[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add bstorm to shinken instance
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/405886 ) Change subject: cloud: add bstorm to shinken instance .. cloud: add bstorm to shinken instance Bug: T185493 Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb --- M modules/nagios_common/files/contactgroups-labs.cfg M modules/nagios_common/files/contacts-labs.cfg 2 files changed, 10 insertions(+), 3 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/nagios_common/files/contactgroups-labs.cfg b/modules/nagios_common/files/contactgroups-labs.cfg index 3d15b64..e982e80 100644 --- a/modules/nagios_common/files/contactgroups-labs.cfg +++ b/modules/nagios_common/files/contactgroups-labs.cfg @@ -4,13 +4,13 @@ define contactgroup { contactgroup_name tools alias ToolLabs Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs +members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,bstorm,irc-labs } define contactgroup { contactgroup_name labs-infra alias Wikimedia Labs Infrastructure Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio +members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,bstorm,chicocvenancio } define contactgroup { @@ -52,5 +52,5 @@ define contactgroup { contactgroup_name shinken alias Shinken Administrators -members guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio +members guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio,bstorm } diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index 8dc99a8..98f167c 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -78,6 +78,13 @@ } define contact { +contact_namebstorm +alias bstorm +email bst...@wikimedia.org +use generic-contact +} + +define contact { contact_namechicocvenancio alias chicocvenancio email fvenan...@wikimedia.org -- To view, visit https://gerrit.wikimedia.org/r/405886 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add bstorm to shinken instance
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/405886 ) Change subject: cloud: add bstorm to shinken instance .. cloud: add bstorm to shinken instance Bug: T185493 Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb --- M modules/nagios_common/files/contactgroups-labs.cfg M modules/nagios_common/files/contacts-labs.cfg 2 files changed, 10 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/86/405886/1 diff --git a/modules/nagios_common/files/contactgroups-labs.cfg b/modules/nagios_common/files/contactgroups-labs.cfg index 3d15b64..e982e80 100644 --- a/modules/nagios_common/files/contactgroups-labs.cfg +++ b/modules/nagios_common/files/contactgroups-labs.cfg @@ -4,13 +4,13 @@ define contactgroup { contactgroup_name tools alias ToolLabs Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs +members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,bstorm,irc-labs } define contactgroup { contactgroup_name labs-infra alias Wikimedia Labs Infrastructure Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio +members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,bstorm,chicocvenancio } define contactgroup { @@ -52,5 +52,5 @@ define contactgroup { contactgroup_name shinken alias Shinken Administrators -members guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio +members guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio,bstorm } diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index 8dc99a8..98f167c 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -78,6 +78,13 @@ } define contact { +contact_namebstorm +alias bstorm +email bst...@wikimedia.org +use generic-contact +} + +define contact { contact_namechicocvenancio alias chicocvenancio email fvenan...@wikimedia.org -- To view, visit https://gerrit.wikimedia.org/r/405886 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5f9ba96b18059fb5f44131c0f92c2094f5de20bb Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add aborrero to shinken contact groups
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/405885 ) Change subject: cloud: add aborrero to shinken contact groups .. cloud: add aborrero to shinken contact groups Bug: T178807 Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1 --- M modules/nagios_common/files/contactgroups-labs.cfg 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/nagios_common/files/contactgroups-labs.cfg b/modules/nagios_common/files/contactgroups-labs.cfg index 1340a9b..3d15b64 100644 --- a/modules/nagios_common/files/contactgroups-labs.cfg +++ b/modules/nagios_common/files/contactgroups-labs.cfg @@ -4,13 +4,13 @@ define contactgroup { contactgroup_name tools alias ToolLabs Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs +members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs } define contactgroup { contactgroup_name labs-infra alias Wikimedia Labs Infrastructure Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio +members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio } define contactgroup { @@ -52,5 +52,5 @@ define contactgroup { contactgroup_name shinken alias Shinken Administrators -members guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio +members guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio } -- To view, visit https://gerrit.wikimedia.org/r/405885 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add aborrero to shinken contact groups
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/405885 ) Change subject: cloud: add aborrero to shinken contact groups .. cloud: add aborrero to shinken contact groups Bug: T178807 Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1 --- M modules/nagios_common/files/contactgroups-labs.cfg 1 file changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/85/405885/1 diff --git a/modules/nagios_common/files/contactgroups-labs.cfg b/modules/nagios_common/files/contactgroups-labs.cfg index 1340a9b..3d15b64 100644 --- a/modules/nagios_common/files/contactgroups-labs.cfg +++ b/modules/nagios_common/files/contactgroups-labs.cfg @@ -4,13 +4,13 @@ define contactgroup { contactgroup_name tools alias ToolLabs Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs +members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,aborrero,irc-labs } define contactgroup { contactgroup_name labs-infra alias Wikimedia Labs Infrastructure Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio +members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,aborrero,chicocvenancio } define contactgroup { @@ -52,5 +52,5 @@ define contactgroup { contactgroup_name shinken alias Shinken Administrators -members guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio +members guest,chasemp,madhuvishy,bd808,andrewbogott,aborrero,chicocvenancio } -- To view, visit https://gerrit.wikimedia.org/r/405885 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie9b4a524582c79a9539584160ff687c7c1b421c1 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: remove errant shinken line in contacts
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/405884 ) Change subject: cloud: remove errant shinken line in contacts .. cloud: remove errant shinken line in contacts Change-Id: I94be2073f6308aad280beffddcd801e02e14312c --- M modules/nagios_common/files/contacts-labs.cfg 1 file changed, 0 insertions(+), 2 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index 7b60651..8dc99a8 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -77,8 +77,6 @@ service_notification_commands notify-service-by-irc-ores } -fvenan...@wikimedia.org - define contact { contact_namechicocvenancio alias chicocvenancio -- To view, visit https://gerrit.wikimedia.org/r/405884 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I94be2073f6308aad280beffddcd801e02e14312c Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: remove errant shinken line in contacts
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/405884 ) Change subject: cloud: remove errant shinken line in contacts .. cloud: remove errant shinken line in contacts Change-Id: I94be2073f6308aad280beffddcd801e02e14312c --- M modules/nagios_common/files/contacts-labs.cfg 1 file changed, 0 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/84/405884/1 diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index 7b60651..8dc99a8 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -77,8 +77,6 @@ service_notification_commands notify-service-by-irc-ores } -fvenan...@wikimedia.org - define contact { contact_namechicocvenancio alias chicocvenancio -- To view, visit https://gerrit.wikimedia.org/r/405884 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I94be2073f6308aad280beffddcd801e02e14312c Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "ircecho: Remove support for sysvinit script"
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/405882 ) Change subject: Revert "ircecho: Remove support for sysvinit script" .. Revert "ircecho: Remove support for sysvinit script" This reverts commit 218543a121f93c28e64c88ce6646be82a3f9a9c8. This broke shinken-01.shinken.eqiad.wmflabs which is still Trusty and does monitoring for Tools, deployment-prep, etc Change-Id: Icbc32180ee6e7418110d147413ebacdd8c306f43 --- M modules/ircecho/manifests/init.pp A modules/ircecho/templates/initscripts/ircecho.sysvinit.erb 2 files changed, 145 insertions(+), 2 deletions(-) Approvals: Rush: Verified; Looks good to me, approved diff --git a/modules/ircecho/manifests/init.pp b/modules/ircecho/manifests/init.pp index b0b225f..bd7e9d4 100644 --- a/modules/ircecho/manifests/init.pp +++ b/modules/ircecho/manifests/init.pp @@ -33,9 +33,10 @@ notify => Service['ircecho'], } -systemd::service { 'ircecho': +base::service_unit { 'ircecho': ensure => $ensure, -content=> systemd_template('ircecho'), +systemd=> systemd_template('ircecho'), +sysvinit => sysvinit_template('ircecho'), require=> File['/usr/local/bin/ircecho'], service_params => { hasrestart => true, diff --git a/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb new file mode 100644 index 000..228834f --- /dev/null +++ b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb @@ -0,0 +1,142 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: irc-echoer +# Required-Start:$remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Input to IRC echoer +# Description: Input to IRC echoer +### END INIT INFO + +# Author: Ryan Lane+# +# Do NOT "set -e" + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Input to IRC echoer" +DAEMON="/usr/local/bin/ircecho" +USER="nobody" +SCRIPTNAME="/etc/init.d/ircecho" +NAME="ircecho" + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet -c $USER --exec $DAEMON --test -- --infile=$INFILE $CHANS $NICK $SERVER > /dev/null \ + || return 1 + start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet -c $USER --exec $DAEMON -- --infile=$INFILE $CHANS $NICK $SERVER \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --pidfile=/var/run/ircecho.pid --signal 9 --quiet + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + do_stop + do_start + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" +
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "ircecho: Remove support for sysvinit script"
Hello Paladox, Alexandros Kosiaris, jenkins-bot, Dzahn, I'd like you to do a code review. Please visit https://gerrit.wikimedia.org/r/405882 to review the following change. Change subject: Revert "ircecho: Remove support for sysvinit script" .. Revert "ircecho: Remove support for sysvinit script" This reverts commit 218543a121f93c28e64c88ce6646be82a3f9a9c8. This broke shinken-01.shinken.eqiad.wmflabs which is still Trusty and does monitoring for Tools, deployment-prep, etc Change-Id: Icbc32180ee6e7418110d147413ebacdd8c306f43 --- M modules/ircecho/manifests/init.pp A modules/ircecho/templates/initscripts/ircecho.sysvinit.erb 2 files changed, 145 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/82/405882/1 diff --git a/modules/ircecho/manifests/init.pp b/modules/ircecho/manifests/init.pp index b0b225f..bd7e9d4 100644 --- a/modules/ircecho/manifests/init.pp +++ b/modules/ircecho/manifests/init.pp @@ -33,9 +33,10 @@ notify => Service['ircecho'], } -systemd::service { 'ircecho': +base::service_unit { 'ircecho': ensure => $ensure, -content=> systemd_template('ircecho'), +systemd=> systemd_template('ircecho'), +sysvinit => sysvinit_template('ircecho'), require=> File['/usr/local/bin/ircecho'], service_params => { hasrestart => true, diff --git a/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb new file mode 100644 index 000..228834f --- /dev/null +++ b/modules/ircecho/templates/initscripts/ircecho.sysvinit.erb @@ -0,0 +1,142 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: irc-echoer +# Required-Start:$remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Input to IRC echoer +# Description: Input to IRC echoer +### END INIT INFO + +# Author: Ryan Lane+# +# Do NOT "set -e" + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Input to IRC echoer" +DAEMON="/usr/local/bin/ircecho" +USER="nobody" +SCRIPTNAME="/etc/init.d/ircecho" +NAME="ircecho" + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet -c $USER --exec $DAEMON --test -- --infile=$INFILE $CHANS $NICK $SERVER > /dev/null \ + || return 1 + start-stop-daemon --start -m --pidfile=/var/run/ircecho.pid -b --quiet -c $USER --exec $DAEMON -- --infile=$INFILE $CHANS $NICK $SERVER \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --pidfile=/var/run/ircecho.pid --signal 9 --quiet + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + do_stop + do_start + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + #
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add chicocvenancio to shinken
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/405880 ) Change subject: cloud: add chicocvenancio to shinken .. cloud: add chicocvenancio to shinken Bug: T185273 Change-Id: I471a70aec6bbde321474461384c16f397878db27 --- M modules/nagios_common/files/contactgroups-labs.cfg M modules/nagios_common/files/contacts-labs.cfg 2 files changed, 12 insertions(+), 3 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/nagios_common/files/contactgroups-labs.cfg b/modules/nagios_common/files/contactgroups-labs.cfg index c02377d..1340a9b 100644 --- a/modules/nagios_common/files/contactgroups-labs.cfg +++ b/modules/nagios_common/files/contactgroups-labs.cfg @@ -4,13 +4,13 @@ define contactgroup { contactgroup_name tools alias ToolLabs Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs +members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs } define contactgroup { contactgroup_name labs-infra alias Wikimedia Labs Infrastructure Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel +members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio } define contactgroup { @@ -52,5 +52,5 @@ define contactgroup { contactgroup_name shinken alias Shinken Administrators -members guest,chasemp,madhuvishy,bd808,andrewbogott +members guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio } diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index a8bf301..7b60651 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -77,6 +77,15 @@ service_notification_commands notify-service-by-irc-ores } +fvenan...@wikimedia.org + +define contact { +contact_namechicocvenancio +alias chicocvenancio +email fvenan...@wikimedia.org +use generic-contact +} + define contact { contact_nameaborrero alias Arturo Borrero -- To view, visit https://gerrit.wikimedia.org/r/405880 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I471a70aec6bbde321474461384c16f397878db27 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: add chicocvenancio to shinken
