labtest/nova/spiceproxy/service.pp
M modules/profile/manifests/openstack/labtest/observerenv.pp
M modules/profile/manifests/openstack/labtest/pdns/dns_floating_ip_updater.pp
M modules/profile/manifests/openstack/labtest/rabbitmq.pp
M modules/profile/manifests/openstack/labtestn/clientlib.pp
24 files changed, 33 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/69/398169/1

diff --git a/modules/profile/manifests/openstack/base/nova/api/service.pp 
b/modules/profile/manifests/openstack/base/nova/api/service.pp
index f1b5993..35a40f2 100644
--- a/modules/profile/manifests/openstack/base/nova/api/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/api/service.pp
@@ -5,8 +5,10 @@
 class {'::openstack::nova::api::service':
 active => ($::fqdn == $nova_api_host),
 }
+contain '::openstack::nova::api::service'
 
 class {'::openstack::nova::api::monitor':
 active => ($::fqdn == $nova_api_host),
 }
+contain '::openstack::nova::api::monitor'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp 
b/modules/profile/manifests/openstack/base/nova/compute/service.pp
index 1764deb..27fc19a 100644
--- a/modules/profile/manifests/openstack/base/nova/compute/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp
@@ -56,4 +56,5 @@
 certname => $certname,
 ca_target=> $ca_target,
 }
+contain '::openstack::nova::compute::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/conductor/service.pp 
b/modules/profile/manifests/openstack/base/nova/conductor/service.pp
index a6eeeb0..a0462ff 100644
--- a/modules/profile/manifests/openstack/base/nova/conductor/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/conductor/service.pp
@@ -5,4 +5,5 @@
 class {'::openstack::nova::conductor::service':
 active => $::fqdn == $nova_controller,
 }
+contain '::openstack::nova::conductor::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp 
b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp
index ca83640..dbb95e1 100644
--- a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp
@@ -7,4 +7,5 @@
 active   => ($::fqdn == $nova_api_host),
 password => $osstackcanary_pass,
 }
+contain '::openstack::nova::fullstack::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/network/service.pp 
b/modules/profile/manifests/openstack/base/nova/network/service.pp
index 355f1d0..f952115 100644
--- a/modules/profile/manifests/openstack/base/nova/network/service.pp
+++ b/modules/profile/manifests/openstack/base/nova/network/service.pp
@@ -34,4 +34,5 @@
 dns_recursor   => $dns_recursor,
 dns_recursor_secondary => $dns_recursor_secondary,
 }
+contain '::openstack::nova::network::service'
 }
diff --git a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp 
b/modules/profile/manifests/openstack/base/nova/scheduler/service.pp
index d6ad90d..61da5d8 100644
--- a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp
+++ 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labtest and labtestn roles for net

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398145 )

Change subject: openstack: labtest and labtestn roles for net
..


openstack: labtest and labtestn roles for net

* labtestneutron2001 apply labtestn net role
   (with standard in the role)
* labtestnet2002 apply wmcs::openstack::labtest::net_standby
* create role::wmcs::openstack::labtest::net_standby to match main
* clientlib for role::wmcs::openstack::labtestn::net

Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552
---
M manifests/site.pp
A modules/role/manifests/wmcs/openstack/labtest/net_standby.pp
M modules/role/manifests/wmcs/openstack/labtestn/net.pp
3 files changed, 11 insertions(+), 6 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/site.pp b/manifests/site.pp
index 13a40eb..d058f15 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1000,7 +1000,6 @@
 
 node 'labtestneutron2001.codfw.wmnet' {
 role(wmcs::openstack::labtestn::net)
-include ::standard
 }
 
 node /^labtestvirt200[1-3]\.codfw\.wmnet$/ {
@@ -1015,9 +1014,7 @@
 }
 
 node 'labtestnet2002.codfw.wmnet' {
-# WIP
-include ::standard
-include ::base::firewall
+role(wmcs::openstack::labtest::net_standby)
 }
 
 node 'labtestneutron2002.codfw.wmnet' {
diff --git a/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp 
b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp
new file mode 100644
index 000..acbfbf4
--- /dev/null
+++ b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp
@@ -0,0 +1,7 @@
+class role::wmcs::openstack::labtest::net_standby {
+system::role { $name: }
+include ::standard
+include ::profile::openstack::labtest::cloudrepo
+include ::profile::openstack::labtest::clientlib
+include ::profile::openstack::labtest::observerenv
+}
diff --git a/modules/role/manifests/wmcs/openstack/labtestn/net.pp 
b/modules/role/manifests/wmcs/openstack/labtestn/net.pp
index 948e3c0..100cbe3 100644
--- a/modules/role/manifests/wmcs/openstack/labtestn/net.pp
+++ b/modules/role/manifests/wmcs/openstack/labtestn/net.pp
@@ -1,5 +1,6 @@
 class role::wmcs::openstack::labtestn::net {
 system::role { $name: }
-include ::profile::openstack::labtestn::cloudrepo
-include ::profile::openstack::labtestn::nova::common
+# Do not add base firewall
+include ::standard
+include ::profile::openstack::labtestn::clientlib
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398145
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labtest and labtestn roles for net

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398145 )

Change subject: openstack: labtest and labtestn roles for net
..

openstack: labtest and labtestn roles for net

* labtestneutron2001 apply labtestn net role
   (with standard in the role)
* labtestnet2002 apply wmcs::openstack::labtest::net_standby
* create role::wmcs::openstack::labtest::net_standby to match main
* clientlib for role::wmcs::openstack::labtestn::net

Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552
---
M manifests/site.pp
A modules/role/manifests/wmcs/openstack/labtest/net_standby.pp
M modules/role/manifests/wmcs/openstack/labtestn/net.pp
3 files changed, 11 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/45/398145/1

diff --git a/manifests/site.pp b/manifests/site.pp
index d0f9935..3af0cb7 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1000,7 +1000,6 @@
 
 node 'labtestneutron2001.codfw.wmnet' {
 role(wmcs::openstack::labtestn::net)
-include ::standard
 }
 
 node /^labtestvirt200[1-3]\.codfw\.wmnet$/ {
@@ -1015,9 +1014,7 @@
 }
 
 node 'labtestnet2002.codfw.wmnet' {
-# WIP
-include ::standard
-include ::base::firewall
+role(wmcs::openstack::labtest::net_standby)
 }
 
 node 'labtestneutron2002.codfw.wmnet' {
diff --git a/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp 
b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp
new file mode 100644
index 000..acbfbf4
--- /dev/null
+++ b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp
@@ -0,0 +1,7 @@
+class role::wmcs::openstack::labtest::net_standby {
+system::role { $name: }
+include ::standard
+include ::profile::openstack::labtest::cloudrepo
+include ::profile::openstack::labtest::clientlib
+include ::profile::openstack::labtest::observerenv
+}
diff --git a/modules/role/manifests/wmcs/openstack/labtestn/net.pp 
b/modules/role/manifests/wmcs/openstack/labtestn/net.pp
index 948e3c0..100cbe3 100644
--- a/modules/role/manifests/wmcs/openstack/labtestn/net.pp
+++ b/modules/role/manifests/wmcs/openstack/labtestn/net.pp
@@ -1,5 +1,6 @@
 class role::wmcs::openstack::labtestn::net {
 system::role { $name: }
-include ::profile::openstack::labtestn::cloudrepo
-include ::profile::openstack::labtestn::nova::common
+# Do not add base firewall
+include ::standard
+include ::profile::openstack::labtestn::clientlib
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398145
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: consistent style for ensure present

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398140 )

Change subject: openstack: consistent style for ensure present
..


openstack: consistent style for ensure present

present => 'present'

Change-Id: Ic9f75873e07dcfcc5dda4024ade8636a817d9179
---
M modules/openstack/manifests/clientlib.pp
M modules/openstack/manifests/designate/dns_floating_ip_updater.pp
M modules/openstack/manifests/glance/image_sync.pp
M modules/openstack/manifests/glance/service.pp
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/manifests/nova/api/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/conductor/service.pp
M modules/openstack/manifests/nova/network/service.pp
M modules/openstack/manifests/nova/spiceproxy/service.pp
M modules/openstack/manifests/util/admin_scripts.pp
M modules/openstack/manifests/wikitech/openstack_manager.pp
12 files changed, 27 insertions(+), 27 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/clientlib.pp 
b/modules/openstack/manifests/clientlib.pp
index d1e5ee1..85eda78 100644
--- a/modules/openstack/manifests/clientlib.pp
+++ b/modules/openstack/manifests/clientlib.pp
@@ -18,7 +18,7 @@
 
 # Wrapper python class to easily query openstack clients
 file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py':
-ensure => present,
+ensure => 'present',
 source => 
'puppet:///modules/openstack/clientlib/mwopenstackclients.py',
 mode   => '0755',
 owner  => 'root',
diff --git a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp 
b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp
index 9e284b0..1863946 100644
--- a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp
+++ b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp
@@ -21,7 +21,7 @@
 }
 
 file { '/etc/labs-floating-ips-dns-config.yaml':
-ensure  => present,
+ensure  => 'present',
 owner   => 'root',
 group   => 'root',
 mode=> '0440',
@@ -29,7 +29,7 @@
 }
 
 file { '/etc/dns-floating-ip-updater.py':
-ensure  => present,
+ensure  => 'present',
 owner   => 'root',
 group   => 'root',
 mode=> '0750',
diff --git a/modules/openstack/manifests/glance/image_sync.pp 
b/modules/openstack/manifests/glance/image_sync.pp
index dfa6a1c..f96be67 100644
--- a/modules/openstack/manifests/glance/image_sync.pp
+++ b/modules/openstack/manifests/glance/image_sync.pp
@@ -17,7 +17,7 @@
 
 # Set up a keypair and rsync image files between active and standby
 user { 'glancesync':
-ensure => present,
+ensure => 'present',
 name   => 'glancesync',
 shell  => '/bin/sh',
 comment=> 'glance rsync user',
@@ -28,7 +28,7 @@
 }
 
 ssh::userkey { 'glancesync':
-ensure  => present,
+ensure  => 'present',
 require => User['glancesync'],
 content => secret('ssh/glancesync/glancesync.pub'),
 }
diff --git a/modules/openstack/manifests/glance/service.pp 
b/modules/openstack/manifests/glance/service.pp
index 5c2d4e8..29bd89c 100644
--- a/modules/openstack/manifests/glance/service.pp
+++ b/modules/openstack/manifests/glance/service.pp
@@ -14,7 +14,7 @@
 ) {
 
 package { 'glance':
-ensure  => present,
+ensure  => 'present',
 }
 
 file { $glance_data:
diff --git a/modules/openstack/manifests/keystone/service.pp 
b/modules/openstack/manifests/keystone/service.pp
index bbbdce7..44f8dfc 100644
--- a/modules/openstack/manifests/keystone/service.pp
+++ b/modules/openstack/manifests/keystone/service.pp
@@ -58,7 +58,7 @@
 
 if $token_driver == 'redis' {
 package { 'python-keystone-redis':
-ensure => present;
+ensure => 'present';
 }
 }
 
diff --git a/modules/openstack/manifests/nova/api/service.pp 
b/modules/openstack/manifests/nova/api/service.pp
index d7fe098..8011e9b 100644
--- a/modules/openstack/manifests/nova/api/service.pp
+++ b/modules/openstack/manifests/nova/api/service.pp
@@ -7,7 +7,7 @@
 require openstack::nova::common
 
 package { 'nova-api':
-ensure  => present,
+ensure  => 'present',
 }
 
 service { 'nova-api':
diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index aad8727..15f5f07 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -24,14 +24,14 @@
 # was split from the bridge kernel module into a separate module 
(br_netfilter)
 if (versioncmp($::kernelversion, '3.18') >= 0) {
 kmod::module { 'br_netfilter':
-ensure => present,
+

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: consistent style for ensure present

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398140 )

Change subject: openstack: consistent style for ensure present
..

openstack: consistent style for ensure present

present => 'present'

Change-Id: Ic9f75873e07dcfcc5dda4024ade8636a817d9179
---
M modules/openstack/manifests/clientlib.pp
M modules/openstack/manifests/designate/dns_floating_ip_updater.pp
M modules/openstack/manifests/glance/image_sync.pp
M modules/openstack/manifests/glance/service.pp
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/manifests/nova/api/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/conductor/service.pp
M modules/openstack/manifests/nova/network/service.pp
M modules/openstack/manifests/nova/spiceproxy/service.pp
M modules/openstack/manifests/util/admin_scripts.pp
M modules/openstack/manifests/wikitech/openstack_manager.pp
12 files changed, 27 insertions(+), 27 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/40/398140/1

diff --git a/modules/openstack/manifests/clientlib.pp 
b/modules/openstack/manifests/clientlib.pp
index d1e5ee1..85eda78 100644
--- a/modules/openstack/manifests/clientlib.pp
+++ b/modules/openstack/manifests/clientlib.pp
@@ -18,7 +18,7 @@
 
 # Wrapper python class to easily query openstack clients
 file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py':
-ensure => present,
+ensure => 'present',
 source => 
'puppet:///modules/openstack/clientlib/mwopenstackclients.py',
 mode   => '0755',
 owner  => 'root',
diff --git a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp 
b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp
index 9e284b0..1863946 100644
--- a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp
+++ b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp
@@ -21,7 +21,7 @@
 }
 
 file { '/etc/labs-floating-ips-dns-config.yaml':
-ensure  => present,
+ensure  => 'present',
 owner   => 'root',
 group   => 'root',
 mode=> '0440',
@@ -29,7 +29,7 @@
 }
 
 file { '/etc/dns-floating-ip-updater.py':
-ensure  => present,
+ensure  => 'present',
 owner   => 'root',
 group   => 'root',
 mode=> '0750',
diff --git a/modules/openstack/manifests/glance/image_sync.pp 
b/modules/openstack/manifests/glance/image_sync.pp
index dfa6a1c..f96be67 100644
--- a/modules/openstack/manifests/glance/image_sync.pp
+++ b/modules/openstack/manifests/glance/image_sync.pp
@@ -17,7 +17,7 @@
 
 # Set up a keypair and rsync image files between active and standby
 user { 'glancesync':
-ensure => present,
+ensure => 'present',
 name   => 'glancesync',
 shell  => '/bin/sh',
 comment=> 'glance rsync user',
@@ -28,7 +28,7 @@
 }
 
 ssh::userkey { 'glancesync':
-ensure  => present,
+ensure  => 'present',
 require => User['glancesync'],
 content => secret('ssh/glancesync/glancesync.pub'),
 }
diff --git a/modules/openstack/manifests/glance/service.pp 
b/modules/openstack/manifests/glance/service.pp
index 5c2d4e8..29bd89c 100644
--- a/modules/openstack/manifests/glance/service.pp
+++ b/modules/openstack/manifests/glance/service.pp
@@ -14,7 +14,7 @@
 ) {
 
 package { 'glance':
-ensure  => present,
+ensure  => 'present',
 }
 
 file { $glance_data:
diff --git a/modules/openstack/manifests/keystone/service.pp 
b/modules/openstack/manifests/keystone/service.pp
index bbbdce7..44f8dfc 100644
--- a/modules/openstack/manifests/keystone/service.pp
+++ b/modules/openstack/manifests/keystone/service.pp
@@ -58,7 +58,7 @@
 
 if $token_driver == 'redis' {
 package { 'python-keystone-redis':
-ensure => present;
+ensure => 'present';
 }
 }
 
diff --git a/modules/openstack/manifests/nova/api/service.pp 
b/modules/openstack/manifests/nova/api/service.pp
index d7fe098..8011e9b 100644
--- a/modules/openstack/manifests/nova/api/service.pp
+++ b/modules/openstack/manifests/nova/api/service.pp
@@ -7,7 +7,7 @@
 require openstack::nova::common
 
 package { 'nova-api':
-ensure  => present,
+ensure  => 'present',
 }
 
 service { 'nova-api':
diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index aad8727..15f5f07 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -24,14 +24,14 @@
 # was split from the bridge kernel module into a separate module 
(br_netfilter)
 if (versioncmp($::kernelversion, '3.18') >= 0) {
 kmod::module { 'br_netfilter':
-ensure => present,
+   

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dependency changes for require_package

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398121 )

Change subject: openstack: dependency changes for require_package
..


openstack: dependency changes for require_package

* labsaliaser.pp does not need client packages
  as they are part of clientlib base

* admin_scripts portions that require context
  will be moved to another manifest

Bug: T171494
Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1
---
M modules/dnsrecursor/manifests/labsaliaser.pp
M modules/openstack/manifests/util/admin_scripts.pp
2 files changed, 0 insertions(+), 6 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/dnsrecursor/manifests/labsaliaser.pp 
b/modules/dnsrecursor/manifests/labsaliaser.pp
index 7461e61..fa6c2fb 100644
--- a/modules/dnsrecursor/manifests/labsaliaser.pp
+++ b/modules/dnsrecursor/manifests/labsaliaser.pp
@@ -8,8 +8,6 @@
 $puppetmaster_hostname,
 ) {
 
-require_package(['python-novaclient', 'python-keystoneclient'])
-
 $config = {
 'username'  => $username,
 'password'  => $password,
diff --git a/modules/openstack/manifests/util/admin_scripts.pp 
b/modules/openstack/manifests/util/admin_scripts.pp
index f29a172..f3a6ecf 100644
--- a/modules/openstack/manifests/util/admin_scripts.pp
+++ b/modules/openstack/manifests/util/admin_scripts.pp
@@ -3,7 +3,6 @@
 $version,
 ) {
 
-require openstack::nova::common
 # Installing this package ensures that we have all the UIDs that
 #  are used to store an instance volume.  That's important for
 #  when we rsync files via this host.
@@ -112,10 +111,7 @@
 # XXX: per deployment?
 file { '/root/.ssh/compute-hosts-key':
 content   => secret('ssh/nova/nova.key'),
-owner => 'nova',
-group => 'nova',
 mode  => '0600',
-require   => Package['nova-common'],
 show_diff => false,
 }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/398121
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dependency changes for require_package

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398121 )

Change subject: openstack: dependency changes for require_package
..

openstack: dependency changes for require_package

* labsaliaser.pp does not need client packages
  as they are part of clientlib base

* admin_scripts portions that require context
  will be moved to another manifest

Bug: T171494
Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1
---
M modules/dnsrecursor/manifests/labsaliaser.pp
M modules/openstack/manifests/util/admin_scripts.pp
2 files changed, 0 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/21/398121/1

diff --git a/modules/dnsrecursor/manifests/labsaliaser.pp 
b/modules/dnsrecursor/manifests/labsaliaser.pp
index 7461e61..fa6c2fb 100644
--- a/modules/dnsrecursor/manifests/labsaliaser.pp
+++ b/modules/dnsrecursor/manifests/labsaliaser.pp
@@ -8,8 +8,6 @@
 $puppetmaster_hostname,
 ) {
 
-require_package(['python-novaclient', 'python-keystoneclient'])
-
 $config = {
 'username'  => $username,
 'password'  => $password,
diff --git a/modules/openstack/manifests/util/admin_scripts.pp 
b/modules/openstack/manifests/util/admin_scripts.pp
index f29a172..f3a6ecf 100644
--- a/modules/openstack/manifests/util/admin_scripts.pp
+++ b/modules/openstack/manifests/util/admin_scripts.pp
@@ -3,7 +3,6 @@
 $version,
 ) {
 
-require openstack::nova::common
 # Installing this package ensures that we have all the UIDs that
 #  are used to store an instance volume.  That's important for
 #  when we rsync files via this host.
@@ -112,10 +111,7 @@
 # XXX: per deployment?
 file { '/root/.ssh/compute-hosts-key':
 content   => secret('ssh/nova/nova.key'),
-owner => 'nova',
-group => 'nova',
 mode  => '0600',
-require   => Package['nova-common'],
 show_diff => false,
 }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/398121
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dedupe packages and reduce require_package

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398118 )

Change subject: openstack: dedupe packages and reduce require_package
..


openstack: dedupe packages and reduce require_package

require_package basically hacks the native dependency chain.
This becomes problematic when dealing with additional repositories
such as the cloudrepo on new installs.  Resulting in packages
that exist in the default distro repo being installed
at incorrect older versions.