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/405880 ) Change subject: cloud: add chicocvenancio to shinken .. cloud: add chicocvenancio to shinken Bug: T185273 Change-Id: I471a70aec6bbde321474461384c16f397878db27 --- M modules/nagios_common/files/contactgroups-labs.cfg M modules/nagios_common/files/contacts-labs.cfg 2 files changed, 12 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/80/405880/1 diff --git a/modules/nagios_common/files/contactgroups-labs.cfg b/modules/nagios_common/files/contactgroups-labs.cfg index c02377d..1340a9b 100644 --- a/modules/nagios_common/files/contactgroups-labs.cfg +++ b/modules/nagios_common/files/contactgroups-labs.cfg @@ -4,13 +4,13 @@ define contactgroup { contactgroup_name tools alias ToolLabs Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs +members guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,chicocvenancio,irc-labs } define contactgroup { contactgroup_name labs-infra alias Wikimedia Labs Infrastructure Administrators -members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel +members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel,chicocvenancio } define contactgroup { @@ -52,5 +52,5 @@ define contactgroup { contactgroup_name shinken alias Shinken Administrators -members guest,chasemp,madhuvishy,bd808,andrewbogott +members guest,chasemp,madhuvishy,bd808,andrewbogott,chicocvenancio } diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index a8bf301..7b60651 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -77,6 +77,15 @@ service_notification_commands notify-service-by-irc-ores } +fvenan...@wikimedia.org + +define contact { +contact_namechicocvenancio +alias chicocvenancio +email fvenan...@wikimedia.org +use generic-contact +} + define contact { contact_nameaborrero alias Arturo Borrero -- To view, visit https://gerrit.wikimedia.org/r/405880 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I471a70aec6bbde321474461384c16f397878db27 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova-network and neutron nova::common split
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/405366 ) Change subject: openstack: nova-network and neutron nova::common split .. openstack: nova-network and neutron nova::common split These two paths will not coexist in the same deployment, and will not exist side by side long term so I am splitting the configuration rather than mix them with template logic or other logic branching for the same manifests. Bug: T171494 Change-Id: Iba0aecdfaa1e35c24dbc13a27d0459ce570abe3b --- C modules/openstack/manifests/nova/common/neutron.pp R modules/openstack/manifests/nova/common/nova_network.pp A modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb A modules/openstack/templates/liberty/nova/common/neutron/nova.conf.erb R modules/openstack/templates/liberty/nova/common/nova_network/api-paste.ini.erb R modules/openstack/templates/liberty/nova/common/nova_network/nova.conf.erb A modules/profile/manifests/openstack/base/nova/common/neutron.pp R modules/profile/manifests/openstack/base/nova/common/nova_network.pp M modules/profile/manifests/openstack/labtest/nova/common.pp M modules/profile/manifests/openstack/labtestn/nova/common.pp M modules/profile/manifests/openstack/main/nova/common.pp M modules/role/manifests/wmcs/openstack/labtestn/control.pp 12 files changed, 190 insertions(+), 84 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/66/405366/1 diff --git a/modules/openstack/manifests/nova/common.pp b/modules/openstack/manifests/nova/common/neutron.pp similarity index 69% copy from modules/openstack/manifests/nova/common.pp copy to modules/openstack/manifests/nova/common/neutron.pp index affa993..46073b1 100644 --- a/modules/openstack/manifests/nova/common.pp +++ b/modules/openstack/manifests/nova/common/neutron.pp @@ -1,36 +1,6 @@ -class openstack::nova::common( +class openstack::nova::common::neutron( $version, -$nova_controller, -$nova_api_host, -$nova_api_host_ip, -$dmz_cidr, -$dhcp_domain, -$quota_floating_ips, -$dhcp_start, -$network_flat_interface, -$flat_network_bridge, -$fixed_range, -$network_public_interface, -$network_public_ip, -$zone, -$scheduler_pool, -$db_user, -$db_pass, -$db_host, -$db_name, -$ldap_user_pass, -$libvirt_type, -$live_migration_uri, -$glance_host, -$rabbit_user, -$rabbit_host, -$rabbit_pass, -$spice_hostname, -$keystone_auth_uri, -$keystone_admin_uri, ) { - -$nova_controller_ip = ipresolve($nova_controller,4) $packages = [ 'unzip', @@ -63,13 +33,13 @@ file { '/etc/nova/nova.conf': -content => template("openstack/${version}/nova/common/nova.conf.erb"), +content => template("openstack/${version}/nova/common/neutron/nova.conf.erb"), owner => 'nova', group => 'nogroup', mode=> '0440', require => Package['nova-common']; '/etc/nova/api-paste.ini': -content => template("openstack/${version}/nova/common/api-paste.ini.erb"), +content => template("openstack/${version}/nova/common/neutron/api-paste.ini.erb"), owner => 'nova', group => 'nogroup', mode=> '0440', diff --git a/modules/openstack/manifests/nova/common.pp b/modules/openstack/manifests/nova/common/nova_network.pp similarity index 94% rename from modules/openstack/manifests/nova/common.pp rename to modules/openstack/manifests/nova/common/nova_network.pp index affa993..fc1bf28 100644 --- a/modules/openstack/manifests/nova/common.pp +++ b/modules/openstack/manifests/nova/common/nova_network.pp @@ -1,4 +1,4 @@ -class openstack::nova::common( +class openstack::nova::common::nova_network( $version, $nova_controller, $nova_api_host, @@ -63,13 +63,13 @@ file { '/etc/nova/nova.conf': -content => template("openstack/${version}/nova/common/nova.conf.erb"), +content => template("openstack/${version}/nova/common/nova_network/nova.conf.erb"), owner => 'nova', group => 'nogroup', mode=> '0440', require => Package['nova-common']; '/etc/nova/api-paste.ini': -content => template("openstack/${version}/nova/common/api-paste.ini.erb"), +content => template("openstack/${version}/nova/common/nova_network/api-paste.ini.erb"), owner => 'nova', group => 'nogroup', mode=> '0440', diff --git a/modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb b/modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb new file mode 100644 index 000..80e09dc --- /dev/null +++ b/modules/openstack/templates/liberty/nova/common/neutron/api-paste.ini.erb @@ -0,0
[MediaWiki-commits] [Gerrit] operations/puppet[production]: icinga: add aborrero to sms group
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/404751 ) Change subject: icinga: add aborrero to sms group .. icinga: add aborrero to sms group Bug: T178807 Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5 --- M modules/nagios_common/files/contactgroups.cfg 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified Dzahn: Looks good to me, but someone else must approve diff --git a/modules/nagios_common/files/contactgroups.cfg b/modules/nagios_common/files/contactgroups.cfg index 7b861f6..efb4ee4 100644 --- a/modules/nagios_common/files/contactgroups.cfg +++ b/modules/nagios_common/files/contactgroups.cfg @@ -46,7 +46,7 @@ define contactgroup { contactgroup_name sms -members akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron +members akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron,aborrero } define contactgroup { -- To view, visit https://gerrit.wikimedia.org/r/404751 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Arturo Borrero Gonzalez Gerrit-Reviewer: Dzahn Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: icinga: add aborrero to sms group
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/404751 ) Change subject: icinga: add aborrero to sms group .. icinga: add aborrero to sms group Bug: T178807 Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5 --- M modules/nagios_common/files/contactgroups.cfg 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/51/404751/1 diff --git a/modules/nagios_common/files/contactgroups.cfg b/modules/nagios_common/files/contactgroups.cfg index 7b861f6..efb4ee4 100644 --- a/modules/nagios_common/files/contactgroups.cfg +++ b/modules/nagios_common/files/contactgroups.cfg @@ -46,7 +46,7 @@ define contactgroup { contactgroup_name sms -members akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron +members akosiaris,andrew,ariel,bblack,cmjohnson,dzahn,ema,faidon,fgiunchedi,mark,otto,robh,volans,tstarling,rush,glavagetto,yuvipanda,jmm,jcrespo,team-operations,gehel,madhuvishy,marostegui,elukey,herron,aborrero } define contactgroup { -- To view, visit https://gerrit.wikimedia.org/r/404751 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I27a822399d97d63e4b62bffb03a67e5e2d3f8eb5 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: labvirt settle on meltdown kernel
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/404588 ) Change subject: cloud: labvirt settle on meltdown kernel .. cloud: labvirt settle on meltdown kernel Bug: T184189 Change-Id: I8da97b71a88788eff8e107c8875baba9c511ca33 --- M modules/openstack/manifests/nova/compute/audit.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/88/404588/1 diff --git a/modules/openstack/manifests/nova/compute/audit.pp b/modules/openstack/manifests/nova/compute/audit.pp index e9ccb94..7e632c6 100644 --- a/modules/openstack/manifests/nova/compute/audit.pp +++ b/modules/openstack/manifests/nova/compute/audit.pp @@ -6,7 +6,7 @@ # Virtio has shown to be non-determinstic on certain host:client kernel # version matchups (IO freezing) class openstack::nova::compute::audit( -$whitelist_kernels=['4.4.0-81-generic', '4.4.0-109-generic'], +$whitelist_kernels=['4.4.0-109-generic'], ) { if os_version('ubuntu >= trusty') { -- To view, visit https://gerrit.wikimedia.org/r/404588 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8da97b71a88788eff8e107c8875baba9c511ca33 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: add arturo to existing shinken
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/404446 ) Change subject: tools: add arturo to existing shinken .. tools: add arturo to existing shinken Bug: T178807 Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518 --- M modules/nagios_common/files/contacts-labs.cfg 1 file changed, 7 insertions(+), 0 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index 13d45f9..a8bf301 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -78,6 +78,13 @@ } define contact { +contact_nameaborrero +alias Arturo Borrero +email aborr...@wikimedia.org +use generic-contact +} + +define contact { contact_namechasemp alias Chase Pettet email cpet...@wikimedia.org -- To view, visit https://gerrit.wikimedia.org/r/404446 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: add arturo to existing shinken
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/404446 ) Change subject: tools: add arturo to existing shinken .. tools: add arturo to existing shinken Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518 Bugs: T178807 --- M modules/nagios_common/files/contacts-labs.cfg 1 file changed, 7 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/46/404446/1 diff --git a/modules/nagios_common/files/contacts-labs.cfg b/modules/nagios_common/files/contacts-labs.cfg index 13d45f9..a8bf301 100644 --- a/modules/nagios_common/files/contacts-labs.cfg +++ b/modules/nagios_common/files/contacts-labs.cfg @@ -78,6 +78,13 @@ } define contact { +contact_nameaborrero +alias Arturo Borrero +email aborr...@wikimedia.org +use generic-contact +} + +define contact { contact_namechasemp alias Chase Pettet email cpet...@wikimedia.org -- To view, visit https://gerrit.wikimedia.org/r/404446 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I044662c1f287f2b0fe5c0b4edae9f096d47e9518 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: rm source from /usr/local/sbin/ferm_restart_handler
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/403411 ) Change subject: tools: rm source from /usr/local/sbin/ferm_restart_handler .. tools: rm source from /usr/local/sbin/ferm_restart_handler Otherwise it tries to eval even before in either absent or present context and errors. Change-Id: I31191600558b62eeda30614243e08914ec7f6998 --- M modules/toollabs/manifests/ferm_handlers.pp 1 file changed, 1 insertion(+), 5 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/toollabs/manifests/ferm_handlers.pp b/modules/toollabs/manifests/ferm_handlers.pp index 21bca72..bb42bba 100644 --- a/modules/toollabs/manifests/ferm_handlers.pp +++ b/modules/toollabs/manifests/ferm_handlers.pp @@ -7,10 +7,6 @@ file {'/usr/local/sbin/ferm_restart_handler': ensure => 'absent', -source => 'puppet:///modules/toollabs/ferm_restart_handler.sh', -owner => 'root', -group => 'root', -mode => '0555', } file {'/usr/local/sbin/ferm_pre_handler': @@ -29,7 +25,7 @@ ferm::conf{'ferm_pre_handler': prio => '00', -content => '@hook post "/usr/local/sbin/ferm_pre_handler";', +content => '@hook pre "/usr/local/sbin/ferm_pre_handler";', subscribe => File['/usr/local/sbin/ferm_pre_handler'], } -- To view, visit https://gerrit.wikimedia.org/r/403411 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I31191600558b62eeda30614243e08914ec7f6998 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: BryanDavis Gerrit-Reviewer: Merlijn van Deen Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: rm source from /usr/local/sbin/ferm_restart_handler
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/403411 ) Change subject: tools: rm source from /usr/local/sbin/ferm_restart_handler .. tools: rm source from /usr/local/sbin/ferm_restart_handler Otherwise it tries to eval even before in either absent or present context and errors. Change-Id: I31191600558b62eeda30614243e08914ec7f6998 --- M modules/toollabs/manifests/ferm_handlers.pp 1 file changed, 0 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/11/403411/1 diff --git a/modules/toollabs/manifests/ferm_handlers.pp b/modules/toollabs/manifests/ferm_handlers.pp index 21bca72..dc396c2 100644 --- a/modules/toollabs/manifests/ferm_handlers.pp +++ b/modules/toollabs/manifests/ferm_handlers.pp @@ -7,10 +7,6 @@ file {'/usr/local/sbin/ferm_restart_handler': ensure => 'absent', -source => 'puppet:///modules/toollabs/ferm_restart_handler.sh', -owner => 'root', -group => 'root', -mode => '0555', } file {'/usr/local/sbin/ferm_pre_handler': -- To view, visit https://gerrit.wikimedia.org/r/403411 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I31191600558b62eeda30614243e08914ec7f6998 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm pre hook to stop kube-proxy