* Consolidate openstack client libs into clientlib.pp
* Add neutron client lib
* Add debian jessie specific packages
* Reduce dependence on require_package generally

Bug: T171494
Change-Id: I98430d9896e7e0562a50248f0c890385d7cae70d
---
M modules/openstack/manifests/clientlib.pp
M modules/openstack/manifests/cloudrepo.pp
M modules/openstack/manifests/designate/service.pp
M modules/openstack/manifests/nova/common.pp
M modules/openstack/manifests/util/admin_scripts.pp
M modules/profile/manifests/openstack/main/cumin/master.pp
6 files changed, 45 insertions(+), 25 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/clientlib.pp 
b/modules/openstack/manifests/clientlib.pp
index 7074594..d1e5ee1 100644
--- a/modules/openstack/manifests/clientlib.pp
+++ b/modules/openstack/manifests/clientlib.pp
@@ -3,14 +3,18 @@
 $version,
   ) {
 
-$packages = [
+$py2packages = [
 'python-novaclient',
 'python-glanceclient',
 'python-keystoneclient',
 'python-openstackclient',
 'python-designateclient',
+'python-neutronclient',
 ]
-require_package($packages)
+
+package{ $py2packages:
+ensure => 'present',
+}
 
 # Wrapper python class to easily query openstack clients
 file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py':
@@ -21,9 +25,19 @@
 group  => 'root',
 }
 
+if os_version('debian jessie') and $version == 'liberty' {
+
+$debian_jessie_packages = [
+'python-keystoneauth1',
+]
+
+package{ $debian_jessie_packages:
+ensure => 'present',
+}
+}
+
 # assumption is any version not liberty is newer
 # Ubuntu on liberty /does not/
-
 if os_version('ubuntu trusty') and $version != 'liberty' {
 
 $python3packages = [
@@ -31,10 +45,13 @@
 'python3-novaclient',
 'python3-glanceclient',
 ]
-require_package($python3packages)
+
+package{ $python3packages:
+ensure => 'present',
+}
 
 file { '/usr/lib/python3/dist-packages/mwopenstackclients.py':
-ensure => present,
+ensure => 'present',
 source => 
'puppet:///modules/openstack/clientlib/mwopenstackclients.py',
 mode   => '0755',
 owner  => 'root',
diff --git a/modules/openstack/manifests/cloudrepo.pp 
b/modules/openstack/manifests/cloudrepo.pp
index 563ed59..d83318a 100644
--- a/modules/openstack/manifests/cloudrepo.pp
+++ b/modules/openstack/manifests/cloudrepo.pp
@@ -6,6 +6,7 @@
 class openstack::cloudrepo(
 $version='liberty',
 ) {
+
 # As of 26/10/2015 we support kilo on trusty (lsb_release -c)
 if ($::lsbdistcodename == 'trusty') {
 apt::repository { 'ubuntucloud':
diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index 404cba2..3223d6a 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -37,14 +37,12 @@
 $puppetmaster_hostname_ip = ipresolve($puppetmaster_hostname,4)
 
 require_package(
-'python-designateclient',
 'designate-sink',
 'designate-common',
 'designate',
 'designate-api',
 'designate-doc',
 'designate-central',
-'python-novaclient'
 )
 
 file { '/usr/lib/python2.7/dist-packages/wmf_sink':
diff --git a/modules/openstack/manifests/nova/common.pp 
b/modules/openstack/manifests/nova/common.pp
index 5be8d5b..affa993 100644
--- a/modules/openstack/manifests/nova/common.pp
+++ b/modules/openstack/manifests/nova/common.pp
@@ -37,7 +37,10 @@
 'bridge-utils',
 'nova-common',
 ]
-require_package($packages)
+
+package { $packages:
+ensure => 'present',
+}
 
 # For some reason the Mitaka nova-common package installs
 #  a logrotate rule for nova/*.log and also a nova/nova-manage.log.
diff --git a/modules/openstack/manifests/util/admin_scripts.pp 
b/modules/openstack/manifests/util/admin_scripts.pp
index 88ace00..f29a172 100644
--- a/modules/openstack/manifests/util/admin_scripts.pp
+++ b/modules/openstack/manifests/util/admin_scripts.pp
@@ -3,11 +3,13 @@
 $version,
 ) {
 
-require_package('nova-common')
+require openstack::nova::common

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dedupe packages and reduce require_package

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398118 )

Change subject: openstack: dedupe packages and reduce require_package
..

openstack: dedupe packages and reduce require_package

require_package basically hacks the native dependency chain.
This becomes problematic when dealing with additional repositories
such as the cloudrepo on new installs.  Resulting in packages
that exist in the default distro repo being installed
at incorrect older versions.

* Consolidate openstack client libs into clientlib.pp
* Add neutron client lib
* Add debian jessie specific packages
* Reduce dependence on require_package generally

Bug: T171494
Change-Id: I98430d9896e7e0562a50248f0c890385d7cae70d
---
M modules/openstack/manifests/clientlib.pp
M modules/openstack/manifests/cloudrepo.pp
M modules/openstack/manifests/designate/service.pp
M modules/openstack/manifests/nova/common.pp
M modules/openstack/manifests/util/admin_scripts.pp
M modules/profile/manifests/openstack/main/cumin/master.pp
6 files changed, 44 insertions(+), 25 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/18/398118/1

diff --git a/modules/openstack/manifests/clientlib.pp 
b/modules/openstack/manifests/clientlib.pp
index 7074594..ede9f0c 100644
--- a/modules/openstack/manifests/clientlib.pp
+++ b/modules/openstack/manifests/clientlib.pp
@@ -3,14 +3,18 @@
 $version,
   ) {
 
-$packages = [
+$py2packages = [
 'python-novaclient',
 'python-glanceclient',
 'python-keystoneclient',
 'python-openstackclient',
 'python-designateclient',
+'python-neutronclient',
 ]
-require_package($packages)
+
+package{ $py2packages:
+ensure => 'present',
+}
 
 # Wrapper python class to easily query openstack clients
 file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py':
@@ -21,9 +25,18 @@
 group  => 'root',
 }
 
+   if os_version('debian jessie') and $version == 'liberty' {
+
+$debian_jessie_packages = [
+'python-keystoneauth1',
+]
+
+package{ $debian_jessie_packages:
+ensure => 'present',
+}
+
 # assumption is any version not liberty is newer
 # Ubuntu on liberty /does not/
-
 if os_version('ubuntu trusty') and $version != 'liberty' {
 
 $python3packages = [
@@ -31,10 +44,13 @@
 'python3-novaclient',
 'python3-glanceclient',
 ]
-require_package($python3packages)
+
+package{ $python3packages:
+ensure => 'present',
+}
 
 file { '/usr/lib/python3/dist-packages/mwopenstackclients.py':
-ensure => present,
+ensure => 'present',
 source => 
'puppet:///modules/openstack/clientlib/mwopenstackclients.py',
 mode   => '0755',
 owner  => 'root',
diff --git a/modules/openstack/manifests/cloudrepo.pp 
b/modules/openstack/manifests/cloudrepo.pp
index 563ed59..d83318a 100644
--- a/modules/openstack/manifests/cloudrepo.pp
+++ b/modules/openstack/manifests/cloudrepo.pp
@@ -6,6 +6,7 @@
 class openstack::cloudrepo(
 $version='liberty',
 ) {
+
 # As of 26/10/2015 we support kilo on trusty (lsb_release -c)
 if ($::lsbdistcodename == 'trusty') {
 apt::repository { 'ubuntucloud':
diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index 404cba2..3223d6a 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -37,14 +37,12 @@
 $puppetmaster_hostname_ip = ipresolve($puppetmaster_hostname,4)
 
 require_package(
-'python-designateclient',
 'designate-sink',
 'designate-common',
 'designate',
 'designate-api',
 'designate-doc',
 'designate-central',
-'python-novaclient'
 )
 
 file { '/usr/lib/python2.7/dist-packages/wmf_sink':
diff --git a/modules/openstack/manifests/nova/common.pp 
b/modules/openstack/manifests/nova/common.pp
index 5be8d5b..affa993 100644
--- a/modules/openstack/manifests/nova/common.pp
+++ b/modules/openstack/manifests/nova/common.pp
@@ -37,7 +37,10 @@
 'bridge-utils',
 'nova-common',
 ]
-require_package($packages)
+
+package { $packages:
+ensure => 'present',
+}
 
 # For some reason the Mitaka nova-common package installs
 #  a logrotate rule for nova/*.log and also a nova/nova-manage.log.
diff --git a/modules/openstack/manifests/util/admin_scripts.pp 
b/modules/openstack/manifests/util/admin_scripts.pp
index 88ace00..f29a172 100644
--- a/modules/openstack/manifests/util/admin_scripts.pp
+++ b/modules/openstack/manifests/util/admin_scripts.pp
@@ -3,11 +3,13 @@
 $version,
 ) {
 
-require_package('nova-common')
+require 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: cloud repo explicit apt-key update and apt-get u...

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/398088 )

Change subject: openstack: cloud repo  explicit apt-key update and apt-get 
update
..


openstack: cloud repo  explicit apt-key update and apt-get update

At the moment this throws errors for untrusted packages via
the cloudrepo.  Theory is an apt-key update and following
apt-get update inline will resolve.

Bug: T171494
Change-Id: I1461ff56d5907e76034be362094a8adecdc92897
---
M modules/openstack/manifests/cloudrepo.pp
1 file changed, 11 insertions(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/cloudrepo.pp 
b/modules/openstack/manifests/cloudrepo.pp
index 0eefde0..563ed59 100644
--- a/modules/openstack/manifests/cloudrepo.pp
+++ b/modules/openstack/manifests/cloudrepo.pp
@@ -12,8 +12,18 @@
 uri=> 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
 dist   => "trusty-updates/${version}",
 components => 'main',
-keyfile=> 
'puppet:///modules/openstack/cloudrepo/ubuntu-cloud.key';
+keyfile=> 
'puppet:///modules/openstack/cloudrepo/ubuntu-cloud.key',
+notify => Exec['apt_key_and_update'];
 }
+
+# First installs can trip without this
+# seeing the mid-run repo as untrusted
+exec {'apt_key_and_update':
+command => '/usr/bin/apt-key update && /usr/bin/apt-get 
update',
+refreshonly => true,
+logoutput   => true,
+}
+
 } elsif os_version('debian jessie') and ($version != 'liberty') {
 fail("T169099: There is no plan for ${version} on Jessie")
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398088
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1461ff56d5907e76034be362094a8adecdc92897
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: cloud repo explicit apt-key update and apt-get u...

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398088 )

Change subject: openstack: cloud repo  explicit apt-key update and apt-get 
update
..

openstack: cloud repo  explicit apt-key update and apt-get update

At the moment this throws errors for untrusted packages via
the cloudrepo.  Theory is an apt-key update and following
apt-get update inline will resolve.