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/403308 ) Change subject: tools: ferm pre hook to stop kube-proxy .. tools: ferm pre hook to stop kube-proxy There is a dangerous race condition here between kube-proxy and ferm. The only sane thing to do is have one updating at a time. This needs to be revisited and reworked. Bug: T182722 Change-Id: Icca8d25948451b31e3c0781c67906e93281939fa --- M modules/role/manifests/toollabs/k8s/worker.pp M modules/role/manifests/toollabs/proxy.pp R modules/toollabs/files/ferm_post_handler.sh A modules/toollabs/files/ferm_pre_handler.sh A modules/toollabs/manifests/ferm_handlers.pp D modules/toollabs/manifests/ferm_restart_handler.pp 6 files changed, 55 insertions(+), 23 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/role/manifests/toollabs/k8s/worker.pp b/modules/role/manifests/toollabs/k8s/worker.pp index 928d82a..dd88f04 100644 --- a/modules/role/manifests/toollabs/k8s/worker.pp +++ b/modules/role/manifests/toollabs/k8s/worker.pp @@ -2,7 +2,7 @@ class role::toollabs::k8s::worker { include ::toollabs::infrastructure include ::base::firewall -include ::toollabs::ferm_restart_handler +include ::toollabs::ferm_handlers $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), ':2379'), 'https://'), ',') diff --git a/modules/role/manifests/toollabs/proxy.pp b/modules/role/manifests/toollabs/proxy.pp index c82cfef..4490ab9 100644 --- a/modules/role/manifests/toollabs/proxy.pp +++ b/modules/role/manifests/toollabs/proxy.pp @@ -3,7 +3,7 @@ include ::toollabs::proxy include ::role::toollabs::k8s::webproxy include ::base::firewall -include ::toollabs::ferm_restart_handler +include ::toollabs::ferm_handlers ferm::service { 'proxymanager': proto => 'tcp', diff --git a/modules/toollabs/files/ferm_restart_handler.sh b/modules/toollabs/files/ferm_post_handler.sh similarity index 97% rename from modules/toollabs/files/ferm_restart_handler.sh rename to modules/toollabs/files/ferm_post_handler.sh index 692219d..e324bf4 100644 --- a/modules/toollabs/files/ferm_restart_handler.sh +++ b/modules/toollabs/files/ferm_post_handler.sh @@ -1,4 +1,4 @@ -#/bin/bash +#!/bin/bash /usr/bin/logger -i -t ${0} "restart firewall components post ferm management" diff --git a/modules/toollabs/files/ferm_pre_handler.sh b/modules/toollabs/files/ferm_pre_handler.sh new file mode 100644 index 000..0a3301a --- /dev/null +++ b/modules/toollabs/files/ferm_pre_handler.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# https://kubernetes.io/docs/reference/generated/kube-proxy/ +# kube-proxy does its own competing state dump and restore +# we stop kube-proxy here for the duration. +# Ferm seems to handle these pre-hooks intelligently in that +# a bad config or an unresolvable host in a rule is checked +# before any prehooks. In that case Ferm itself will stop +# but kube-proxy will never be touched. +/usr/bin/logger -i -t ${0} "stop kube-proxy" +service kube-proxy stop diff --git a/modules/toollabs/manifests/ferm_handlers.pp b/modules/toollabs/manifests/ferm_handlers.pp new file mode 100644 index 000..21bca72 --- /dev/null +++ b/modules/toollabs/manifests/ferm_handlers.pp @@ -0,0 +1,41 @@ +# tldr; hook post ferm updates to let other interested +# parties resync their iptables state. +# See: T182722 +# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks + +class toollabs::ferm_handlers{ + +file {'/usr/local/sbin/ferm_restart_handler': +ensure => 'absent', +source => 'puppet:///modules/toollabs/ferm_restart_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +file {'/usr/local/sbin/ferm_pre_handler': +source => 'puppet:///modules/toollabs/ferm_pre_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +file {'/usr/local/sbin/ferm_post_handler': +source => 'puppet:///modules/toollabs/ferm_post_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +ferm::conf{'ferm_pre_handler': +prio => '00', +content => '@hook post "/usr/local/sbin/ferm_pre_handler";', +subscribe => File['/usr/local/sbin/ferm_pre_handler'], +} + +ferm::conf{'ferm_post_handler': +prio => '00', +content => '@hook post "/usr/local/sbin/ferm_post_handler";', +subscribe => File['/usr/local/sbin/ferm_post_handler'], +} +} diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp b/modules/toollabs/manifests/ferm_restart_handler.pp deleted file mode 100644 index 58a4437..000 --- a/modules/toollabs/manifests/ferm_restart_handler.pp +++ /dev/null @@ -1,20 +0,0 @@ -# tldr; hook post ferm updates to let other interested
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm pre hook to stop kube-proxy
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/403308 ) Change subject: tools: ferm pre hook to stop kube-proxy .. tools: ferm pre hook to stop kube-proxy There is a dangerous race condition here between kube-proxy and ferm. The only sane thing to do is have one updating at a time. This needs to be revisited and reworked. Bug: T182722 Change-Id: Icca8d25948451b31e3c0781c67906e93281939fa --- M modules/role/manifests/toollabs/k8s/worker.pp M modules/role/manifests/toollabs/proxy.pp R modules/toollabs/files/ferm_post_handler.sh A modules/toollabs/files/ferm_pre_handler.sh A modules/toollabs/manifests/ferm_handlers.pp D modules/toollabs/manifests/ferm_restart_handler.pp 6 files changed, 55 insertions(+), 23 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/08/403308/1 diff --git a/modules/role/manifests/toollabs/k8s/worker.pp b/modules/role/manifests/toollabs/k8s/worker.pp index 928d82a..dd88f04 100644 --- a/modules/role/manifests/toollabs/k8s/worker.pp +++ b/modules/role/manifests/toollabs/k8s/worker.pp @@ -2,7 +2,7 @@ class role::toollabs::k8s::worker { include ::toollabs::infrastructure include ::base::firewall -include ::toollabs::ferm_restart_handler +include ::toollabs::ferm_handlers $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), ':2379'), 'https://'), ',') diff --git a/modules/role/manifests/toollabs/proxy.pp b/modules/role/manifests/toollabs/proxy.pp index c82cfef..4490ab9 100644 --- a/modules/role/manifests/toollabs/proxy.pp +++ b/modules/role/manifests/toollabs/proxy.pp @@ -3,7 +3,7 @@ include ::toollabs::proxy include ::role::toollabs::k8s::webproxy include ::base::firewall -include ::toollabs::ferm_restart_handler +include ::toollabs::ferm_handlers ferm::service { 'proxymanager': proto => 'tcp', diff --git a/modules/toollabs/files/ferm_restart_handler.sh b/modules/toollabs/files/ferm_post_handler.sh similarity index 97% rename from modules/toollabs/files/ferm_restart_handler.sh rename to modules/toollabs/files/ferm_post_handler.sh index 692219d..e324bf4 100644 --- a/modules/toollabs/files/ferm_restart_handler.sh +++ b/modules/toollabs/files/ferm_post_handler.sh @@ -1,4 +1,4 @@ -#/bin/bash +#!/bin/bash /usr/bin/logger -i -t ${0} "restart firewall components post ferm management" diff --git a/modules/toollabs/files/ferm_pre_handler.sh b/modules/toollabs/files/ferm_pre_handler.sh new file mode 100644 index 000..0a3301a --- /dev/null +++ b/modules/toollabs/files/ferm_pre_handler.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# https://kubernetes.io/docs/reference/generated/kube-proxy/ +# kube-proxy does its own competing state dump and restore +# we stop kube-proxy here for the duration. +# Ferm seems to handle these pre-hooks intelligently in that +# a bad config or an unresolvable host in a rule is checked +# before any prehooks. In that case Ferm itself will stop +# but kube-proxy will never be touched. +/usr/bin/logger -i -t ${0} "stop kube-proxy" +service kube-proxy stop diff --git a/modules/toollabs/manifests/ferm_handlers.pp b/modules/toollabs/manifests/ferm_handlers.pp new file mode 100644 index 000..a8c789a --- /dev/null +++ b/modules/toollabs/manifests/ferm_handlers.pp @@ -0,0 +1,41 @@ +# tldr; hook post ferm updates to let other interested +# parties resync their iptables state. +# See: T182722 +# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks + +class toollabs::ferm_handlers{ + +file {'/usr/local/sbin/ferm_restart_handler': +ensure => 'absent', +source => 'puppet:///modules/toollabs/ferm_restart_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +file {'/usr/local/sbin/ferm_pre_handler': +source => 'puppet:///modules/toollabs/ferm_pre_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +file {'/usr/local/sbin/ferm_post_handler': +source => 'puppet:///modules/toollabs/ferm_post_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +ferm::conf{'ferm_pre_handler': +prio => 00, +content => '@hook post "/usr/local/sbin/ferm_pre_handler";', +subscribe => File['/usr/local/sbin/ferm_pre_handler'], +} + +ferm::conf{'ferm_post_handler': +prio => 00, +content => '@hook post "/usr/local/sbin/ferm_post_handler";', +subscribe => File['/usr/local/sbin/ferm_post_handler'], +} +} diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp b/modules/toollabs/manifests/ferm_restart_handler.pp deleted file mode 100644 index 58a4437..000 --- a/modules/toollabs/manifests/ferm_restart_handler.pp +++ /dev/null @@ -1,20 +0,0 @@ -# tldr; hook post ferm updates to let other
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm handler updates
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/403231 ) Change subject: tools: ferm handler updates .. tools: ferm handler updates * Apply to workers and exclude master for now * Remove user check handling as it's causing syntax issues in the context of ferm for not by user. Investigating. * consolidate on base::fireall for now for proxy and workers Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668 --- M modules/role/manifests/toollabs/k8s/master.pp M modules/role/manifests/toollabs/k8s/worker.pp M modules/toollabs/files/ferm_restart_handler.sh 3 files changed, 2 insertions(+), 8 deletions(-) Approvals: Rush: Verified; Looks good to me, approved diff --git a/modules/role/manifests/toollabs/k8s/master.pp b/modules/role/manifests/toollabs/k8s/master.pp index 1c0d78c..7fd1e35 100644 --- a/modules/role/manifests/toollabs/k8s/master.pp +++ b/modules/role/manifests/toollabs/k8s/master.pp @@ -4,7 +4,6 @@ ) { include ::toollabs::infrastructure include ::base::firewall -include ::toollabs::ferm_restart_handler $master_host = hiera('k8s::master_host', $::fqdn) $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://') diff --git a/modules/role/manifests/toollabs/k8s/worker.pp b/modules/role/manifests/toollabs/k8s/worker.pp index 76f34fb..928d82a 100644 --- a/modules/role/manifests/toollabs/k8s/worker.pp +++ b/modules/role/manifests/toollabs/k8s/worker.pp @@ -1,6 +1,8 @@ # filtertags: labs-project-tools class role::toollabs::k8s::worker { include ::toollabs::infrastructure +include ::base::firewall +include ::toollabs::ferm_restart_handler $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), ':2379'), 'https://'), ',') @@ -71,6 +73,4 @@ ferm::rule {'rest-of-everything': rule => 'saddr 10.0.0.0/8 proto tcp dport (1:8472 8473:10249 10251:10254 10256:65535) ACCEPT;' } - -include profile::base::firewall } diff --git a/modules/toollabs/files/ferm_restart_handler.sh b/modules/toollabs/files/ferm_restart_handler.sh index 5581387..692219d 100644 --- a/modules/toollabs/files/ferm_restart_handler.sh +++ b/modules/toollabs/files/ferm_restart_handler.sh @@ -1,10 +1,5 @@ #/bin/bash -if [[ $EUID -ne 0 ]]; then - echo "This script must be run as root" 1>&2 - exit 1 -fi - /usr/bin/logger -i -t ${0} "restart firewall components post ferm management" # Ferm expects to handle all firewall state -- To view, visit https://gerrit.wikimedia.org/r/403231 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: ferm handler updates
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/403231 ) Change subject: tools: ferm handler updates .. tools: ferm handler updates * Apply to workers and exclude master for now * Remove user check handling as it's causing syntax issues in the context of ferm for not by user. Investigating. * consolidate on base::fireall for now for proxy and workers Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668 --- M modules/role/manifests/toollabs/k8s/master.pp M modules/role/manifests/toollabs/k8s/worker.pp M modules/toollabs/files/ferm_restart_handler.sh 3 files changed, 2 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/31/403231/1 diff --git a/modules/role/manifests/toollabs/k8s/master.pp b/modules/role/manifests/toollabs/k8s/master.pp index 1c0d78c..7fd1e35 100644 --- a/modules/role/manifests/toollabs/k8s/master.pp +++ b/modules/role/manifests/toollabs/k8s/master.pp @@ -4,7 +4,6 @@ ) { include ::toollabs::infrastructure include ::base::firewall -include ::toollabs::ferm_restart_handler $master_host = hiera('k8s::master_host', $::fqdn) $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://') diff --git a/modules/role/manifests/toollabs/k8s/worker.pp b/modules/role/manifests/toollabs/k8s/worker.pp index 76f34fb..928d82a 100644 --- a/modules/role/manifests/toollabs/k8s/worker.pp +++ b/modules/role/manifests/toollabs/k8s/worker.pp @@ -1,6 +1,8 @@ # filtertags: labs-project-tools class role::toollabs::k8s::worker { include ::toollabs::infrastructure +include ::base::firewall +include ::toollabs::ferm_restart_handler $flannel_etcd_url = join(prefix(suffix(hiera('flannel::etcd_hosts'), ':2379'), 'https://'), ',') @@ -71,6 +73,4 @@ ferm::rule {'rest-of-everything': rule => 'saddr 10.0.0.0/8 proto tcp dport (1:8472 8473:10249 10251:10254 10256:65535) ACCEPT;' } - -include profile::base::firewall } diff --git a/modules/toollabs/files/ferm_restart_handler.sh b/modules/toollabs/files/ferm_restart_handler.sh index 5581387..692219d 100644 --- a/modules/toollabs/files/ferm_restart_handler.sh +++ b/modules/toollabs/files/ferm_restart_handler.sh @@ -1,10 +1,5 @@ #/bin/bash -if [[ $EUID -ne 0 ]]; then - echo "This script must be run as root" 1>&2 - exit 1 -fi - /usr/bin/logger -i -t ${0} "restart firewall components post ferm management" # Ferm expects to handle all firewall state -- To view, visit https://gerrit.wikimedia.org/r/403231 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I86f13a365c506d7ea4ab8f57adea37be1ffb9668 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: toolforge: ferm hook to restart components post updates
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/403072 ) Change subject: toolforge: ferm hook to restart components post updates .. toolforge: ferm hook to restart components post updates http://ferm.foo-projects.org/download/2.1/ferm.html#hooks * Ferm is not playing nice with other iptables tenants * Tested an /etc/ferm/conf.d/00_hooks to see it run external scripts in what seems like a totally post updates state. This hopefully allows kube-proxy, flannel, and docker to deal with Ferm stomping all around. This is a midterm fix where other options are being explored in the context of the task. Right now any update to Ferm, even a definition MAC, results in an outage for k8s in Toolforge. Note - the task includes restarting kubelet in the service handling post ferm update to mitigate. This seems not to be necessary so is excluded to reduce to necessary scope. Bug: T182722 Change-Id: I5c700a2c8bce6050e8cb761450d3716a6b3f33c9 --- M modules/role/manifests/toollabs/k8s/master.pp M modules/role/manifests/toollabs/proxy.pp A modules/toollabs/files/ferm_restart_handler.sh A modules/toollabs/manifests/ferm_restart_handler.pp M modules/toollabs/manifests/proxy.pp 5 files changed, 45 insertions(+), 2 deletions(-) Approvals: Arturo Borrero Gonzalez: Looks good to me, but someone else must approve Rush: Verified; Looks good to me, approved diff --git a/modules/role/manifests/toollabs/k8s/master.pp b/modules/role/manifests/toollabs/k8s/master.pp index 81647b4..1c0d78c 100644 --- a/modules/role/manifests/toollabs/k8s/master.pp +++ b/modules/role/manifests/toollabs/k8s/master.pp @@ -2,8 +2,9 @@ class role::toollabs::k8s::master( $use_puppet_certs = false, ) { -include ::base::firewall include ::toollabs::infrastructure +include ::base::firewall +include ::toollabs::ferm_restart_handler $master_host = hiera('k8s::master_host', $::fqdn) $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://') diff --git a/modules/role/manifests/toollabs/proxy.pp b/modules/role/manifests/toollabs/proxy.pp index be70d49..c82cfef 100644 --- a/modules/role/manifests/toollabs/proxy.pp +++ b/modules/role/manifests/toollabs/proxy.pp @@ -2,6 +2,8 @@ class role::toollabs::proxy { include ::toollabs::proxy include ::role::toollabs::k8s::webproxy +include ::base::firewall +include ::toollabs::ferm_restart_handler ferm::service { 'proxymanager': proto => 'tcp', diff --git a/modules/toollabs/files/ferm_restart_handler.sh b/modules/toollabs/files/ferm_restart_handler.sh new file mode 100644 index 000..5581387 --- /dev/null +++ b/modules/toollabs/files/ferm_restart_handler.sh @@ -0,0 +1,21 @@ +#/bin/bash + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" 1>&2 + exit 1 +fi + +/usr/bin/logger -i -t ${0} "restart firewall components post ferm management" + +# Ferm expects to handle all firewall state +# and that does not mesh well with dynamic chain management. +# We tell the k8s stack here to restart +# +# This should be no more invasive than a rescheduling +# of a POD to another worker. +# +# If we are living in an nftables world when you read +# this, then this should be totally rethought. +service docker restart +service flannel restart +service kube-proxy restart diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp b/modules/toollabs/manifests/ferm_restart_handler.pp new file mode 100644 index 000..58a4437 --- /dev/null +++ b/modules/toollabs/manifests/ferm_restart_handler.pp @@ -0,0 +1,20 @@ +# tldr; hook post ferm updates to let other interested +# parties resync their iptables state. +# See: T182722 +class toollabs::ferm_restart_handler{ + +file {'/usr/local/sbin/ferm_restart_handler': +source => 'puppet:///modules/toollabs/ferm_restart_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks +# https://phabricator.wikimedia.org/T182722 +ferm::conf{'ferm_restart_handler': +prio => 00, +content => '@hook post "/usr/local/sbin/ferm_restart_handler";', +subscribe => File['/usr/local/sbin/ferm_restart_handler'], +} +} diff --git a/modules/toollabs/manifests/proxy.pp b/modules/toollabs/manifests/proxy.pp index 63953dd..9befba2 100644 --- a/modules/toollabs/manifests/proxy.pp +++ b/modules/toollabs/manifests/proxy.pp @@ -9,7 +9,6 @@ include ::toollabs::infrastructure include ::redis::client::python -include ::base::firewall if $ssl_install_certificate { sslcert::certificate { $ssl_certificate_name: -- To view, visit https://gerrit.wikimedia.org/r/403072 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id:
[MediaWiki-commits] [Gerrit] operations/puppet[production]: wip: rabbitmq: handling users and initial setup
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/403202 ) Change subject: wip: rabbitmq: handling users and initial setup .. wip: rabbitmq: handling users and initial setup A few inconsistencies and issues across our stuff: * labtestcontrol2001 did not have the management plugin enabled which made the cleanup cron invalid * the queuecleanup script did not handle a queue not being present yet and they are created dynamically (this is not by necessarily an errant state) * queuecleanup script had hard coded credentials * There has been no way to manage rabbitmq users and this has largely been done adhoc and outside of Puppets purview resulting in inconsistencies * Rabbitmq can run on the non-primary control node and really needs to in order to manage rabbit internals as rabbit has a local user database and settings. * guest account had been left in use on installs * header docs for rabbit/init.pp were confusing Change-Id: I1870faa07e49603bd7eff9f38cc1202519aeb467 --- M modules/profile/manifests/openstack/base/rabbitmq.pp M modules/rabbitmq/files/drain_queue A modules/rabbitmq/files/rabbit_random_guest.sh M modules/rabbitmq/manifests/cleanup.pp M modules/rabbitmq/manifests/init.pp A modules/rabbitmq/manifests/user.pp 6 files changed, 142 insertions(+), 27 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/02/403202/1 diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index efd0127..ffececf 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -10,7 +10,6 @@ ){ class { '::rabbitmq': -running => $::fqdn == $nova_controller, file_handles => $file_handles, } contain '::rabbitmq' diff --git a/modules/rabbitmq/files/drain_queue b/modules/rabbitmq/files/drain_queue index bd14e4e..4b98dbf 100644 --- a/modules/rabbitmq/files/drain_queue +++ b/modules/rabbitmq/files/drain_queue @@ -28,17 +28,21 @@ import urllib.parse +def eprint(*args, **kwargs): +print(*args, file=sys.stderr, **kwargs) + def die(s): -print('*** {}'.format(s), file=sys.stderr) +eprint('*** {}'.format(s)) exit(1) - -def http_req(verb, path, body=None): +def http_req(username, password, verb, path, body=None): path = '/api%s' % path conn = http.client.HTTPConnection('localhost', 15672) +credentials = '{}:{}'.format(username, password) +b = credentials.encode() headers = { 'Authorization': 'Basic {}'.format( -base64.b64encode(b'guest:guest').decode('ascii')), +base64.b64encode(b).decode('ascii')), } if body: headers['Content-Type'] = 'application/json' @@ -53,11 +57,20 @@ if resp.status == 401: die('Access refused: {}'.format(path)) if resp.status == 404: -die('Not found: {}'.format(path)) +# Rabbitmq manages queues dynamically so +# the existence of a queue may depend on a message +# ever needing to be delivered to it. Even +# necessary queues are often created on-demand. +eprint('Queue not found!') +return json.dumps('') if resp.status == 301: url = urllib.parse.urlparse(resp.getheader('location')) [host, port] = url.netloc.split(':') -return http_req(verb, url.path + '?' + url.query, body) +return http_req(username, +password, +verb, +url.path + '?' + url.query, +body) if resp.status < 200 or resp.status > 400: raise Exception( 'Received {:d} {} for path {}\n{}'.format( @@ -65,12 +78,19 @@ return resp_body -def http_json(verb, path, body=None): -return json.loads(http_req(verb, path, body)) +def http_json(username, password, verb, path, body=None): +return json.loads(http_req(username, password, verb, path, body)) -def message_count(queue): -return http_json('GET', '/queues/%2F/{}'.format(queue))['messages_ready'] +def message_count(username, password, queue): +out = http_json(username, + password, + 'GET', + '/queues/%2F/{}'.format(queue)) +if not out: +return None +return out['messages_ready'] + def main(): @@ -86,14 +106,29 @@ parser.add_argument( 'queue', metavar='QUEUE', nargs=1, help='queue to read messages from') +parser.add_argument( +'--username', default='drainqueue', +help='username to connect to rabbitmq') +parser.add_argument( +'--password', default='', +help='password to connect to rabbitmq') + args = parser.parse_args() queue = args.queue[0] +username = args.username +password =
[MediaWiki-commits] [Gerrit] operations/puppet[production]: WIP: toolforge: ferm hook to restart components post updates
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/403072 ) Change subject: WIP: toolforge: ferm hook to restart components post updates .. WIP: toolforge: ferm hook to restart components post updates * Ferm is not playing nice with other iptables tenants * Tested an /etc/ferm/conf.d/00_hooks to see it run external scripts in what seems like a totally post updates state. This hopefully let's kube-proxy, flannel, and docker deal with Ferm stomping all around. This is a midterm fix where other options are being explored in the context of the task. Right now any update to Ferm, even a definition MAC, results in an outage for k8s in Toolforge. Bug: T182722 Change-Id: I5c700a2c8bce6050e8cb761450d3716a6b3f33c9 --- M modules/role/manifests/toollabs/k8s/master.pp M modules/role/manifests/toollabs/proxy.pp A modules/toollabs/files/ferm_restart_handler.sh A modules/toollabs/manifests/ferm_restart_handler.pp M modules/toollabs/manifests/proxy.pp 5 files changed, 40 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/72/403072/1 diff --git a/modules/role/manifests/toollabs/k8s/master.pp b/modules/role/manifests/toollabs/k8s/master.pp index 81647b4..1c0d78c 100644 --- a/modules/role/manifests/toollabs/k8s/master.pp +++ b/modules/role/manifests/toollabs/k8s/master.pp @@ -2,8 +2,9 @@ class role::toollabs::k8s::master( $use_puppet_certs = false, ) { -include ::base::firewall include ::toollabs::infrastructure +include ::base::firewall +include ::toollabs::ferm_restart_handler $master_host = hiera('k8s::master_host', $::fqdn) $etcd_url = prefix(suffix(hiera('k8s::etcd_hosts'), ':2379'), 'https://') diff --git a/modules/role/manifests/toollabs/proxy.pp b/modules/role/manifests/toollabs/proxy.pp index be70d49..c82cfef 100644 --- a/modules/role/manifests/toollabs/proxy.pp +++ b/modules/role/manifests/toollabs/proxy.pp @@ -2,6 +2,8 @@ class role::toollabs::proxy { include ::toollabs::proxy include ::role::toollabs::k8s::webproxy +include ::base::firewall +include ::toollabs::ferm_restart_handler ferm::service { 'proxymanager': proto => 'tcp', diff --git a/modules/toollabs/files/ferm_restart_handler.sh b/modules/toollabs/files/ferm_restart_handler.sh new file mode 100644 index 000..9bffa6b --- /dev/null +++ b/modules/toollabs/files/ferm_restart_handler.sh @@ -0,0 +1,16 @@ +#/bin/bash + +/usr/bin/logger -t ${0} "restart firewall components post ferm management" + +# Ferm expects to handle all firewall state +# and that does not mesh well with dynamic chain management. +# We tell the k8s stack here to restart +# +# This should be no more invasive than a rescheduling +# of a POD to another worker. +# +# If we are living an nftables world when you read +# this, then this should be totally rethought. +sudo service docker restart +sudo service flannel restart +sudo service kube-proxy restart diff --git a/modules/toollabs/manifests/ferm_restart_handler.pp b/modules/toollabs/manifests/ferm_restart_handler.pp new file mode 100644 index 000..2fc3034 --- /dev/null +++ b/modules/toollabs/manifests/ferm_restart_handler.pp @@ -0,0 +1,20 @@ +# tldr; hook post ferm updates to let other interested +# parties resync their iptables state. +# See: T182722 +class toollabs::ferm_restart_handler{ + +file {'/usr/local/sbin/ferm_restart_handler': +source => 'puppet:///modules/toollabs/ferm_restart_handler.sh', +owner => 'root', +group => 'root', +mode => '0555', +} + +# http://ferm.foo-projects.org/download/2.1/ferm.html#hooks +# https://phabricator.wikimedia.org/T182722 +ferm::conf{'ferm_firewall_processing': +prio => 00, +content => '@hook post "/usr/local/sbin/ferm_restart_handler"', +subscribe => File['/usr/local/sbin/ferm_restart_handler'], +} +} diff --git a/modules/toollabs/manifests/proxy.pp b/modules/toollabs/manifests/proxy.pp index 63953dd..9befba2 100644 --- a/modules/toollabs/manifests/proxy.pp +++ b/modules/toollabs/manifests/proxy.pp @@ -9,7 +9,6 @@ include ::toollabs::infrastructure include ::redis::client::python -include ::base::firewall if $ssl_install_certificate { sslcert::certificate { $ssl_certificate_name: -- To view, visit https://gerrit.wikimedia.org/r/403072 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5c700a2c8bce6050e8cb761450d3716a6b3f33c9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: these servers should be an HA pair
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/402115 ) Change subject: openstack: these servers should be an HA pair .. openstack: these servers should be an HA pair Bug: T167559 Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd --- M manifests/site.pp 1 file changed, 1 insertion(+), 7 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/site.pp b/manifests/site.pp index acfad3b..9ddd340 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -935,7 +935,7 @@ include ::ldap::role::client::labs } -node 'labtestneutron2001.codfw.wmnet' { +node /^labtestneutron200[1-2]\.codfw.wmnet$/ { role(wmcs::openstack::labtestn::net) } @@ -955,12 +955,6 @@ node 'labtestnet2002.codfw.wmnet' { role(wmcs::openstack::labtest::net_standby) -} - -node 'labtestneutron2002.codfw.wmnet' { -# WIP -include ::standard -include ::base::firewall } node 'labtestnet2001.codfw.wmnet' { -- To view, visit https://gerrit.wikimedia.org/r/402115 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: these servers should be an HA pair
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/402115 ) Change subject: openstack: these servers should be an HA pair .. openstack: these servers should be an HA pair Bug: T167559 Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd --- M manifests/site.pp 1 file changed, 1 insertion(+), 7 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/15/402115/1 diff --git a/manifests/site.pp b/manifests/site.pp index acfad3b..ebe2582 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -935,7 +935,7 @@ include ::ldap::role::client::labs } -node 'labtestneutron2001.codfw.wmnet' { +node 'labtestneutron200[1-2].codfw.wmnet' { role(wmcs::openstack::labtestn::net) } @@ -955,12 +955,6 @@ node 'labtestnet2002.codfw.wmnet' { role(wmcs::openstack::labtest::net_standby) -} - -node 'labtestneutron2002.codfw.wmnet' { -# WIP -include ::standard -include ::base::firewall } node 'labtestnet2001.codfw.wmnet' { -- To view, visit https://gerrit.wikimedia.org/r/402115 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If4da99d4cf49e366e566de3198ce96ecdd2693fd Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: need overlay module for overlay2 for k8s
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/402068 ) Change subject: tools: need overlay module for overlay2 for k8s .. tools: need overlay module for overlay2 for k8s * This is currently effecting PAWS especially Bug: T184018 Change-Id: I34a66dae503bc560bf35ce4bec499ed2be842d5f --- M hieradata/labs/tools/common.yaml M modules/base/manifests/kernel.pp M modules/profile/manifests/base.pp 3 files changed, 20 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/68/402068/1 diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml index 3e03999..3fd5a68 100644 --- a/hieradata/labs/tools/common.yaml +++ b/hieradata/labs/tools/common.yaml @@ -1,5 +1,6 @@ profile::base::labs::unattended_wmf: 'absent' profile::base::labs::unattended_distro: 'absent' +profile::base::overlayfs: true "profile::base::core_dump_pattern": core classes: diff --git a/modules/base/manifests/kernel.pp b/modules/base/manifests/kernel.pp index bde24bb..0908703 100644 --- a/modules/base/manifests/kernel.pp +++ b/modules/base/manifests/kernel.pp @@ -3,7 +3,11 @@ # Settings related to the Linux kernel (currently only blacklisting # risky kernel modules and adding /etc/modules-load.d/ on Trusty) # -class base::kernel +# [*overlayfs*] +# bool for whether overlay module is needed + +class base::kernel( +$overlayfs, { if os_version('ubuntu == trusty') { # This directory is shipped by systemd, but trusty's upstart job for @@ -17,10 +21,17 @@ } } +if ! $overlayfs { +kmod::blacklist { 'wmf_overlay': +modules => [ +'overlayfs', +'overlay', +], +} +} + kmod::blacklist { 'wmf': modules => [ -'overlayfs', -'overlay', 'aufs', 'usbip-core', 'usbip-host', diff --git a/modules/profile/manifests/base.pp b/modules/profile/manifests/base.pp index 430a405..131e65d 100644 --- a/modules/profile/manifests/base.pp +++ b/modules/profile/manifests/base.pp @@ -21,6 +21,7 @@ $check_raid_retry = hiera('profile::base::check_raid_retry', 10), $check_smart = hiera('profile::base::check_smart', false), $puppet_major_version = hiera('puppet_major_version', undef), +$overlayfs = heira('profile::base::overlayfs', false), ) { require ::profile::base::certificates class { '::apt': @@ -87,7 +88,10 @@ allowed_hosts => $nrpe_allowed_hosts, } -class { '::base::kernel': } +class { '::base::kernel': +overlayfs => $overlayfs, +} + class { '::base::debdeploy': } if $facts['has_ipmi'] { -- To view, visit https://gerrit.wikimedia.org/r/402068 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I34a66dae503bc560bf35ce4bec499ed2be842d5f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: fix dependency order on dir and mount for instances
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401742 ) Change subject: nova: fix dependency order on dir and mount for instances .. nova: fix dependency order on dir and mount for instances Bug: T171494 Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e --- M modules/profile/manifests/openstack/base/nova/compute/service.pp 1 file changed, 14 insertions(+), 11 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp b/modules/profile/manifests/openstack/base/nova/compute/service.pp index 27fc19a..e0f2bb3 100644 --- a/modules/profile/manifests/openstack/base/nova/compute/service.pp +++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp @@ -11,10 +11,6 @@ require_package('conntrack') -if $::fqdn =~ /^labvirt100[0-9].eqiad.wmnet/ { -openstack::nova::compute::partition{ '/dev/sdb':} -} - interface::tagged { $network_flat_interface: base_interface => $network_flat_tagged_base_interface, vlan_id=> $network_flat_interface_vlan, @@ -23,18 +19,24 @@ down => 'ip link set $IFACE down', } +if $::fqdn =~ /^labvirt100[0-9].eqiad.wmnet/ { +openstack::nova::compute::partition{ '/dev/sdb': +before => File['/var/lib/nova/instances'], +} +} + +file { '/var/lib/nova/instances': +ensure => 'directory', +owner => 'nova', +group => 'nova', +} + mount { '/var/lib/nova/instances': ensure => mounted, device => $instance_dev, fstype => 'xfs', options => 'defaults', -} - -file { '/var/lib/nova/instances': -ensure => 'directory', -owner => 'nova', -group => 'nova', -require => Mount['/var/lib/nova/instances'], +require => File['/var/lib/nova/instances'], } # Increase the size of conntrack table size (default is 65536) @@ -55,6 +57,7 @@ libvirt_type => $libvirt_type, certname => $certname, ca_target=> $ca_target, +require => Mount['/var/lib/nova/instances'], } contain '::openstack::nova::compute::service' } -- To view, visit https://gerrit.wikimedia.org/r/401742 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: fix dependency order on dir and mount for instances
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/401742 ) Change subject: nova: fix dependency order on dir and mount for instances .. nova: fix dependency order on dir and mount for instances Bug: T171494 Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e --- M modules/profile/manifests/openstack/base/nova/compute/service.pp 1 file changed, 7 insertions(+), 7 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/42/401742/1 diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp b/modules/profile/manifests/openstack/base/nova/compute/service.pp index 27fc19a..116c1a2 100644 --- a/modules/profile/manifests/openstack/base/nova/compute/service.pp +++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp @@ -23,18 +23,18 @@ down => 'ip link set $IFACE down', } +file { '/var/lib/nova/instances': +ensure => 'directory', +owner => 'nova', +group => 'nova', +} + mount { '/var/lib/nova/instances': ensure => mounted, device => $instance_dev, fstype => 'xfs', options => 'defaults', -} - -file { '/var/lib/nova/instances': -ensure => 'directory', -owner => 'nova', -group => 'nova', -require => Mount['/var/lib/nova/instances'], +require => File['/var/lib/nova/instances'], } # Increase the size of conntrack table size (default is 65536) -- To view, visit https://gerrit.wikimedia.org/r/401742 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5d935a2bb6ba00a126c8db9109d29b4c3889654e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: add compute profiles for labtestn virt role
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401740 ) Change subject: nova: add compute profiles for labtestn virt role .. nova: add compute profiles for labtestn virt role Change-Id: I1970761282ce32530528a013988eb6000b01503f --- M modules/role/manifests/wmcs/openstack/labtestn/virt.pp 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp index 6832d63..81d0331 100644 --- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp +++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp @@ -2,4 +2,6 @@ system::role { $name: } include ::standard include ::profile::openstack::labtestn::cloudrepo +include ::profile::openstack::labtestn::nova::common +include ::profile::openstack::labtestn::nova::compute::service } -- To view, visit https://gerrit.wikimedia.org/r/401740 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1970761282ce32530528a013988eb6000b01503f Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Giuseppe Lavagetto Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: add comment to interval options for nfs-exportd
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401735 ) Change subject: labstore: add comment to interval options for nfs-exportd .. labstore: add comment to interval options for nfs-exportd Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886 --- M modules/labstore/files/nfs-exportd 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/labstore/files/nfs-exportd b/modules/labstore/files/nfs-exportd index 8af1ac3..7b7aac1 100755 --- a/modules/labstore/files/nfs-exportd +++ b/modules/labstore/files/nfs-exportd @@ -226,7 +226,7 @@ '--interval', type=int, default=0, -help='Set interval to rerun at', +help='Set interval to rerun at. Default is 0 which means run once.', ) argparser.add_argument( -- To view, visit https://gerrit.wikimedia.org/r/401735 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: nova: add compute profiles for labtestn virt role
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/401740 ) Change subject: nova: add compute profiles for labtestn virt role .. nova: add compute profiles for labtestn virt role Change-Id: I1970761282ce32530528a013988eb6000b01503f --- M modules/role/manifests/wmcs/openstack/labtestn/virt.pp 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/40/401740/1 diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp index 6832d63..81d0331 100644 --- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp +++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp @@ -2,4 +2,6 @@ system::role { $name: } include ::standard include ::profile::openstack::labtestn::cloudrepo +include ::profile::openstack::labtestn::nova::common +include ::profile::openstack::labtestn::nova::compute::service } -- To view, visit https://gerrit.wikimedia.org/r/401740 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1970761282ce32530528a013988eb6000b01503f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: add comment to interval options for nfs-exportd
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/401735 ) Change subject: labstore: add comment to interval options for nfs-exportd .. labstore: add comment to interval options for nfs-exportd Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886 --- M modules/labstore/files/nfs-exportd 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/35/401735/1 diff --git a/modules/labstore/files/nfs-exportd b/modules/labstore/files/nfs-exportd index 8af1ac3..7b7aac1 100755 --- a/modules/labstore/files/nfs-exportd +++ b/modules/labstore/files/nfs-exportd @@ -226,7 +226,7 @@ '--interval', type=int, default=0, -help='Set interval to rerun at', +help='Set interval to rerun at. Default is 0 which means run once.', ) argparser.add_argument( -- To view, visit https://gerrit.wikimedia.org/r/401735 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I884e4b74a1054a25295801dc6f2892f88b2c1886 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: correct yaml from 399223
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401517 ) Change subject: labstore: correct yaml from 399223 .. labstore: correct yaml from 399223 Bug: T183229 Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4 --- M modules/labstore/files/nfs-mounts.yaml 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/labstore/files/nfs-mounts.yaml b/modules/labstore/files/nfs-mounts.yaml index 8be6c44..1e86b6b 100644 --- a/modules/labstore/files/nfs-mounts.yaml +++ b/modules/labstore/files/nfs-mounts.yaml @@ -35,7 +35,7 @@ gid: 50116 mounts: project: true - wikidata-primary-sources-tool + wikidata-primary-sources-tool: gid: 53586 mounts: dumps: true -- To view, visit https://gerrit.wikimedia.org/r/401517 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: labstore: correct yaml from 399223
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/401517 ) Change subject: labstore: correct yaml from 399223 .. labstore: correct yaml from 399223 Bug: T183229 Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4 --- M modules/labstore/files/nfs-mounts.yaml 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/17/401517/1 diff --git a/modules/labstore/files/nfs-mounts.yaml b/modules/labstore/files/nfs-mounts.yaml index 8be6c44..1e86b6b 100644 --- a/modules/labstore/files/nfs-mounts.yaml +++ b/modules/labstore/files/nfs-mounts.yaml @@ -35,7 +35,7 @@ gid: 50116 mounts: project: true - wikidata-primary-sources-tool + wikidata-primary-sources-tool: gid: 53586 mounts: dumps: true -- To view, visit https://gerrit.wikimedia.org/r/401517 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I06c9bfbd2d159d85526b4f26e886e2de4c7982e4 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: dumps: add wikidata-primary-sources-tool mount
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/399223 ) Change subject: dumps: add wikidata-primary-sources-tool mount .. dumps: add wikidata-primary-sources-tool mount Bug: T183229 Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3 --- M modules/labstore/files/nfs-mounts.yaml 1 file changed, 4 insertions(+), 0 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/labstore/files/nfs-mounts.yaml b/modules/labstore/files/nfs-mounts.yaml index ef88c2b..8be6c44 100644 --- a/modules/labstore/files/nfs-mounts.yaml +++ b/modules/labstore/files/nfs-mounts.yaml @@ -35,6 +35,10 @@ gid: 50116 mounts: project: true + wikidata-primary-sources-tool +gid: 53586 +mounts: + dumps: true wikidata-query: gid: 52354 mounts: -- To view, visit https://gerrit.wikimedia.org/r/399223 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: whitelist kernel versions for compute
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/399243 ) Change subject: openstack: whitelist kernel versions for compute .. openstack: whitelist kernel versions for compute Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce --- A modules/openstack/manifests/nova/compute/audit.pp M modules/openstack/manifests/nova/compute/service.pp 2 files changed, 26 insertions(+), 17 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/nova/compute/audit.pp b/modules/openstack/manifests/nova/compute/audit.pp new file mode 100644 index 000..582a365 --- /dev/null +++ b/modules/openstack/manifests/nova/compute/audit.pp @@ -0,0 +1,17 @@ +# Whitelist candidate kernel version for compute nodes + +# 3.13 have a KSM bug and instance suspension causes complete system lockup +# see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917 +# 3.19 series kernels, instance clocks die after resuming from suspension +# Virtio has shown to be non-determinstic on certain host:client kernel +# version matchups (IO freezing) +class openstack::nova::compute::audit( +$whitelist_kernels=['4.4.0-81-generic'], +) { + +if os_version('ubuntu >= trusty') { +if ! ($::kernelrelease in $whitelist_kernels) { +fail("nova-compute is only valid for ${whitelist_kernels} and not ${::kernelrelease}") +} +} +} diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index 342c43c..3d1bbb7 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -8,23 +8,7 @@ $ca_target, ){ -# Check for buggy kernels. There are a lot of them! -if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, '3.13.0-46') < 0) { -# see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917 -fail('nova-compute not installed on buggy kernels. Old versions of 3.13 have a KSM bug. Try installing linux-image-generic-lts-xenial') -} elsif $::kernelrelease =~ /^3\.13\..*/ { -fail('nova-compute not installed on buggy kernels. On 3.13 series kernels, instance suspension causes complete system lockup. Try installing linux-image-generic-lts-xenial') -} elsif $::kernelrelease =~ /^3\.19\..*/ { -fail('nova-compute not installed on buggy kernels. On 3.19 series kernels, instance clocks die after resuming from suspension. Try installing linux-image-generic-lts-xenial') -} - -# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the netfilter code -# was split from the bridge kernel module into a separate module (br_netfilter) -if (versioncmp($::kernelversion, '3.18') >= 0) { -kmod::module { 'br_netfilter': -ensure => 'present', -} -} +require openstack::nova::compute::audit # Without qemu-system, apt will install qemu-kvm by default, # which is somewhat broken. @@ -182,6 +166,14 @@ require => Package['nova-compute'], } +# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the netfilter code +# was split from the bridge kernel module into a separate module (br_netfilter) +if (versioncmp($::kernelversion, '3.18') >= 0) { +kmod::module { 'br_netfilter': +ensure => 'present', +} +} + # By default trusty allows the creation of user namespaces by unprivileged users # (Debian defaulted to disallowing these since the feature was introduced for security reasons) # Unprivileged user namespaces are not something we need in general (and especially -- To view, visit https://gerrit.wikimedia.org/r/399243 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce Gerrit-PatchSet: 10 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Alex Monk Gerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: Muehlenhoff Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: rabbitmq: drain_queue is defined dupe
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401508 ) Change subject: rabbitmq: drain_queue is defined dupe .. rabbitmq: drain_queue is defined dupe Remove from cleanup manifest and use require Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96 --- M modules/rabbitmq/manifests/cleanup.pp 1 file changed, 2 insertions(+), 8 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/rabbitmq/manifests/cleanup.pp b/modules/rabbitmq/manifests/cleanup.pp index 616f728..ac2afa0 100644 --- a/modules/rabbitmq/manifests/cleanup.pp +++ b/modules/rabbitmq/manifests/cleanup.pp @@ -6,19 +6,13 @@ $enabled=false, ) { +require rabbitmq + if ($enabled) { $ensure = 'present' } else { $ensure = 'absent' -} - -file { '/usr/local/sbin/drain_queue': -ensure => 'present', -owner => 'root', -group => 'root', -mode => '0655', -source => 'puppet:///modules/rabbitmq/drain_queue', } # These logfiles will be rotated by an already-existing wildcard logrotate rule for rabbit -- To view, visit https://gerrit.wikimedia.org/r/401508 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: rabbitmq: drain_queue is defined dupe
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/401508 ) Change subject: rabbitmq: drain_queue is defined dupe .. rabbitmq: drain_queue is defined dupe Remove from cleanup manifest and use require Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96 --- M modules/rabbitmq/manifests/cleanup.pp 1 file changed, 2 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/08/401508/1 diff --git a/modules/rabbitmq/manifests/cleanup.pp b/modules/rabbitmq/manifests/cleanup.pp index 616f728..ac2afa0 100644 --- a/modules/rabbitmq/manifests/cleanup.pp +++ b/modules/rabbitmq/manifests/cleanup.pp @@ -6,19 +6,13 @@ $enabled=false, ) { +require rabbitmq + if ($enabled) { $ensure = 'present' } else { $ensure = 'absent' -} - -file { '/usr/local/sbin/drain_queue': -ensure => 'present', -owner => 'root', -group => 'root', -mode => '0655', -source => 'puppet:///modules/rabbitmq/drain_queue', } # These logfiles will be rotated by an already-existing wildcard logrotate rule for rabbit -- To view, visit https://gerrit.wikimedia.org/r/401508 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I10cd7a4836b7844aaf37e3e01ec0b6c94f2fce96 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: only run rabbitmq cleanup on active control node