Bug: T171494
Change-Id: I1461ff56d5907e76034be362094a8adecdc92897
---
M modules/openstack/manifests/cloudrepo.pp
1 file changed, 10 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/88/398088/1

diff --git a/modules/openstack/manifests/cloudrepo.pp 
b/modules/openstack/manifests/cloudrepo.pp
index 0eefde0..1063832 100644
--- a/modules/openstack/manifests/cloudrepo.pp
+++ b/modules/openstack/manifests/cloudrepo.pp
@@ -13,7 +13,17 @@
 dist   => "trusty-updates/${version}",
 components => 'main',
 keyfile=> 
'puppet:///modules/openstack/cloudrepo/ubuntu-cloud.key';
+notify => Exec['apt_key_and_update'],
 }
+
+# First installs can trip without this
+# seeing the mid-run repo as untrusted
+exec {'apt_key_and_update':
+command => '/usr/bin/apt-key update && /usr/bin/apt-get 
update',
+refreshonly => true,
+logoutput   => true,
+}
+
 } elsif os_version('debian jessie') and ($version != 'liberty') {
 fail("T169099: There is no plan for ${version} on Jessie")
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/398088
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1461ff56d5907e76034be362094a8adecdc92897
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain classes for dependency handling

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/397903 )

Change subject: openstack: contain classes for dependency handling
..


openstack: contain classes for dependency handling

Bug: T171494
Change-Id: I6db063a930517dbc5059dad781488025782cc89e
---
M modules/profile/manifests/openstack/base/clientlib.pp
M modules/profile/manifests/openstack/base/cloudrepo.pp
M modules/profile/manifests/openstack/base/designate/service.pp
M modules/profile/manifests/openstack/base/glance.pp
M modules/profile/manifests/openstack/base/horizon/dashboard.pp
M modules/profile/manifests/openstack/base/keystone/hooks.pp
M modules/profile/manifests/openstack/base/keystone/service.pp
M modules/profile/manifests/openstack/base/nova/common.pp
M modules/profile/manifests/openstack/base/pdns/dns_floating_ip_updater.pp
M modules/profile/manifests/openstack/base/rabbitmq.pp
M modules/profile/manifests/openstack/labtestn/designate/service.pp
M modules/profile/manifests/openstack/labtestn/glance.pp
M modules/profile/manifests/openstack/labtestn/keystone/service.pp
M modules/profile/manifests/openstack/labtestn/nova/common.pp
M modules/profile/manifests/openstack/labtestn/rabbitmq.pp
15 files changed, 28 insertions(+), 5 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/base/clientlib.pp 
b/modules/profile/manifests/openstack/base/clientlib.pp
index 87bfc5d..30aea86 100644
--- a/modules/profile/manifests/openstack/base/clientlib.pp
+++ b/modules/profile/manifests/openstack/base/clientlib.pp
@@ -2,9 +2,11 @@
 $version = hiera('profile::openstack::base::version'),
 ) {
 
-class {'openstack::clientlib':
+class {'::openstack::clientlib':
 version => $version
 }
+contain '::openstack::clientlib'
 
-class {'openstack::common':}
+class {'::openstack::common':}
+contain '::openstack::common'
 }
diff --git a/modules/profile/manifests/openstack/base/cloudrepo.pp 
b/modules/profile/manifests/openstack/base/cloudrepo.pp
index 5fbe658..1f1904e 100644
--- a/modules/profile/manifests/openstack/base/cloudrepo.pp
+++ b/modules/profile/manifests/openstack/base/cloudrepo.pp
@@ -4,4 +4,5 @@
 class { '::openstack::cloudrepo':
 version => $version,
 }
+contain '::openstack::cloudrepo'
 }
diff --git a/modules/profile/manifests/openstack/base/designate/service.pp 
b/modules/profile/manifests/openstack/base/designate/service.pp
index b6169c0..c0bc23b 100644
--- a/modules/profile/manifests/openstack/base/designate/service.pp
+++ b/modules/profile/manifests/openstack/base/designate/service.pp
@@ -57,6 +57,7 @@
 keystone_public_port   => $keystone_public_port,
 keystone_auth_port => $keystone_auth_port,
 }
+contain '::openstack::designate::service'
 
 # Open designate API to Labs web UIs and the commandline on labcontrol
 ferm::rule { 'designate-api':
diff --git a/modules/profile/manifests/openstack/base/glance.pp 
b/modules/profile/manifests/openstack/base/glance.pp
index c98d27b..90835b0 100644
--- a/modules/profile/manifests/openstack/base/glance.pp
+++ b/modules/profile/manifests/openstack/base/glance.pp
@@ -17,7 +17,7 @@
 $keystone_admin_uri = "http://${nova_controller}:${auth_port};
 $keystone_public_uri = "http://${nova_controller}:${public_port};
 
-class { 'openstack::glance::service':
+class { '::openstack::glance::service':
 version => $version,
 active  => $::fqdn == $nova_controller,
 keystone_admin_uri  => $keystone_admin_uri,
@@ -31,6 +31,7 @@
 glance_data => $glance_data,
 glance_image_dir=> $glance_image_dir,
 }
+contain '::openstack::glance::service'
 
 include ::network::constants
 $prod_networks = join($network::constants::production_networks, ' ')
diff --git a/modules/profile/manifests/openstack/base/horizon/dashboard.pp 
b/modules/profile/manifests/openstack/base/horizon/dashboard.pp
index 0f12da3..82fdd76 100644
--- a/modules/profile/manifests/openstack/base/horizon/dashboard.pp
+++ b/modules/profile/manifests/openstack/base/horizon/dashboard.pp
@@ -9,7 +9,7 @@
 ) {
 
 # TODO: Add openstack::util::envscripts during profile conversion
-class { 'openstack::horizon::service':
+class { '::openstack::horizon::service':
 version => $version,
 nova_controller => $nova_controller,
 wmflabsdotorg_admin => $wmflabsdotorg_admin,
@@ -18,11 +18,13 @@
 ldap_user_pass  => $ldap_user_pass,
 webserver_hostname  => $webserver_hostname,
 }
+contain '::openstack::horizon::service'
 
 #   require => Class['openstack::horizon::service'],
 class {'::openstack::horizon::puppetpanel':
 version => $version,
 }
+contain 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain classes for dependency handling

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/397903 )

Change subject: openstack: contain classes for dependency handling
..

openstack: contain classes for dependency handling

Bug: T171494
Change-Id: I6db063a930517dbc5059dad781488025782cc89e
---
M modules/profile/manifests/openstack/base/clientlib.pp
M modules/profile/manifests/openstack/base/cloudrepo.pp
M modules/profile/manifests/openstack/base/designate/service.pp
M modules/profile/manifests/openstack/base/glance.pp
M modules/profile/manifests/openstack/base/horizon/dashboard.pp
M modules/profile/manifests/openstack/base/keystone/hooks.pp
M modules/profile/manifests/openstack/base/keystone/service.pp
M modules/profile/manifests/openstack/base/nodepool/service.pp
M modules/profile/manifests/openstack/base/nova/common.pp
M modules/profile/manifests/openstack/base/pdns/dns_floating_ip_updater.pp
M modules/profile/manifests/openstack/base/rabbitmq.pp
M modules/profile/manifests/openstack/labtestn/designate/service.pp
M modules/profile/manifests/openstack/labtestn/glance.pp
M modules/profile/manifests/openstack/labtestn/keystone/service.pp
M modules/profile/manifests/openstack/labtestn/nova/common.pp
M modules/profile/manifests/openstack/labtestn/rabbitmq.pp
16 files changed, 29 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/03/397903/1

diff --git a/modules/profile/manifests/openstack/base/clientlib.pp 
b/modules/profile/manifests/openstack/base/clientlib.pp
index 87bfc5d..30aea86 100644
--- a/modules/profile/manifests/openstack/base/clientlib.pp
+++ b/modules/profile/manifests/openstack/base/clientlib.pp
@@ -2,9 +2,11 @@
 $version = hiera('profile::openstack::base::version'),
 ) {
 
-class {'openstack::clientlib':
+class {'::openstack::clientlib':
 version => $version
 }
+contain '::openstack::clientlib'
 
-class {'openstack::common':}
+class {'::openstack::common':}
+contain '::openstack::common'
 }
diff --git a/modules/profile/manifests/openstack/base/cloudrepo.pp 
b/modules/profile/manifests/openstack/base/cloudrepo.pp
index 5fbe658..1f1904e 100644
--- a/modules/profile/manifests/openstack/base/cloudrepo.pp
+++ b/modules/profile/manifests/openstack/base/cloudrepo.pp
@@ -4,4 +4,5 @@
 class { '::openstack::cloudrepo':
 version => $version,
 }
+contain '::openstack::cloudrepo'
 }
diff --git a/modules/profile/manifests/openstack/base/designate/service.pp 
b/modules/profile/manifests/openstack/base/designate/service.pp
index b6169c0..c0bc23b 100644
--- a/modules/profile/manifests/openstack/base/designate/service.pp
+++ b/modules/profile/manifests/openstack/base/designate/service.pp
@@ -57,6 +57,7 @@
 keystone_public_port   => $keystone_public_port,
 keystone_auth_port => $keystone_auth_port,
 }
+contain '::openstack::designate::service'
 
 # Open designate API to Labs web UIs and the commandline on labcontrol
 ferm::rule { 'designate-api':
diff --git a/modules/profile/manifests/openstack/base/glance.pp 
b/modules/profile/manifests/openstack/base/glance.pp
index c98d27b..90835b0 100644
--- a/modules/profile/manifests/openstack/base/glance.pp
+++ b/modules/profile/manifests/openstack/base/glance.pp
@@ -17,7 +17,7 @@
 $keystone_admin_uri = "http://${nova_controller}:${auth_port};
 $keystone_public_uri = "http://${nova_controller}:${public_port};
 
-class { 'openstack::glance::service':
+class { '::openstack::glance::service':
 version => $version,
 active  => $::fqdn == $nova_controller,
 keystone_admin_uri  => $keystone_admin_uri,
@@ -31,6 +31,7 @@
 glance_data => $glance_data,
 glance_image_dir=> $glance_image_dir,
 }
+contain '::openstack::glance::service'
 
 include ::network::constants
 $prod_networks = join($network::constants::production_networks, ' ')
diff --git a/modules/profile/manifests/openstack/base/horizon/dashboard.pp 
b/modules/profile/manifests/openstack/base/horizon/dashboard.pp
index 0f12da3..82fdd76 100644
--- a/modules/profile/manifests/openstack/base/horizon/dashboard.pp
+++ b/modules/profile/manifests/openstack/base/horizon/dashboard.pp
@@ -9,7 +9,7 @@
 ) {
 
 # TODO: Add openstack::util::envscripts during profile conversion
-class { 'openstack::horizon::service':
+class { '::openstack::horizon::service':
 version => $version,
 nova_controller => $nova_controller,
 wmflabsdotorg_admin => $wmflabsdotorg_admin,
@@ -18,11 +18,13 @@
 ldap_user_pass  => $ldap_user_pass,
 webserver_hostname  => $webserver_hostname,
 }
+contain '::openstack::horizon::service'
 
 #   require => Class['openstack::horizon::service'],
 class {'::openstack::horizon::puppetpanel':

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain relationship for needed classes

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/397874 )

Change subject: openstack: contain relationship for needed classes
..


openstack: contain relationship for needed classes

Dependency and nested classes is not implicit.

Bug: T171494
Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305
---
M modules/profile/manifests/openstack/labtestn/clientlib.pp
M modules/profile/manifests/openstack/labtestn/cloudrepo.pp
M modules/profile/manifests/openstack/labtestn/observerenv.pp
3 files changed, 4 insertions(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/openstack/labtestn/clientlib.pp 
b/modules/profile/manifests/openstack/labtestn/clientlib.pp
index c21be9e..3b5f0be 100644
--- a/modules/profile/manifests/openstack/labtestn/clientlib.pp
+++ b/modules/profile/manifests/openstack/labtestn/clientlib.pp
@@ -6,4 +6,5 @@
 class {'profile::openstack::base::clientlib':
 version => $version
 }
+contain 'profile::openstack::base::clientlib'
 }
diff --git a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp 
b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp
index 50cfb97..5e3e1e3 100644
--- a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp
+++ b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp
@@ -4,4 +4,5 @@
 class { '::profile::openstack::base::cloudrepo':
 version => $version
 }
+contain '::profile::openstack::base::cloudrepo'
 }
diff --git a/modules/profile/manifests/openstack/labtestn/observerenv.pp 
b/modules/profile/manifests/openstack/labtestn/observerenv.pp
index c72dbf2..c52e388 100644
--- a/modules/profile/manifests/openstack/labtestn/observerenv.pp
+++ b/modules/profile/manifests/openstack/labtestn/observerenv.pp
@@ -3,8 +3,9 @@
 $observer_password = 
hiera('profile::openstack::labtestn::observer_password'),
   ) {
 
-class {'profile::openstack::base::observerenv':
+class {'::profile::openstack::base::observerenv':
 nova_controller   => $nova_controller,
 observer_password => $observer_password,
 }
+contain '::profile::openstack::base::observerenv'
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/397874
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain relationship for needed classes

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/397874 )

Change subject: openstack: contain relationship for needed classes
..

openstack: contain relationship for needed classes

Dependency and nested classes is not implicit.

Bug: T171494
Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305
---
M modules/profile/manifests/openstack/labtestn/clientlib.pp
M modules/profile/manifests/openstack/labtestn/cloudrepo.pp
M modules/profile/manifests/openstack/labtestn/observerenv.pp
3 files changed, 4 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/74/397874/1

diff --git a/modules/profile/manifests/openstack/labtestn/clientlib.pp 
b/modules/profile/manifests/openstack/labtestn/clientlib.pp
index c21be9e..3b5f0be 100644
--- a/modules/profile/manifests/openstack/labtestn/clientlib.pp
+++ b/modules/profile/manifests/openstack/labtestn/clientlib.pp
@@ -6,4 +6,5 @@
 class {'profile::openstack::base::clientlib':
 version => $version
 }
+contain 'profile::openstack::base::clientlib'
 }
diff --git a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp 
b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp
index 50cfb97..5e3e1e3 100644
--- a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp
+++ b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp
@@ -4,4 +4,5 @@
 class { '::profile::openstack::base::cloudrepo':
 version => $version
 }
+contain '::profile::openstack::base::cloudrepo'
 }
diff --git a/modules/profile/manifests/openstack/labtestn/observerenv.pp 
b/modules/profile/manifests/openstack/labtestn/observerenv.pp
index c72dbf2..c52e388 100644
--- a/modules/profile/manifests/openstack/labtestn/observerenv.pp
+++ b/modules/profile/manifests/openstack/labtestn/observerenv.pp
@@ -3,8 +3,9 @@
 $observer_password = 
hiera('profile::openstack::labtestn::observer_password'),
   ) {
 
-class {'profile::openstack::base::observerenv':
+class {'::profile::openstack::base::observerenv':
 nova_controller   => $nova_controller,
 observer_password => $observer_password,
 }
+contain '::profile::openstack::base::observerenv'
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/397874
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: first install control node dependency issues

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/397835 )

Change subject: openstack: first install control node dependency issues
..


openstack: first install control node dependency issues

Bug: T171494
Change-Id: I8721ec4b59745b9926759249cb9af9e8eaafae0b
---
M modules/openstack/manifests/keystone/service.pp
M modules/rabbitmq/manifests/init.pp
2 files changed, 50 insertions(+), 28 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/keystone/service.pp 
b/modules/openstack/manifests/keystone/service.pp
index 36eae9a..bbbdce7 100644
--- a/modules/openstack/manifests/keystone/service.pp
+++ b/modules/openstack/manifests/keystone/service.pp
@@ -35,13 +35,25 @@
 $labs_networks = $network::constants::labs_networks
 
 package { 'keystone':
-ensure  => present,
+ensure  => 'present',
 }
+
 package { 'python-oath':
-ensure  => present,
+ensure  => 'present',
 }
+
 package { 'python-mysql.connector':
-ensure  => present,
+ensure  => 'present',
+}
+
+group {'keystone':
+ensure  => 'present',
+require => Package['keystone'],
+}
+
+user {'keystone':
+ensure  => 'present',
+require => Package['keystone'],
 }
 
 if $token_driver == 'redis' {
@@ -52,37 +64,43 @@
 
 file {
 '/var/log/keystone':
-ensure => directory,
-owner  => 'keystone',
-group  => 'www-data',
-mode   => '0775';
+ensure  => 'directory',
+owner   => 'keystone',
+group   => 'www-data',
+mode=> '0775',
+require => Package['keystone'];
 '/etc/keystone':
-ensure => directory,
-owner  => 'keystone',
-group  => 'keystone',
-mode   => '0755';
+ensure  => 'directory',
+owner   => 'keystone',
+group   => 'keystone',
+mode=> '0755',
+require => Package['keystone'];
 '/etc/keystone/keystone.conf':
-content => 
template("openstack/${version}/keystone/keystone.conf.erb"),
+ensure  => 'present',
 owner   => 'keystone',
 group   => 'keystone',
 mode=> '0444',
+content => 
template("openstack/${version}/keystone/keystone.conf.erb"),
 notify  => Service['keystone'],
 require => Package['keystone'];
 '/etc/keystone/keystone-paste.ini':
-source  => 
"puppet:///modules/openstack/${version}/keystone/keystone-paste.ini",
+ensure  => 'present',
 owner   => 'root',
 group   => 'root',
 mode=> '0644',
+source  => 
"puppet:///modules/openstack/${version}/keystone/keystone-paste.ini",
 notify  => Service['keystone'],
 require => Package['keystone'];
 '/etc/keystone/policy.json':
-source  => 
"puppet:///modules/openstack/${version}/keystone/policy.json",
+ensure  => 'present',
 mode=> '0644',
 owner   => 'root',
 group   => 'root',
+source  => 
"puppet:///modules/openstack/${version}/keystone/policy.json",
 notify  => Service['keystone'],
 require => Package['keystone'];
 '/etc/keystone/logging.conf':
+ensure  => 'present',
 source  => 
"puppet:///modules/openstack/${version}/keystone/logging.conf",
 owner   => 'root',
 group   => 'root',
@@ -90,13 +108,15 @@
 notify  => Service['keystone'],
 require => Package['keystone'];
 '/usr/lib/python2.7/dist-packages/wmfkeystoneauth':
-source  => 
"puppet:///modules/openstack/${version}/keystone/wmfkeystoneauth",
+ensure  => 'present',
 owner   => 'root',
 group   => 'root',
 mode=> '0644',
+source  => 
"puppet:///modules/openstack/${version}/keystone/wmfkeystoneauth",
 notify  => Service['keystone'],
 recurse => true;
 '/usr/lib/python2.7/dist-packages/wmfkeystoneauth.egg-info':
+ensure  => 'present',
 source  => 
"puppet:///modules/openstack/${version}/keystone/wmfkeystoneauth.egg-info",
 owner   => 'root',
 group   => 'root',
diff --git a/modules/rabbitmq/manifests/init.pp 
b/modules/rabbitmq/manifests/init.pp
index 3742638..f102954 100644
--- a/modules/rabbitmq/manifests/init.pp
+++ b/modules/rabbitmq/manifests/init.pp
@@ -22,11 +22,11 @@
 ) {
 
 package { [ 'rabbitmq-server' ]:
-ensure  => present,
+ensure  => 'present',
 }
 
 file { '/etc/default/rabbitmq-server':
-ensure  => present,
+

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: first control node dependency issues

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/397835 )

Change subject: openstack: first control node dependency issues
..