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398900 ) Change subject: openstack: only run rabbitmq cleanup on active control node .. openstack: only run rabbitmq cleanup on active control node Bug: T183144 Change-Id: I861913e384d7c9677d3346a77267f2526795111b --- M modules/profile/manifests/openstack/base/rabbitmq.pp A modules/rabbitmq/manifests/cleanup.pp M modules/rabbitmq/manifests/init.pp 3 files changed, 41 insertions(+), 14 deletions(-) Approvals: Andrew Bogott: Looks good to me, but someone else must approve Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index ecb48ed..efd0127 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -15,6 +15,11 @@ } contain '::rabbitmq' +class {'::rabbitmq::cleanup': +enabled => $::fqdn == $nova_controller, +} +contain '::rabbitmq::cleanup' + class { '::rabbitmq::monitor': rabbit_monitor_username => $monitor_user, rabbit_monitor_password => $monitor_password, @@ -41,14 +46,5 @@ ferm::rule{'beam_nova': ensure => 'present', rule => "saddr ${labs_hosts_range} proto tcp dport (5672 56918) ACCEPT;", -} - -# These logfiles will be rotated by an already-existing wildcard logrotate rule for rabbit -cron { -'drain and log rabbit notifications.error queue': -ensure => 'present', -user=> 'root', -minute => '35', -command => '/usr/local/sbin/drain_queue notifications.error >> /var/log/rabbitmq/notifications_error.log 2>&1', } } diff --git a/modules/rabbitmq/manifests/cleanup.pp b/modules/rabbitmq/manifests/cleanup.pp new file mode 100644 index 000..616f728 --- /dev/null +++ b/modules/rabbitmq/manifests/cleanup.pp @@ -0,0 +1,31 @@ +# Rabbit does a poor job of cleaning up queues +# that are not being consumed and this becomes costly +# over time. + +class rabbitmq::cleanup( +$enabled=false, +) { + +if ($enabled) { +$ensure = 'present' +} +else { +$ensure = 'absent' +} + +file { '/usr/local/sbin/drain_queue': +ensure => 'present', +owner => 'root', +group => 'root', +mode => '0655', +source => 'puppet:///modules/rabbitmq/drain_queue', +} + +# These logfiles will be rotated by an already-existing wildcard logrotate rule for rabbit +cron { 'drain and log rabbit notifications.error queue': +ensure => $ensure, +user=> 'root', +minute => '35', +command => '/usr/local/sbin/drain_queue notifications.error >> /var/log/rabbitmq/notifications_error.log 2>&1', +} +} diff --git a/modules/rabbitmq/manifests/init.pp b/modules/rabbitmq/manifests/init.pp index f102954..3e905ff 100644 --- a/modules/rabbitmq/manifests/init.pp +++ b/modules/rabbitmq/manifests/init.pp @@ -53,11 +53,6 @@ require => Package['rabbitmq-server'], } -service { 'rabbitmq-server': -ensure => $running, -require => Package['rabbitmq-server'], -} - file { '/usr/local/sbin/drain_queue': ensure => 'present', owner => 'root', @@ -65,4 +60,9 @@ mode => '0655', source => 'puppet:///modules/rabbitmq/drain_queue', } + +service { 'rabbitmq-server': +ensure => $running, +require => Package['rabbitmq-server'], +} } -- To view, visit https://gerrit.wikimedia.org/r/398900 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I861913e384d7c9677d3346a77267f2526795111b Gerrit-PatchSet: 5 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: BryanDavis Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: whitelist kernel versions for compute
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/399243 ) Change subject: openstack: whitelist kernel versions for compute .. openstack: whitelist kernel versions for compute Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce --- A modules/openstack/manifests/nova/compute/audit.pp M modules/openstack/manifests/nova/compute/service.pp 2 files changed, 19 insertions(+), 17 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/43/399243/1 diff --git a/modules/openstack/manifests/nova/compute/audit.pp b/modules/openstack/manifests/nova/compute/audit.pp new file mode 100644 index 000..dc3251c --- /dev/null +++ b/modules/openstack/manifests/nova/compute/audit.pp @@ -0,0 +1,18 @@ +class openstack::nova::compute::audit( +$kernel_releases, +){ + +if os_version('ubuntu >= trusty') { +if ! ($::kernelrelease in $kernel_releases) { +fail("nova-compute is only valid for ${kernel_releases} and not ${::kernelrelease}" +} +} + +# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the netfilter code +# was split from the bridge kernel module into a separate module (br_netfilter) +if (versioncmp($::kernelversion, '3.18') >= 0) { +kmod::module { 'br_netfilter': +ensure => 'present', +} +} +} diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index 342c43c..2caae78 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -8,23 +8,7 @@ $ca_target, ){ -# Check for buggy kernels. There are a lot of them! -if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, '3.13.0-46') < 0) { -# see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917 -fail('nova-compute not installed on buggy kernels. Old versions of 3.13 have a KSM bug. Try installing linux-image-generic-lts-xenial') -} elsif $::kernelrelease =~ /^3\.13\..*/ { -fail('nova-compute not installed on buggy kernels. On 3.13 series kernels, instance suspension causes complete system lockup. Try installing linux-image-generic-lts-xenial') -} elsif $::kernelrelease =~ /^3\.19\..*/ { -fail('nova-compute not installed on buggy kernels. On 3.19 series kernels, instance clocks die after resuming from suspension. Try installing linux-image-generic-lts-xenial') -} - -# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the netfilter code -# was split from the bridge kernel module into a separate module (br_netfilter) -if (versioncmp($::kernelversion, '3.18') >= 0) { -kmod::module { 'br_netfilter': -ensure => 'present', -} -} +require openstack::nova::compute::audit # Without qemu-system, apt will install qemu-kvm by default, # which is somewhat broken. -- To view, visit https://gerrit.wikimedia.org/r/399243 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5786fa30f1da70da270b134c560ccaccd4a7c8ce Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: dumps: add wikidata-primary-sources-tool mount
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/399223 ) Change subject: dumps: add wikidata-primary-sources-tool mount .. dumps: add wikidata-primary-sources-tool mount Bug: T183229 Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3 --- M modules/labstore/files/nfs-mounts.yaml 1 file changed, 4 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/23/399223/1 diff --git a/modules/labstore/files/nfs-mounts.yaml b/modules/labstore/files/nfs-mounts.yaml index ef88c2b..8be6c44 100644 --- a/modules/labstore/files/nfs-mounts.yaml +++ b/modules/labstore/files/nfs-mounts.yaml @@ -35,6 +35,10 @@ gid: 50116 mounts: project: true + wikidata-primary-sources-tool +gid: 53586 +mounts: + dumps: true wikidata-query: gid: 52354 mounts: -- To view, visit https://gerrit.wikimedia.org/r/399223 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id5858cfbec3d55610ef6e8249f425d86c1b615a3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labvirt role shuffle
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/399183 ) Change subject: openstack: labvirt role shuffle .. openstack: labvirt role shuffle Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d --- M manifests/site.pp M modules/role/manifests/wmcs/openstack/labtest/virt.pp M modules/role/manifests/wmcs/openstack/labtestn/virt.pp 3 files changed, 7 insertions(+), 4 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/site.pp b/manifests/site.pp index ce067d3..897722f 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -938,9 +938,12 @@ role(wmcs::openstack::labtestn::net) } -node /^labtestvirt200[1-3]\.codfw\.wmnet$/ { +node /^labtestvirt200[1-2]\.codfw\.wmnet$/ { role(wmcs::openstack::labtest::virt) -include ::standard +} + +node /^labtestvirt2003\.codfw\.wmnet$/ { +role(wmcs::openstack::labtestn::virt) } node 'labtestmetal2001.codfw.wmnet' { diff --git a/modules/role/manifests/wmcs/openstack/labtest/virt.pp b/modules/role/manifests/wmcs/openstack/labtest/virt.pp index f85e6bd..464aff7 100644 --- a/modules/role/manifests/wmcs/openstack/labtest/virt.pp +++ b/modules/role/manifests/wmcs/openstack/labtest/virt.pp @@ -1,5 +1,6 @@ class role::wmcs::openstack::labtest::virt { system::role { $name: } +include ::standard include ::profile::openstack::labtest::cloudrepo include ::profile::openstack::labtest::nova::common include ::profile::openstack::labtest::nova::compute::service diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp index 5c59e23..6832d63 100644 --- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp +++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp @@ -1,6 +1,5 @@ class role::wmcs::openstack::labtestn::virt { system::role { $name: } +include ::standard include ::profile::openstack::labtestn::cloudrepo -include ::profile::openstack::labtestn::nova::common -include ::profile::openstack::labtestn::nova::compute::service } -- To view, visit https://gerrit.wikimedia.org/r/399183 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Giuseppe Lavagetto Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labvirt role shuffle
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/399183 ) Change subject: openstack: labvirt role shuffle .. openstack: labvirt role shuffle Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d --- M manifests/site.pp M modules/role/manifests/wmcs/openstack/labtest/virt.pp M modules/role/manifests/wmcs/openstack/labtestn/virt.pp 3 files changed, 7 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/83/399183/1 diff --git a/manifests/site.pp b/manifests/site.pp index e90e837..f846172 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1004,9 +1004,12 @@ role(wmcs::openstack::labtestn::net) } -node /^labtestvirt200[1-3]\.codfw\.wmnet$/ { +node /^labtestvirt200[1-2]\.codfw\.wmnet$/ { role(wmcs::openstack::labtest::virt) -include ::standard +} + +node /^labtestvirt2003\.codfw\.wmnet$/ { +role(wmcs::openstack::labtestn::virt) } node 'labtestmetal2001.codfw.wmnet' { diff --git a/modules/role/manifests/wmcs/openstack/labtest/virt.pp b/modules/role/manifests/wmcs/openstack/labtest/virt.pp index f85e6bd..464aff7 100644 --- a/modules/role/manifests/wmcs/openstack/labtest/virt.pp +++ b/modules/role/manifests/wmcs/openstack/labtest/virt.pp @@ -1,5 +1,6 @@ class role::wmcs::openstack::labtest::virt { system::role { $name: } +include ::standard include ::profile::openstack::labtest::cloudrepo include ::profile::openstack::labtest::nova::common include ::profile::openstack::labtest::nova::compute::service diff --git a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp index 5c59e23..81d0331 100644 --- a/modules/role/manifests/wmcs/openstack/labtestn/virt.pp +++ b/modules/role/manifests/wmcs/openstack/labtestn/virt.pp @@ -1,5 +1,6 @@ class role::wmcs::openstack::labtestn::virt { system::role { $name: } +include ::standard include ::profile::openstack::labtestn::cloudrepo include ::profile::openstack::labtestn::nova::common include ::profile::openstack::labtestn::nova::compute::service -- To view, visit https://gerrit.wikimedia.org/r/399183 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I068a32cf3cb49a3051baa956354b05fcefa3aa6d Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: only run rabbitmq cleanup on active control node
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398900 ) Change subject: openstack: only run rabbitmq cleanup on active control node .. openstack: only run rabbitmq cleanup on active control node Bug: T183144 Change-Id: I861913e384d7c9677d3346a77267f2526795111b --- M modules/profile/manifests/openstack/base/rabbitmq.pp A modules/rabbitmq/manifests/cleanup.pp M modules/rabbitmq/manifests/init.pp 3 files changed, 42 insertions(+), 14 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/00/398900/1 diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index ecb48ed..f7e1360 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -15,6 +15,11 @@ } contain '::rabbitmq' +class {'::rabbitmq::cleanup': + enabled => $::fqdn == $nova_controller, +} +contain '::rabbitmq::cleanup' + class { '::rabbitmq::monitor': rabbit_monitor_username => $monitor_user, rabbit_monitor_password => $monitor_password, @@ -41,14 +46,5 @@ ferm::rule{'beam_nova': ensure => 'present', rule => "saddr ${labs_hosts_range} proto tcp dport (5672 56918) ACCEPT;", -} - -# These logfiles will be rotated by an already-existing wildcard logrotate rule for rabbit -cron { -'drain and log rabbit notifications.error queue': -ensure => 'present', -user=> 'root', -minute => '35', -command => '/usr/local/sbin/drain_queue notifications.error >> /var/log/rabbitmq/notifications_error.log 2>&1', } } diff --git a/modules/rabbitmq/manifests/cleanup.pp b/modules/rabbitmq/manifests/cleanup.pp new file mode 100644 index 000..227cb7c --- /dev/null +++ b/modules/rabbitmq/manifests/cleanup.pp @@ -0,0 +1,32 @@ +# Rabbit does a poor job of cleaning up queues +# that are not being consumed and this becomes costly +# over time. + +class rabbitmq::cleanup( +$enabled=false, +) { + +if ($enabled) { +$ensure = 'present' +} +else { +$ensure = 'absent' +} + +file { '/usr/local/sbin/drain_queue': +ensure => 'present', +owner => 'root', +group => 'root', +mode => '0655', +source => 'puppet:///modules/rabbitmq/drain_queue', +} + +# These logfiles will be rotated by an already-existing wildcard logrotate rule for rabbit +cron { +'drain and log rabbit notifications.error queue': +ensure => $ensure, +user=> 'root', +minute => '35', +command => '/usr/local/sbin/drain_queue notifications.error >> /var/log/rabbitmq/notifications_error.l$ +} +} diff --git a/modules/rabbitmq/manifests/init.pp b/modules/rabbitmq/manifests/init.pp index f102954..3e905ff 100644 --- a/modules/rabbitmq/manifests/init.pp +++ b/modules/rabbitmq/manifests/init.pp @@ -53,11 +53,6 @@ require => Package['rabbitmq-server'], } -service { 'rabbitmq-server': -ensure => $running, -require => Package['rabbitmq-server'], -} - file { '/usr/local/sbin/drain_queue': ensure => 'present', owner => 'root', @@ -65,4 +60,9 @@ mode => '0655', source => 'puppet:///modules/rabbitmq/drain_queue', } + +service { 'rabbitmq-server': +ensure => $running, +require => Package['rabbitmq-server'], +} } -- To view, visit https://gerrit.wikimedia.org/r/398900 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I861913e384d7c9677d3346a77267f2526795111b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: set monitor_password as var for rabbit base
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398483 ) Change subject: openstack: set monitor_password as var for rabbit base .. openstack: set monitor_password as var for rabbit base Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4 --- M modules/profile/manifests/openstack/base/rabbitmq.pp 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index d87f6a9..ecb48ed 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -24,7 +24,7 @@ class { '::profile::prometheus::rabbitmq_exporter': prometheus_nodes=> $monitoring_host, rabbit_monitor_username => $monitor_user, -rabbit_monitor_password => monitor_password, +rabbit_monitor_password => $monitor_password, } contain '::profile::prometheus::rabbitmq_exporter' -- To view, visit https://gerrit.wikimedia.org/r/398483 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: set monitor_password as var for rabbit base
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398483 ) Change subject: openstack: set monitor_password as var for rabbit base .. openstack: set monitor_password as var for rabbit base Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4 --- M modules/profile/manifests/openstack/base/rabbitmq.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/83/398483/1 diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index d87f6a9..ecb48ed 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -24,7 +24,7 @@ class { '::profile::prometheus::rabbitmq_exporter': prometheus_nodes=> $monitoring_host, rabbit_monitor_username => $monitor_user, -rabbit_monitor_password => monitor_password, +rabbit_monitor_password => $monitor_password, } contain '::profile::prometheus::rabbitmq_exporter' -- To view, visit https://gerrit.wikimedia.org/r/398483 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I808cabb3aa0d6affbaa6a12fb204a408fa5055f4 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: prometheus: rabbitmq use @ for vars in templete fulfillment
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398482 ) Change subject: prometheus: rabbitmq use @ for vars in templete fulfillment .. prometheus: rabbitmq use @ for vars in templete fulfillment Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913 --- M modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb index b03ff52..4316550 100644 --- a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb +++ b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb @@ -1,4 +1,4 @@ --- -server: <%= $rabbit_host %> -username: <%= $rabbit_monitor_username %> -password: <%= $rabbit_monitor_password %> +server: <%= @rabbit_host %> +username: <%= @rabbit_monitor_username %> +password: <%= @rabbit_monitor_password %> -- To view, visit https://gerrit.wikimedia.org/r/398482 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: prometheus: rabbitmq use @ for vars in templete fulfillment