openstack: first control node dependency issues

Bug: T171494
Change-Id: I8721ec4b59745b9926759249cb9af9e8eaafae0b
---
M modules/openstack/manifests/keystone/service.pp
M modules/rabbitmq/manifests/init.pp
2 files changed, 33 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/35/397835/1

diff --git a/modules/openstack/manifests/keystone/service.pp 
b/modules/openstack/manifests/keystone/service.pp
index 36eae9a..9e0ef17 100644
--- a/modules/openstack/manifests/keystone/service.pp
+++ b/modules/openstack/manifests/keystone/service.pp
@@ -35,13 +35,30 @@
 $labs_networks = $network::constants::labs_networks
 
 package { 'keystone':
-ensure  => present,
+ensure  => 'present',
 }
+
 package { 'python-oath':
-ensure  => present,
+ensure  => 'present',
 }
+
 package { 'python-mysql.connector':
-ensure  => present,
+ensure  => 'present',
+}
+
+group {'keystone':
+ensure  => 'present',
+require => Package['keystone'],
+}
+
+user {'keystone':
+ensure  => 'present',
+require => Package['keystone'],
+}
+
+user {'keystone':
+ensure  => 'present',
+require => Group['keystone'],
 }
 
 if $token_driver == 'redis' {
@@ -52,15 +69,17 @@
 
 file {
 '/var/log/keystone':
-ensure => directory,
-owner  => 'keystone',
-group  => 'www-data',
-mode   => '0775';
+ensure  => directory,
+owner   => 'keystone',
+group   => 'www-data',
+mode=> '0775';
+require => Package['keystone'];
 '/etc/keystone':
 ensure => directory,
 owner  => 'keystone',
 group  => 'keystone',
 mode   => '0755';
+require => Package['keystone'];
 '/etc/keystone/keystone.conf':
 content => 
template("openstack/${version}/keystone/keystone.conf.erb"),
 owner   => 'keystone',
diff --git a/modules/rabbitmq/manifests/init.pp 
b/modules/rabbitmq/manifests/init.pp
index 3742638..553a871 100644
--- a/modules/rabbitmq/manifests/init.pp
+++ b/modules/rabbitmq/manifests/init.pp
@@ -22,11 +22,11 @@
 ) {
 
 package { [ 'rabbitmq-server' ]:
-ensure  => present,
+ensure  => 'present',
 }
 
 file { '/etc/default/rabbitmq-server':
-ensure  => present,
+ensure  => 'present',
 owner   => 'root',
 group   => 'root',
 mode=> '0444',
@@ -36,19 +36,21 @@
 }
 
 file { '/usr/local/sbin/rabbitmqadmin':
-ensure => present,
+ensure => 'present',
 owner  => 'root',
 group  => 'root',
 mode   => '0655',
 source => 'puppet:///modules/rabbitmq/rabbitmqadmin',
+require => Package['rabbitmq-server'],
 }
 
 file { '/etc/rabbitmq/rabbitmq.config':
-ensure => present,
+ensure => 'present',
 owner  => 'root',
 group  => 'root',
 mode   => '0444',
 source => 'puppet:///modules/rabbitmq/rabbitmq.config',
+require => Package['rabbitmq-server'],
 }
 
 service { 'rabbitmq-server':
@@ -57,7 +59,7 @@
 }
 
 file { '/usr/local/sbin/drain_queue':
-ensure => present,
+ensure => 'present',
 owner  => 'root',
 group  => 'root',
 mode   => '0655',

-- 
To view, visit https://gerrit.wikimedia.org/r/397835
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8721ec4b59745b9926759249cb9af9e8eaafae0b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: toolforge: bastion local throttling

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/394506 )

Change subject: toolforge: bastion local throttling
..


toolforge: bastion local throttling

Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943
---
M modules/toollabs/manifests/bastion.pp
1 file changed, 8 insertions(+), 0 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  BryanDavis: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/modules/toollabs/manifests/bastion.pp 
b/modules/toollabs/manifests/bastion.pp
index 633038f..2b91e7d 100644
--- a/modules/toollabs/manifests/bastion.pp
+++ b/modules/toollabs/manifests/bastion.pp
@@ -72,6 +72,8 @@
 },
 },
 rules  => [
+'*:/usr/bin/php cpu  /scripts',
+'%  memory   /scripts',
 '*:/usr/bin/rubycpu  /scripts',
 '%  memory   /scripts',
 '*:/usr/bin/ruby1.9.1   cpu  /scripts',
@@ -92,8 +94,12 @@
 '%  memory   /scripts',
 '*:/usr/bin/tclsh8.6cpu  /scripts',
 '%  memory   /scripts',
+'*:/usr/bin/tclsh8.7cpu  /scripts',
+'%  memory   /scripts',
 '*:/shared/bin/node cpu  /scripts',
 '%  memory   /scripts',
+'*:/data/project/shared/tcl/bin/tclsh8.7cpu  
/scripts',
+'%  memory   
/scripts',
 ],
 }
 
@@ -112,6 +118,8 @@
 '*:/usr/bin/vim.diff  memory  /utilities',
 '*:/usr/bin/vim.tiny  memory  /utilities',
 '*:/usr/bin/nano  memory  /utilities',
+'*:/usr/bin/unzip cpu /utilities',
+'%memory  /utilities',
 '*:/bin/tar   cpu /utilities',
 '%memory  /utilities',
 '*:/bin/bzip2  cpu /utilities',

-- 
To view, visit https://gerrit.wikimedia.org/r/394506
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: BryanDavis 
Gerrit-Reviewer: Coren 
Gerrit-Reviewer: Merlijn van Deen 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: Yuvipanda 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: toolforge: bastion local throttling

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/394506 )

Change subject: toolforge: bastion local throttling
..

toolforge: bastion local throttling

Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943
---
M modules/toollabs/manifests/bastion.pp
1 file changed, 8 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/06/394506/1

diff --git a/modules/toollabs/manifests/bastion.pp 
b/modules/toollabs/manifests/bastion.pp
index 633038f..2b91e7d 100644
--- a/modules/toollabs/manifests/bastion.pp
+++ b/modules/toollabs/manifests/bastion.pp
@@ -72,6 +72,8 @@
 },
 },
 rules  => [
+'*:/usr/bin/php cpu  /scripts',
+'%  memory   /scripts',
 '*:/usr/bin/rubycpu  /scripts',
 '%  memory   /scripts',
 '*:/usr/bin/ruby1.9.1   cpu  /scripts',
@@ -92,8 +94,12 @@
 '%  memory   /scripts',
 '*:/usr/bin/tclsh8.6cpu  /scripts',
 '%  memory   /scripts',
+'*:/usr/bin/tclsh8.7cpu  /scripts',
+'%  memory   /scripts',
 '*:/shared/bin/node cpu  /scripts',
 '%  memory   /scripts',
+'*:/data/project/shared/tcl/bin/tclsh8.7cpu  
/scripts',
+'%  memory   
/scripts',
 ],
 }
 
@@ -112,6 +118,8 @@
 '*:/usr/bin/vim.diff  memory  /utilities',
 '*:/usr/bin/vim.tiny  memory  /utilities',
 '*:/usr/bin/nano  memory  /utilities',
+'*:/usr/bin/unzip cpu /utilities',
+'%memory  /utilities',
 '*:/bin/tar   cpu /utilities',
 '%memory  /utilities',
 '*:/bin/bzip2  cpu /utilities',

-- 
To view, visit https://gerrit.wikimedia.org/r/394506
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: base: qualify syslogs::readable defined type call

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/394377 )

Change subject: base: qualify syslogs::readable defined type call
..


base: qualify syslogs::readable defined type call

seems to be needed for puppet4 on master

Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0
---
M modules/base/manifests/syslogs.pp
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Andrew Bogott: Looks good to me, but someone else must approve
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/base/manifests/syslogs.pp 
b/modules/base/manifests/syslogs.pp
index c5b83f3..93ddbd3 100644
--- a/modules/base/manifests/syslogs.pp
+++ b/modules/base/manifests/syslogs.pp
@@ -5,6 +5,6 @@
 ) {
 
 if $readable == true {
-syslogs::readable { $logfiles: }
+base::syslogs::readable { $logfiles: }
 }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/394377
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: Gehel 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: base: seems to be needed for puppet4 on master

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/394377 )

Change subject: base: seems to be needed for puppet4 on master
..

base: seems to be needed for puppet4 on master

Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0
---
M modules/base/manifests/syslogs.pp
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/77/394377/1

diff --git a/modules/base/manifests/syslogs.pp 
b/modules/base/manifests/syslogs.pp
index c5b83f3..93ddbd3 100644
--- a/modules/base/manifests/syslogs.pp
+++ b/modules/base/manifests/syslogs.pp
@@ -5,6 +5,6 @@
 ) {
 
 if $readable == true {
-syslogs::readable { $logfiles: }
+base::syslogs::readable { $logfiles: }
 }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/394377
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: wip: toolforge: follow attended upgrade process

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/394200 )

Change subject: wip: toolforge: follow attended upgrade process
..

wip: toolforge: follow attended upgrade process

relies on changeset 392421

Bug: T181647
Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111
---
M hieradata/labs.yaml
M hieradata/labs/tools/common.yaml
M modules/apt/manifests/unattendedupgrades.pp
M modules/profile/manifests/base/labs.pp
4 files changed, 25 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/00/394200/1

diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index 9cbccbf..f5582bf 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -17,6 +17,8 @@
   recursor: 'labs-recursor0.wikimedia.org'
   recursor_secondary: 'labs-recursor1.wikimedia.org'
 
+profile::base::labs::unattended_distro: true
+profile::base::labs::unattended_wmf: true
 profile::openstack::main::version: 'liberty'
 profile::openstack::base::region: "%{::site}"
 profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org'
diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml
index c62e87a..6e5eb3f 100644
--- a/hieradata/labs/tools/common.yaml
+++ b/hieradata/labs/tools/common.yaml
@@ -1,3 +1,6 @@
+profile::base::labs::unattended_distro: false
+profile::base::labs::unattended_wmf: false
+
 "profile::base::core_dump_pattern": core
 classes:
 - role::aptly::client
diff --git a/modules/apt/manifests/unattendedupgrades.pp 
b/modules/apt/manifests/unattendedupgrades.pp
index c02745c..41fafe4 100644
--- a/modules/apt/manifests/unattendedupgrades.pp
+++ b/modules/apt/manifests/unattendedupgrades.pp
@@ -1,13 +1,17 @@
-class apt::unattendedupgrades($ensure=present) {
+class apt::unattendedupgrades(
+$unattended_distro=true,
+$unattended_wmf=true,
+) {
+
 # package installation should enable security upgrades by default
 package { 'unattended-upgrades':
-ensure => $ensure,
+ensure => 'present',
 }
 
 # dpkg tries to determine the most conservative default action in case of
 # conffile conflict. This tells dpkg to use that action without asking
 apt::conf { 'dpkg-force-confdef':
-ensure   => present,
+ensure   => 'present',
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confdef',
@@ -16,20 +20,21 @@
 # In case of conffile conflicts, tell dpkg to keep the old conffile without
 # asking
 apt::conf { 'dpkg-force-confold':
-ensure   => present,
+ensure   => 'present',
 priority => '00',
 key  => 'Dpkg::Options::',
 value=> '--force-confold',
 }
 
 apt::conf { 'auto-upgrades':
-ensure   => $ensure,
+ensure   => $unattended_distro,
 priority => '20',
 key  => 'APT::Periodic::Unattended-Upgrade',
 value=> '1',
 }
 
 apt::conf { 'unattended-upgrades-wikimedia':
+ensure   => $unattended_wmf,
 priority => '51',
 # Key with trailing '::' to append to potentially existing entry
 key  => 'Unattended-Upgrade::Origins-Pattern::',
diff --git a/modules/profile/manifests/base/labs.pp 
b/modules/profile/manifests/base/labs.pp
index 23816b3..c028c3f 100644
--- a/modules/profile/manifests/base/labs.pp
+++ b/modules/profile/manifests/base/labs.pp
@@ -1,4 +1,13 @@
-class profile::base::labs {
+class profile::base::labs(
+$unattended_distro = hiera('profile::base::labs::unattended_distro'),
+$unattended_wmf = hiera('profile::base::labs::unattended_wmf),
+) {
+
+class {'::apt::unattendedupgrades':
+unattended_distro => $unattended_distro,
+unattended_wmf=> $unattended_wmf,
+}
+
 include ::apt::unattendedupgrades
 include ::apt::noupgrade
 

-- 
To view, visit https://gerrit.wikimedia.org/r/394200
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: bootstrapvz: add nbd-client package

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/393853 )

Change subject: bootstrapvz: add nbd-client package
..


bootstrapvz: add nbd-client package

For using qemu-nbd to inspect generated images

Change-Id: I85432c9930099f5206eaabdda901b0116e57820e
---
M modules/labs_bootstrapvz/manifests/init.pp
1 file changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/labs_bootstrapvz/manifests/init.pp 
b/modules/labs_bootstrapvz/manifests/init.pp
index f7646ea..fb7098b 100644
--- a/modules/labs_bootstrapvz/manifests/init.pp
+++ b/modules/labs_bootstrapvz/manifests/init.pp
@@ -1,5 +1,9 @@
 class labs_bootstrapvz() {
 
+package { 'nbd-client':
+ensure => 'present',
+}
+
 package { 'bootstrap-vz':
 ensure => present,
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/393853
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I85432c9930099f5206eaabdda901b0116e57820e
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: bootstrapvz: add nbd-client package

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/393853 )

Change subject: bootstrapvz: add nbd-client package
..

bootstrapvz: add nbd-client package

For using qemu-nbd to inspect generated images

Change-Id: I85432c9930099f5206eaabdda901b0116e57820e
---
M modules/labs_bootstrapvz/manifests/init.pp
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/53/393853/1

diff --git a/modules/labs_bootstrapvz/manifests/init.pp 
b/modules/labs_bootstrapvz/manifests/init.pp
index f7646ea..fb7098b 100644
--- a/modules/labs_bootstrapvz/manifests/init.pp
+++ b/modules/labs_bootstrapvz/manifests/init.pp
@@ -1,5 +1,9 @@
 class labs_bootstrapvz() {
 
+package { 'nbd-client':
+ensure => 'present',
+}
+
 package { 'bootstrap-vz':
 ensure => present,
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/393853
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I85432c9930099f5206eaabdda901b0116e57820e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "openstack: disable notify temporarily"

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/393615 )

Change subject: Revert "openstack: disable notify temporarily"
..


Revert "openstack: disable notify temporarily"

This reverts commit 19429745a6f776fb319091b5d3ef39adc5d5102d.

Change-Id: If1026465c6a3e335c3d7bce7f263aed057179800
---
M modules/openstack/manifests/designate/service.pp
M modules/openstack/manifests/glance/service.pp
M modules/openstack/manifests/horizon/service.pp
M modules/openstack/manifests/keystone/hooks.pp
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/network/service.pp
M modules/openstack/manifests/nova/scheduler/service.pp
M modules/profile/manifests/openstack/base/pdns/recursor/service.pp
9 files changed, 37 insertions(+), 0 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index b209f23..404cba2 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -85,23 +85,27 @@
 group   => 'designate',
 mode=> '0440',
 content => 
template("openstack/${version}/designate/designate.conf.erb"),
+notify  => 
Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'],
 require => Package['designate-common'];
 '/etc/designate/api-paste.ini':
 content => 
template("openstack/${version}/designate/api-paste.ini.erb"),
 owner   => 'designate',
 group   => 'designate',
+notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-api'],
 mode=> '0440';
 '/etc/designate/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/designate/policy.json",
 owner   => 'designate',
 group   => 'designate',
+notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 '/etc/designate/rootwrap.conf':
 source  => 
"puppet:///modules/openstack/${version}/designate/rootwrap.conf",
 owner   => 'root',
 group   => 'root',
+notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 }
@@ -138,6 +142,7 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-pool-manager.upstart.erb'),
+notify  => Service['designate-pool-manager'],
 }
 
 file {'/etc/init/designate-mdns.conf':
@@ -146,6 +151,7 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-mdns.upstart.erb'),
+notify  => Service['designate-mdns'],
 }
 
 # include rootwrap.d entries
diff --git a/modules/openstack/manifests/glance/service.pp 
b/modules/openstack/manifests/glance/service.pp
index 375507a..5c2d4e8 100644
--- a/modules/openstack/manifests/glance/service.pp
+++ b/modules/openstack/manifests/glance/service.pp
@@ -40,18 +40,21 @@
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
+notify  => Service['glance-api'],
 require => Package['glance'];
 '/etc/glance/glance-registry.conf':
 content => 
template("openstack/${version}/glance/glance-registry.conf.erb"),
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
+notify  => Service['glance-registry'],
 require => Package['glance'];
 '/etc/glance/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/glance/policy.json",
 owner   => 'root',
 group   => 'root',
 mode=> '0644',
+notify  => Service['glance-api'],
 require => Package['glance'];
 }
 
diff --git a/modules/openstack/manifests/horizon/service.pp 
b/modules/openstack/manifests/horizon/service.pp
index 3856143..91241d9 100644
--- a/modules/openstack/manifests/horizon/service.pp
+++ b/modules/openstack/manifests/horizon/service.pp
@@ -49,6 +49,7 @@
 group   => 'horizon',
 mode=> '0440',
 require => Package['openstack-dashboard'],
+notify  => [Service['apache2'], Exec['djangorefresh']],
 }
 
 # In the perfect future, Horizon policies will be the same
@@ -60,6 +61,7 @@
 group   => 'horizon',
 mode=> '0440',
 require => 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "openstack: disable notify temporarily"

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/393615 )

Change subject: Revert "openstack: disable notify temporarily"
..

Revert "openstack: disable notify temporarily"

This reverts commit 19429745a6f776fb319091b5d3ef39adc5d5102d.

Change-Id: If1026465c6a3e335c3d7bce7f263aed057179800
---
M modules/openstack/manifests/designate/service.pp
M modules/openstack/manifests/glance/service.pp
M modules/openstack/manifests/horizon/service.pp
M modules/openstack/manifests/keystone/hooks.pp
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/network/service.pp
M modules/openstack/manifests/nova/scheduler/service.pp
M modules/profile/manifests/openstack/base/pdns/recursor/service.pp
9 files changed, 37 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/15/393615/1

diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index b209f23..404cba2 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -85,23 +85,27 @@
 group   => 'designate',
 mode=> '0440',
 content => 
template("openstack/${version}/designate/designate.conf.erb"),
+notify  => 
Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'],
 require => Package['designate-common'];
 '/etc/designate/api-paste.ini':
 content => 
template("openstack/${version}/designate/api-paste.ini.erb"),
 owner   => 'designate',
 group   => 'designate',
+notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-api'],
 mode=> '0440';
 '/etc/designate/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/designate/policy.json",
 owner   => 'designate',
 group   => 'designate',
+notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 '/etc/designate/rootwrap.conf':
 source  => 
"puppet:///modules/openstack/${version}/designate/rootwrap.conf",
 owner   => 'root',
 group   => 'root',
+notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 }
@@ -138,6 +142,7 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-pool-manager.upstart.erb'),
+notify  => Service['designate-pool-manager'],
 }
 
 file {'/etc/init/designate-mdns.conf':
@@ -146,6 +151,7 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-mdns.upstart.erb'),
+notify  => Service['designate-mdns'],
 }
 
 # include rootwrap.d entries
diff --git a/modules/openstack/manifests/glance/service.pp 
b/modules/openstack/manifests/glance/service.pp
index 375507a..5c2d4e8 100644
--- a/modules/openstack/manifests/glance/service.pp
+++ b/modules/openstack/manifests/glance/service.pp
@@ -40,18 +40,21 @@
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
+notify  => Service['glance-api'],
 require => Package['glance'];
 '/etc/glance/glance-registry.conf':
 content => 
template("openstack/${version}/glance/glance-registry.conf.erb"),
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
+notify  => Service['glance-registry'],
 require => Package['glance'];
 '/etc/glance/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/glance/policy.json",
 owner   => 'root',
 group   => 'root',
 mode=> '0644',
+notify  => Service['glance-api'],
 require => Package['glance'];
 }
 
diff --git a/modules/openstack/manifests/horizon/service.pp 
b/modules/openstack/manifests/horizon/service.pp
index 3856143..91241d9 100644
--- a/modules/openstack/manifests/horizon/service.pp
+++ b/modules/openstack/manifests/horizon/service.pp
@@ -49,6 +49,7 @@
 group   => 'horizon',
 mode=> '0440',
 require => Package['openstack-dashboard'],
+notify  => [Service['apache2'], Exec['djangorefresh']],
 }
 
 # In the perfect future, Horizon policies will be the same
@@ -60,6 +61,7 @@
 group   => 'horizon',
 mode=> '0440',
 require => 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: disable notify temporarily

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/393600 )

Change subject: openstack: disable notify temporarily
..


openstack: disable notify temporarily

To be reverted post cleanup.  This is a precautionary measure.