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398482 ) Change subject: prometheus: rabbitmq use @ for vars in templete fulfillment .. prometheus: rabbitmq use @ for vars in templete fulfillment Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913 --- M modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb 1 file changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/82/398482/1 diff --git a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb index b03ff52..4316550 100644 --- a/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb +++ b/modules/profile/templates/prometheus/rabbitmq-exporter.conf.erb @@ -1,4 +1,4 @@ --- -server: <%= $rabbit_host %> -username: <%= $rabbit_monitor_username %> -password: <%= $rabbit_monitor_password %> +server: <%= @rabbit_host %> +username: <%= @rabbit_monitor_username %> +password: <%= @rabbit_monitor_password %> -- To view, visit https://gerrit.wikimedia.org/r/398482 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5a781456d61865bd76d5b6bc5d39988052129913 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: type for rabbitmq base
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398479 ) Change subject: openstack: type for rabbitmq base .. openstack: type for rabbitmq base This is round 2 so hopefully that is it. Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3 --- M modules/profile/manifests/openstack/base/rabbitmq.pp 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index b046a5a..d87f6a9 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -22,9 +22,9 @@ contain '::rabbitmq::monitor' class { '::profile::prometheus::rabbitmq_exporter': -prometheus_nodes => $monitoring_host, -monitor_user => $monitor_user, -monitor_password => $monitor_password, +prometheus_nodes=> $monitoring_host, +rabbit_monitor_username => $monitor_user, +rabbit_monitor_password => monitor_password, } contain '::profile::prometheus::rabbitmq_exporter' -- To view, visit https://gerrit.wikimedia.org/r/398479 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: type for rabbitmq base
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398479 ) Change subject: openstack: type for rabbitmq base .. openstack: type for rabbitmq base This is round 2 so hopefully that is it. Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3 --- M modules/profile/manifests/openstack/base/rabbitmq.pp 1 file changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/79/398479/1 diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index b046a5a..d87f6a9 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -22,9 +22,9 @@ contain '::rabbitmq::monitor' class { '::profile::prometheus::rabbitmq_exporter': -prometheus_nodes => $monitoring_host, -monitor_user => $monitor_user, -monitor_password => $monitor_password, +prometheus_nodes=> $monitoring_host, +rabbit_monitor_username => $monitor_user, +rabbit_monitor_password => monitor_password, } contain '::profile::prometheus::rabbitmq_exporter' -- To view, visit https://gerrit.wikimedia.org/r/398479 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I662b3ef9ce5eb73bf19662ee714343403b3b4ae3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: profile/manifests/openstack/base/rabbitmq typo
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398478 ) Change subject: openstack: profile/manifests/openstack/base/rabbitmq typo .. openstack: profile/manifests/openstack/base/rabbitmq typo Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda --- M modules/profile/manifests/openstack/base/rabbitmq.pp 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index a93f882..b046a5a 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -22,7 +22,7 @@ contain '::rabbitmq::monitor' class { '::profile::prometheus::rabbitmq_exporter': -prometheusnodes => $monitoring_host, +prometheus_nodes => $monitoring_host, monitor_user => $monitor_user, monitor_password => $monitor_password, } -- To view, visit https://gerrit.wikimedia.org/r/398478 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: profile/manifests/openstack/base/rabbitmq typo
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398478 ) Change subject: openstack: profile/manifests/openstack/base/rabbitmq typo .. openstack: profile/manifests/openstack/base/rabbitmq typo Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda --- M modules/profile/manifests/openstack/base/rabbitmq.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/78/398478/1 diff --git a/modules/profile/manifests/openstack/base/rabbitmq.pp b/modules/profile/manifests/openstack/base/rabbitmq.pp index a93f882..b046a5a 100644 --- a/modules/profile/manifests/openstack/base/rabbitmq.pp +++ b/modules/profile/manifests/openstack/base/rabbitmq.pp @@ -22,7 +22,7 @@ contain '::rabbitmq::monitor' class { '::profile::prometheus::rabbitmq_exporter': -prometheusnodes => $monitoring_host, +prometheus_nodes => $monitoring_host, monitor_user => $monitor_user, monitor_password => $monitor_password, } -- To view, visit https://gerrit.wikimedia.org/r/398478 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7207f63c3c0cfa8901a29a6e39ea8b3296c0ccda Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: rush: add a helper script for localrun
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398470 ) Change subject: rush: add a helper script for localrun .. rush: add a helper script for localrun Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67 --- A modules/admin/files/home/rush/bin/plocal.sh 1 file changed, 11 insertions(+), 0 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/admin/files/home/rush/bin/plocal.sh b/modules/admin/files/home/rush/bin/plocal.sh new file mode 100644 index 000..8746d0f --- /dev/null +++ b/modules/admin/files/home/rush/bin/plocal.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# shim to get started using utils/localrun +sudo puppet agent --test +cd /root +git clone https://gerrit.wikimedia.org/r/operations/puppet +cd /srv +git clone https://gerrit.wikimedia.org/r/labs/private +cd /root +ln -s /root/puppet/hieradata/ /etc/puppet/hieradata +ln -s /srv/private /etc/puppet/private +alias run='cd /root/puppet/utils/ && ./localrun' -- To view, visit https://gerrit.wikimedia.org/r/398470 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: rush: add a helper script for localrun
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398470 ) Change subject: rush: add a helper script for localrun .. rush: add a helper script for localrun Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67 --- A modules/admin/files/home/rush/bin/plocal.sh 1 file changed, 11 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/70/398470/1 diff --git a/modules/admin/files/home/rush/bin/plocal.sh b/modules/admin/files/home/rush/bin/plocal.sh new file mode 100644 index 000..8746d0f --- /dev/null +++ b/modules/admin/files/home/rush/bin/plocal.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# shim to get started using utils/localrun +sudo puppet agent --test +cd /root +git clone https://gerrit.wikimedia.org/r/operations/puppet +cd /srv +git clone https://gerrit.wikimedia.org/r/labs/private +cd /root +ln -s /root/puppet/hieradata/ /etc/puppet/hieradata +ln -s /srv/private /etc/puppet/private +alias run='cd /root/puppet/utils/ && ./localrun' -- To view, visit https://gerrit.wikimedia.org/r/398470 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I75e4f6df8db9333b8e036890f0bd63966c661c67 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: remove duplicate definition in compute/service
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398463 ) Change subject: openstack: remove duplicate definition in compute/service .. openstack: remove duplicate definition in compute/service This build on 398312 Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136 --- M modules/openstack/manifests/nova/compute/service.pp 1 file changed, 0 insertions(+), 14 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index e163a83..342c43c 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -60,20 +60,6 @@ require => Exec['set_shell_for_nova'], } - -# nova-compute adds the user with /bin/false -# but resize, live migration, etc -# need the nova use to have a real shell, as it uses ssh. -user { 'nova': -ensure => 'present', -shell => '/bin/bash', -require => Package['nova-compute'], -} - -ssh::userkey { 'nova': -content => secret('ssh/nova/nova.pub'), -} - # qemu-kvm and qemu-system are alternative packages to meet the needs of # libvirt. # Lately, Precise has been installing qemu-kvm by default. That's -- To view, visit https://gerrit.wikimedia.org/r/398463 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: remove duplicate definition in compute/service
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398463 ) Change subject: openstack: remove duplicate definition in compute/service .. openstack: remove duplicate definition in compute/service This build on 398312 Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136 --- M modules/openstack/manifests/nova/compute/service.pp 1 file changed, 0 insertions(+), 14 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/63/398463/1 diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index e163a83..342c43c 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -60,20 +60,6 @@ require => Exec['set_shell_for_nova'], } - -# nova-compute adds the user with /bin/false -# but resize, live migration, etc -# need the nova use to have a real shell, as it uses ssh. -user { 'nova': -ensure => 'present', -shell => '/bin/bash', -require => Package['nova-compute'], -} - -ssh::userkey { 'nova': -content => secret('ssh/nova/nova.pub'), -} - # qemu-kvm and qemu-system are alternative packages to meet the needs of # libvirt. # Lately, Precise has been installing qemu-kvm by default. That's -- To view, visit https://gerrit.wikimedia.org/r/398463 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I77a5ca1189412cff2b4e00bb82bb490b7813b136 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova/compute/server.pp manage nova shell
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398312 ) Change subject: openstack: nova/compute/server.pp manage nova shell .. openstack: nova/compute/server.pp manage nova shell nova-common installs the nova user and several places throughout the code set sane nova ownership permissions so using a native User resources becomes complicated without moving it higher up in the process and having logic to pick a shell for the user post nova-common. Instead set the shell using usermod in the only place we want it it not to be /bin/false. Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6 --- M modules/openstack/manifests/nova/compute/service.pp 1 file changed, 18 insertions(+), 1 deletion(-) Approvals: Andrew Bogott: Looks good to me, but someone else must approve Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index 9829b07..e163a83 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -44,6 +44,23 @@ require => Package['qemu-system'], } +# use exec to set the shell to not shadow the manage +# the user for the package which causes Puppet +# to see the user as a dependency anywhere the +# nova user is used to ensure good permission +exec {'set_shell_for_nova': +command => '/usr/sbin/usermod -c "shell set for online operations" -s /bin/bash nova', +unless=> '/bin/grep "nova:" /etc/passwd | /bin/grep ":\/bin\/bash"', +logoutput => true, +require => Package['nova-compute'], +} + +ssh::userkey { 'nova': +content => secret('ssh/nova/nova.pub'), +require => Exec['set_shell_for_nova'], +} + + # nova-compute adds the user with /bin/false # but resize, live migration, etc # need the nova use to have a real shell, as it uses ssh. @@ -112,7 +129,7 @@ owner => 'nova', group => 'nova', mode=> '0700', -require => User['nova'], +require => Package['nova-compute'], } file { '/var/lib/nova/.ssh/id_rsa': -- To view, visit https://gerrit.wikimedia.org/r/398312 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6 Gerrit-PatchSet: 6 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Alex Monk Gerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova/compute/server.pp manage nova shell
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398312 ) Change subject: openstack: nova/compute/server.pp manage nova shell .. openstack: nova/compute/server.pp manage nova shell nova-common installs the nova user and several places throughout the code set sane nova ownership permissions so using a native User resources becomes complicated without moving it higher up in the process and having logic to pick a shell for the user post nova-common. Instead set the shell using usermod in the only place we want it it not to be /bin/false. Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6 --- M modules/openstack/manifests/nova/compute/service.pp 1 file changed, 18 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/12/398312/1 diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index 9829b07..89ca132 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -44,6 +44,23 @@ require => Package['qemu-system'], } +# use exec to set the shell to not shadow the manage +# the user for the package which causes Puppet +# to see the user as a dependency anywhere the +# nova user is used to ensure good permission +exec {'set_shell_for_nova': +command => '/usr/sbin/usermod -c "shell set for online operations" -s /bin/bash nova', +unless => '/bin/grep "nova:" /etc/passwd | /bin/grep ":\/bin\/bash"', +logoutput => true, +require => Package['nova-compute'], +} + +ssh::userkey { 'nova': +content => secret('ssh/nova/nova.pub'), +require => Exec['set_shell_for_nova'], +} + + # nova-compute adds the user with /bin/false # but resize, live migration, etc # need the nova use to have a real shell, as it uses ssh. @@ -112,7 +129,7 @@ owner => 'nova', group => 'nova', mode=> '0700', -require => User['nova'], +require => Package['nova-compute'], } file { '/var/lib/nova/.ssh/id_rsa': -- To view, visit https://gerrit.wikimedia.org/r/398312 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova::common dependency handled higher up
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398266 ) Change subject: openstack: nova::common dependency handled higher up .. openstack: nova::common dependency handled higher up Historically the openstack module was a mishmash of dependency handling and we are now consolidating on using the profile layer to order things appropriately. There is no actual need to have openstack::nova::common as a dependency of (for ex) openstack::nova::compute::service as apt handles pulling in nova-common and related dependencies in the case of a vanilla deployment of nova::compute::service and in our deployment scenarios it is either duplicated logic or conflicting. see: apt-cache rdepends nova-common for instance on any compute/control/net node. Bug: T171494 Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08 --- M modules/openstack/manifests/nova/api/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/conductor/service.pp M modules/openstack/manifests/nova/scheduler/service.pp M modules/openstack/manifests/nova/spiceproxy/service.pp 5 files changed, 0 insertions(+), 8 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/nova/api/service.pp b/modules/openstack/manifests/nova/api/service.pp index 8011e9b..f144a13 100644 --- a/modules/openstack/manifests/nova/api/service.pp +++ b/modules/openstack/manifests/nova/api/service.pp @@ -4,8 +4,6 @@ $active, ) { -require openstack::nova::common - package { 'nova-api': ensure => 'present', } diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index 15f5f07..9829b07 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -8,8 +8,6 @@ $ca_target, ){ -include openstack::nova::common - # Check for buggy kernels. There are a lot of them! if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, '3.13.0-46') < 0) { # see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917 diff --git a/modules/openstack/manifests/nova/conductor/service.pp b/modules/openstack/manifests/nova/conductor/service.pp index c5f9d62..abe768f 100644 --- a/modules/openstack/manifests/nova/conductor/service.pp +++ b/modules/openstack/manifests/nova/conductor/service.pp @@ -7,8 +7,6 @@ $active, ) { -require openstack::nova::common - package { 'nova-conductor': ensure => 'present', } diff --git a/modules/openstack/manifests/nova/scheduler/service.pp b/modules/openstack/manifests/nova/scheduler/service.pp index 285406a..eea04a3 100644 --- a/modules/openstack/manifests/nova/scheduler/service.pp +++ b/modules/openstack/manifests/nova/scheduler/service.pp @@ -5,7 +5,6 @@ $version, ){ -require openstack::nova::common package { 'nova-scheduler': ensure => 'present', } diff --git a/modules/openstack/manifests/nova/spiceproxy/service.pp b/modules/openstack/manifests/nova/spiceproxy/service.pp index df359a0..90889db 100644 --- a/modules/openstack/manifests/nova/spiceproxy/service.pp +++ b/modules/openstack/manifests/nova/spiceproxy/service.pp @@ -7,7 +7,6 @@ $version, ){ -require openstack::nova::common package { ['nova-spiceproxy', 'nova-consoleauth', 'spice-html5', 'websockify']: ensure => 'present', } -- To view, visit https://gerrit.wikimedia.org/r/398266 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Alex Monk Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova::common dependency handled higher up
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398266 ) Change subject: openstack: nova::common dependency handled higher up .. openstack: nova::common dependency handled higher up Historically the openstack module was a mishmash of dependency handling and we are now consolidating on using the profile layer to order things appropriately. There is no actual need to have openstack::nova::common as a dependency of (for ex) openstack::nova::compute::service as apt handles pulling in nova-common and related dependencies in the case of a vanilla deployment of nova::compute::service and in our deployment scenarios it is either duplicated logic or conflicting. see: apt-cache rdepends nova-common for instance on any compute/control/net node. Bug: T171494 Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08 --- M modules/openstack/manifests/nova/api/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/conductor/service.pp M modules/openstack/manifests/nova/scheduler/service.pp M modules/openstack/manifests/nova/spiceproxy/service.pp 5 files changed, 0 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/66/398266/1 diff --git a/modules/openstack/manifests/nova/api/service.pp b/modules/openstack/manifests/nova/api/service.pp index 8011e9b..f144a13 100644 --- a/modules/openstack/manifests/nova/api/service.pp +++ b/modules/openstack/manifests/nova/api/service.pp @@ -4,8 +4,6 @@ $active, ) { -require openstack::nova::common - package { 'nova-api': ensure => 'present', } diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index 15f5f07..9829b07 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -8,8 +8,6 @@ $ca_target, ){ -include openstack::nova::common - # Check for buggy kernels. There are a lot of them! if os_version('ubuntu >= trusty') and (versioncmp($::kernelrelease, '3.13.0-46') < 0) { # see: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1346917 diff --git a/modules/openstack/manifests/nova/conductor/service.pp b/modules/openstack/manifests/nova/conductor/service.pp index c5f9d62..abe768f 100644 --- a/modules/openstack/manifests/nova/conductor/service.pp +++ b/modules/openstack/manifests/nova/conductor/service.pp @@ -7,8 +7,6 @@ $active, ) { -require openstack::nova::common - package { 'nova-conductor': ensure => 'present', } diff --git a/modules/openstack/manifests/nova/scheduler/service.pp b/modules/openstack/manifests/nova/scheduler/service.pp index 285406a..eea04a3 100644 --- a/modules/openstack/manifests/nova/scheduler/service.pp +++ b/modules/openstack/manifests/nova/scheduler/service.pp @@ -5,7 +5,6 @@ $version, ){ -require openstack::nova::common package { 'nova-scheduler': ensure => 'present', } diff --git a/modules/openstack/manifests/nova/spiceproxy/service.pp b/modules/openstack/manifests/nova/spiceproxy/service.pp index df359a0..90889db 100644 --- a/modules/openstack/manifests/nova/spiceproxy/service.pp +++ b/modules/openstack/manifests/nova/spiceproxy/service.pp @@ -7,7 +7,6 @@ $version, ){ -require openstack::nova::common package { ['nova-spiceproxy', 'nova-consoleauth', 'spice-html5', 'websockify']: ensure => 'present', } -- To view, visit https://gerrit.wikimedia.org/r/398266 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6064bf105ded8fc63b875ef210e1ce10c99b9d08 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Revert "cloud: setup for attended upgrade process""
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398259 ) Change subject: Revert "Revert "cloud: setup for attended upgrade process"" .. Revert "Revert "cloud: setup for attended upgrade process"" This reverts commit ea71c8fe2f97359599a6f87c04c2d000e05c474a. There was a mistake in the variable names. Change-Id: Ibccc1e3050412d9ac9bddbd14069a118c7808256 Signed-off-by: Arturo Borrero Gonzalez--- M hieradata/labs.yaml A hieradata/labs/project-proxy/common.yaml M hieradata/labs/tools/common.yaml M modules/apt/manifests/unattendedupgrades.pp M modules/profile/manifests/base/labs.pp 5 files changed, 50 insertions(+), 7 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index aa078d5..bf7c323 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -17,6 +17,8 @@ recursor: 'labs-recursor0.wikimedia.org' recursor_secondary: 'labs-recursor1.wikimedia.org' +profile::base::labs::unattended_wmf: 'present' +profile::base::labs::unattended_distro: 'present' profile::openstack::main::version: 'liberty' profile::openstack::base::region: "%{::site}" profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org' diff --git a/hieradata/labs/project-proxy/common.yaml b/hieradata/labs/project-proxy/common.yaml new file mode 100644 index 000..9a76d8a --- /dev/null +++ b/hieradata/labs/project-proxy/common.yaml @@ -0,0 +1,2 @@ +profile::base::labs::unattended_wmf: 'absent' +profile::base::labs::unattended_distro: 'absent' diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml index c62e87a..3e03999 100644 --- a/hieradata/labs/tools/common.yaml +++ b/hieradata/labs/tools/common.yaml @@ -1,3 +1,6 @@ +profile::base::labs::unattended_wmf: 'absent' +profile::base::labs::unattended_distro: 'absent' + "profile::base::core_dump_pattern": core classes: - role::aptly::client diff --git a/modules/apt/manifests/unattendedupgrades.pp b/modules/apt/manifests/unattendedupgrades.pp index c02745c..414afcc 100644 --- a/modules/apt/manifests/unattendedupgrades.pp +++ b/modules/apt/manifests/unattendedupgrades.pp @@ -1,13 +1,26 @@ -class apt::unattendedupgrades($ensure=present) { +# Manage unattended updates across cloud instances +# Note: security updates can not be disabled (enabled by default) +# +# [*unattended_wmf*] +# present/absent to enable/disable wmf packages +# +# [*unattended_distro*] +# present/absent to enable/disable updates in stable packages + +class apt::unattendedupgrades( +$unattended_distro='present', +$unattended_wmf='present', +) { + # package installation should enable security upgrades by default package { 'unattended-upgrades': -ensure => $ensure, +ensure => 'present', } # dpkg tries to determine the most conservative default action in case of # conffile conflict. This tells dpkg to use that action without asking apt::conf { 'dpkg-force-confdef': -ensure => present, +ensure => 'present', priority => '00', key => 'Dpkg::Options::', value=> '--force-confdef', @@ -16,20 +29,36 @@ # In case of conffile conflicts, tell dpkg to keep the old conffile without # asking apt::conf { 'dpkg-force-confold': -ensure => present, +ensure => 'present', priority => '00', key => 'Dpkg::Options::', value=> '--force-confold', } apt::conf { 'auto-upgrades': -ensure => $ensure, +ensure => 'present', priority => '20', key => 'APT::Periodic::Unattended-Upgrade', value=> '1', } +# https://wiki.debian.org/StableUpdates +# https://www.debian.org/News/2011/20110215 +apt::conf { 'unattended-upgrades-updates': +ensure => $unattended_distro, +priority => '52', +# Key with trailing '::' to append to potentially existing entry +key => 'Unattended-Upgrade::Origins-Pattern::', +# lint:ignore:single_quote_string_with_variables +value=> 'origin=${distro_id},codename=${distro_codename}-updates', +# lint:endignore +} + +# Unattended should update WMF packages +# https://apt.wikimedia.org/wikimedia/ +# https://wikitech.wikimedia.org/wiki/APT_repository apt::conf { 'unattended-upgrades-wikimedia': +ensure => $unattended_wmf, priority => '51', # Key with trailing '::' to append to potentially existing entry key => 'Unattended-Upgrade::Origins-Pattern::', diff --git a/modules/profile/manifests/base/labs.pp b/modules/profile/manifests/base/labs.pp index 23816b3..59c9b25 100644 --- a/modules/profile/manifests/base/labs.pp +++ b/modules/profile/manifests/base/labs.pp @@ -1,6 +1,13
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "mariadb: Remove mariadb.pp and move some old roles t...
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398257 ) Change subject: Revert "mariadb: Remove mariadb.pp and move some old roles to profiles" .. Revert "mariadb: Remove mariadb.pp and move some old roles to profiles" This reverts commit c698af4785282bf45358377b04ab2dd9f4ac3f5f. Change-Id: I9dbe26e09fda0d9fb7d53e962c9b6958b203db17 --- M manifests/site.pp M modules/profile/manifests/mariadb/core/multiinstance.pp D modules/profile/manifests/mariadb/grants/core.pp D modules/profile/manifests/mariadb/grants/production.pp M modules/profile/manifests/mariadb/misc/eventlogging/database.pp D modules/profile/manifests/mariadb/monitor/dba.pp D modules/profile/manifests/mariadb/monitor/prometheus.pp M modules/role/manifests/labs/db/master.pp M modules/role/manifests/labs/db/replica.pp M modules/role/manifests/labs/db/slave.pp M modules/role/manifests/mariadb.pp M modules/role/manifests/mariadb/core.pp M modules/role/manifests/mariadb/dbstore.pp M modules/role/manifests/mariadb/dbstore_multiinstance.pp M modules/role/manifests/mariadb/labs_deprecated.pp M modules/role/manifests/mariadb/misc.pp M modules/role/manifests/mariadb/misc/phabricator.pp M modules/role/manifests/mariadb/parsercache.pp M modules/role/manifests/mariadb/sanitarium_multiinstance.pp M modules/role/manifests/mariadb/sanitarium_multisource.pp M modules/role/manifests/mariadb/tendril.pp M modules/role/manifests/mariadb/wikitech.pp 22 files changed, 238 insertions(+), 206 deletions(-) Approvals: Rush: Verified; Looks good to me, approved diff --git a/manifests/site.pp b/manifests/site.pp index c51e706..6618172 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -595,6 +595,7 @@ # tendril db node 'db1011.eqiad.wmnet' { role(mariadb::tendril) +include ::base::firewall } node 'dbstore1001.eqiad.wmnet' { diff --git a/modules/profile/manifests/mariadb/core/multiinstance.pp b/modules/profile/manifests/mariadb/core/multiinstance.pp index 8f669c4..0f82887 100644 --- a/modules/profile/manifests/mariadb/core/multiinstance.pp +++ b/modules/profile/manifests/mariadb/core/multiinstance.pp @@ -18,8 +18,16 @@ srange => '$PRODUCTION_NETWORKS', } -class { 'mariadb::packages_wmf': } -class { 'mariadb::service': +#TODO: define one group per shard +class {'role::mariadb::groups': +mysql_group => 'core', +mysql_shard => 's1', +mysql_role => 'slave', +socket => '/run/mysqld/mysqld.s1.sock', +} + +class {'mariadb::packages_wmf': } +class {'mariadb::service': override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main service is \ disabled, use mariadb@ instead'; exit 1\"", } @@ -38,7 +46,7 @@ binlog_format => 'ROW', } -file { '/etc/mysql/mysqld.conf.d': +file {'/etc/mysql/mysqld.conf.d': ensure => directory, owner => root, group => root, diff --git a/modules/profile/manifests/mariadb/grants/core.pp b/modules/profile/manifests/mariadb/grants/core.pp deleted file mode 100644 index 346401c..000 --- a/modules/profile/manifests/mariadb/grants/core.pp +++ /dev/null @@ -1,16 +0,0 @@ -# wikiadmin, wikiuser -class profile::mariadb::grants::core { - -include passwords::misc::scripts - -$wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass -$wikiuser_pass = $passwords::misc::scripts::wikiuser_pass - -file { '/etc/mysql/production-grants-core.sql': -ensure => present, -owner => 'root', -group => 'root', -mode=> '0400', -content => template('role/mariadb/grants/production-core.sql.erb'), -} -} diff --git a/modules/profile/manifests/mariadb/grants/production.pp b/modules/profile/manifests/mariadb/grants/production.pp deleted file mode 100644 index 4151434..000 --- a/modules/profile/manifests/mariadb/grants/production.pp +++ /dev/null @@ -1,72 +0,0 @@ -# root, repl, nagios, tendril, prometheus -# WARNING: any root user will have access to these files -# Do not apply to hosts with users with arbitrary roots -# or any non-production mysql, such as labs-support hosts, -# wikitech hosts, etc. -class profile::mariadb::grants::production( -$shard= false, -$prompt = '', -$password = 'undefined', -) { - -include passwords::misc::scripts -include passwords::tendril -include passwords::nodepool -include passwords::testreduce::mysql -include passwords::racktables -include passwords::prometheus -include passwords::servermon -include passwords::striker -include passwords::labsdbaccounts -include passwords::mysql::phabricator - -$root_pass = $passwords::misc::scripts::mysql_root_pass -$repl_pass = $passwords::misc::scripts::mysql_repl_pass -$nagios_pass = $passwords::misc::scripts::nagios_sql_pass -$tendril_user=
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "mariadb: Remove mariadb.pp and move some old roles t...
Hello Giuseppe Lavagetto, Marostegui, jenkins-bot, Jcrespo, I'd like you to do a code review. Please visit https://gerrit.wikimedia.org/r/398257 to review the following change. Change subject: Revert "mariadb: Remove mariadb.pp and move some old roles to profiles" .. Revert "mariadb: Remove mariadb.pp and move some old roles to profiles" This reverts commit c698af4785282bf45358377b04ab2dd9f4ac3f5f. Change-Id: I9dbe26e09fda0d9fb7d53e962c9b6958b203db17 --- M manifests/site.pp M modules/profile/manifests/mariadb/core/multiinstance.pp D modules/profile/manifests/mariadb/grants/core.pp D modules/profile/manifests/mariadb/grants/production.pp M modules/profile/manifests/mariadb/misc/eventlogging/database.pp D modules/profile/manifests/mariadb/monitor/dba.pp D modules/profile/manifests/mariadb/monitor/prometheus.pp M modules/role/manifests/labs/db/master.pp M modules/role/manifests/labs/db/replica.pp M modules/role/manifests/labs/db/slave.pp M modules/role/manifests/mariadb.pp M modules/role/manifests/mariadb/core.pp M modules/role/manifests/mariadb/dbstore.pp M modules/role/manifests/mariadb/dbstore_multiinstance.pp M modules/role/manifests/mariadb/labs_deprecated.pp M modules/role/manifests/mariadb/misc.pp M modules/role/manifests/mariadb/misc/phabricator.pp M modules/role/manifests/mariadb/parsercache.pp M modules/role/manifests/mariadb/sanitarium_multiinstance.pp M modules/role/manifests/mariadb/sanitarium_multisource.pp M modules/role/manifests/mariadb/tendril.pp M modules/role/manifests/mariadb/wikitech.pp 22 files changed, 238 insertions(+), 206 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/57/398257/1 diff --git a/manifests/site.pp b/manifests/site.pp index c51e706..6618