Bug: T171494
Change-Id: I88300b1321b7286ce7c25c86703bd59630d58a97
---
M modules/openstack/manifests/designate/service.pp
M modules/openstack/manifests/glance/service.pp
M modules/openstack/manifests/horizon/service.pp
M modules/openstack/manifests/keystone/hooks.pp
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/network/service.pp
M modules/openstack/manifests/nova/scheduler/service.pp
M modules/profile/manifests/openstack/base/pdns/recursor/service.pp
9 files changed, 0 insertions(+), 37 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index 404cba2..b209f23 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -85,27 +85,23 @@
 group   => 'designate',
 mode=> '0440',
 content => 
template("openstack/${version}/designate/designate.conf.erb"),
-notify  => 
Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'],
 require => Package['designate-common'];
 '/etc/designate/api-paste.ini':
 content => 
template("openstack/${version}/designate/api-paste.ini.erb"),
 owner   => 'designate',
 group   => 'designate',
-notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-api'],
 mode=> '0440';
 '/etc/designate/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/designate/policy.json",
 owner   => 'designate',
 group   => 'designate',
-notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 '/etc/designate/rootwrap.conf':
 source  => 
"puppet:///modules/openstack/${version}/designate/rootwrap.conf",
 owner   => 'root',
 group   => 'root',
-notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 }
@@ -142,7 +138,6 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-pool-manager.upstart.erb'),
-notify  => Service['designate-pool-manager'],
 }
 
 file {'/etc/init/designate-mdns.conf':
@@ -151,7 +146,6 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-mdns.upstart.erb'),
-notify  => Service['designate-mdns'],
 }
 
 # include rootwrap.d entries
diff --git a/modules/openstack/manifests/glance/service.pp 
b/modules/openstack/manifests/glance/service.pp
index 5c2d4e8..375507a 100644
--- a/modules/openstack/manifests/glance/service.pp
+++ b/modules/openstack/manifests/glance/service.pp
@@ -40,21 +40,18 @@
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
-notify  => Service['glance-api'],
 require => Package['glance'];
 '/etc/glance/glance-registry.conf':
 content => 
template("openstack/${version}/glance/glance-registry.conf.erb"),
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
-notify  => Service['glance-registry'],
 require => Package['glance'];
 '/etc/glance/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/glance/policy.json",
 owner   => 'root',
 group   => 'root',
 mode=> '0644',
-notify  => Service['glance-api'],
 require => Package['glance'];
 }
 
diff --git a/modules/openstack/manifests/horizon/service.pp 
b/modules/openstack/manifests/horizon/service.pp
index 91241d9..3856143 100644
--- a/modules/openstack/manifests/horizon/service.pp
+++ b/modules/openstack/manifests/horizon/service.pp
@@ -49,7 +49,6 @@
 group   => 'horizon',
 mode=> '0440',
 require => Package['openstack-dashboard'],
-notify  => [Service['apache2'], Exec['djangorefresh']],
 }
 
 # In the perfect future, Horizon policies will be the same
@@ -61,7 +60,6 @@
 group   => 'horizon',
 mode=> '0440',
 require => 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: disable notify temporarily

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/393600 )

Change subject: openstack: disable notify temporarily
..

openstack: disable notify temporarily

To be reverted post cleanup.  This is a precautionary measure.

Bug: T171494
Change-Id: I88300b1321b7286ce7c25c86703bd59630d58a97
---
M modules/openstack/manifests/designate/service.pp
M modules/openstack/manifests/glance/service.pp
M modules/openstack/manifests/horizon/service.pp
M modules/openstack/manifests/keystone/hooks.pp
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/manifests/nova/compute/service.pp
M modules/openstack/manifests/nova/network/service.pp
M modules/openstack/manifests/nova/scheduler/service.pp
M modules/profile/manifests/openstack/base/pdns/recursor/service.pp
9 files changed, 0 insertions(+), 37 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/00/393600/1

diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index 404cba2..b209f23 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -85,27 +85,23 @@
 group   => 'designate',
 mode=> '0440',
 content => 
template("openstack/${version}/designate/designate.conf.erb"),
-notify  => 
Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'],
 require => Package['designate-common'];
 '/etc/designate/api-paste.ini':
 content => 
template("openstack/${version}/designate/api-paste.ini.erb"),
 owner   => 'designate',
 group   => 'designate',
-notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-api'],
 mode=> '0440';
 '/etc/designate/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/designate/policy.json",
 owner   => 'designate',
 group   => 'designate',
-notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 '/etc/designate/rootwrap.conf':
 source  => 
"puppet:///modules/openstack/${version}/designate/rootwrap.conf",
 owner   => 'root',
 group   => 'root',
-notify  => 
Service['designate-api','designate-sink','designate-central'],
 require => Package['designate-common'],
 mode=> '0440';
 }
@@ -142,7 +138,6 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-pool-manager.upstart.erb'),
-notify  => Service['designate-pool-manager'],
 }
 
 file {'/etc/init/designate-mdns.conf':
@@ -151,7 +146,6 @@
 group   => 'root',
 mode=> '0544',
 content => 
template('openstack/initscripts/designate-mdns.upstart.erb'),
-notify  => Service['designate-mdns'],
 }
 
 # include rootwrap.d entries
diff --git a/modules/openstack/manifests/glance/service.pp 
b/modules/openstack/manifests/glance/service.pp
index 5c2d4e8..375507a 100644
--- a/modules/openstack/manifests/glance/service.pp
+++ b/modules/openstack/manifests/glance/service.pp
@@ -40,21 +40,18 @@
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
-notify  => Service['glance-api'],
 require => Package['glance'];
 '/etc/glance/glance-registry.conf':
 content => 
template("openstack/${version}/glance/glance-registry.conf.erb"),
 owner   => 'glance',
 group   => 'nogroup',
 mode=> '0440',
-notify  => Service['glance-registry'],
 require => Package['glance'];
 '/etc/glance/policy.json':
 source  => 
"puppet:///modules/openstack/${version}/glance/policy.json",
 owner   => 'root',
 group   => 'root',
 mode=> '0644',
-notify  => Service['glance-api'],
 require => Package['glance'];
 }
 
diff --git a/modules/openstack/manifests/horizon/service.pp 
b/modules/openstack/manifests/horizon/service.pp
index 91241d9..3856143 100644
--- a/modules/openstack/manifests/horizon/service.pp
+++ b/modules/openstack/manifests/horizon/service.pp
@@ -49,7 +49,6 @@
 group   => 'horizon',
 mode=> '0440',
 require => Package['openstack-dashboard'],
-notify  => [Service['apache2'], Exec['djangorefresh']],
 }
 
 # In the perfect future, Horizon policies will be the same
@@ -61,7 +60,6 @@
 group   => 'horizon',
 mode=> '0440',
 require => 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: remove todo for horizon

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/392861 )

Change subject: openstack: remove todo for horizon
..

openstack: remove todo for horizon

The util env scripts were here largely
through happenstance of tangled nova
configurations previously.

Bug: Bug: T171494
Change-Id: I87c541a339225b3f141adb61b291d9f2df753a64
---
M modules/profile/manifests/openstack/base/horizon/dashboard.pp
1 file changed, 0 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/61/392861/1

diff --git a/modules/profile/manifests/openstack/base/horizon/dashboard.pp 
b/modules/profile/manifests/openstack/base/horizon/dashboard.pp
index 0f12da3..fed1608 100644
--- a/modules/profile/manifests/openstack/base/horizon/dashboard.pp
+++ b/modules/profile/manifests/openstack/base/horizon/dashboard.pp
@@ -8,7 +8,6 @@
 $webserver_hostname = 
hiera('profile::openstack::base::horizon::webserver_hostname'),
 ) {
 
-# TODO: Add openstack::util::envscripts during profile conversion
 class { 'openstack::horizon::service':
 version => $version,
 nova_controller => $nova_controller,

-- 
To view, visit https://gerrit.wikimedia.org/r/392861
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I87c541a339225b3f141adb61b291d9f2df753a64
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] labs/private[master]: openstack: remove labtest per host values

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/392859 )

Change subject: openstack: remove labtest per host values
..


openstack: remove labtest per host values

Bug: T171494
Change-Id: If819a071d9f90989919709c44f09331a2300
---
D hieradata/hosts/labtestcontrol2001.yaml
D hieradata/hosts/labtestnet2001.yaml
D hieradata/hosts/labtestneutron2001.yaml
D hieradata/hosts/labtestservices2001.yaml
D hieradata/hosts/labtestvirt2001.yaml
D hieradata/hosts/labtestweb2001.yaml
6 files changed, 0 insertions(+), 72 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/hieradata/hosts/labtestcontrol2001.yaml 
b/hieradata/hosts/labtestcontrol2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestcontrol2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestnet2001.yaml 
b/hieradata/hosts/labtestnet2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestnet2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestneutron2001.yaml 
b/hieradata/hosts/labtestneutron2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestneutron2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestservices2001.yaml 
b/hieradata/hosts/labtestservices2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestservices2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestvirt2001.yaml 
b/hieradata/hosts/labtestvirt2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestvirt2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestweb2001.yaml 
b/hieradata/hosts/labtestweb2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestweb2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'

-- 
To view, visit https://gerrit.wikimedia.org/r/392859
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If819a071d9f90989919709c44f09331a2300
Gerrit-PatchSet: 1
Gerrit-Project: labs/private
Gerrit-Branch: master
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] labs/private[master]: openstack: remove labtest per host values

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/392859 )

Change subject: openstack: remove labtest per host values
..

openstack: remove labtest per host values

Bug: T171494
Change-Id: If819a071d9f90989919709c44f09331a2300
---
D hieradata/hosts/labtestcontrol2001.yaml
D hieradata/hosts/labtestnet2001.yaml
D hieradata/hosts/labtestneutron2001.yaml
D hieradata/hosts/labtestservices2001.yaml
D hieradata/hosts/labtestvirt2001.yaml
D hieradata/hosts/labtestweb2001.yaml
6 files changed, 0 insertions(+), 72 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/labs/private 
refs/changes/59/392859/1

diff --git a/hieradata/hosts/labtestcontrol2001.yaml 
b/hieradata/hosts/labtestcontrol2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestcontrol2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestnet2001.yaml 
b/hieradata/hosts/labtestnet2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestnet2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestneutron2001.yaml 
b/hieradata/hosts/labtestneutron2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestneutron2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestservices2001.yaml 
b/hieradata/hosts/labtestservices2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestservices2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestvirt2001.yaml 
b/hieradata/hosts/labtestvirt2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestvirt2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'
diff --git a/hieradata/hosts/labtestweb2001.yaml 
b/hieradata/hosts/labtestweb2001.yaml
deleted file mode 100644
index a770031..000
--- a/hieradata/hosts/labtestweb2001.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-novaconfig:
-db_pass: 'lt-ueThe7moh7Hah'
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-keystoneconfig:
-ldap_user_pass: 'lt-ueThe7moh7Hah'
-ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo'
-
-labsldapconfig:
-  proxypass: 'lt-Eche0ieng8UaNoo'
-  script_user_pass: 'lt-ueThe7moh7Hah'

-- 
To view, visit https://gerrit.wikimedia.org/r/392859
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If819a071d9f90989919709c44f09331a2300
Gerrit-PatchSet: 1
Gerrit-Project: labs/private
Gerrit-Branch: master
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits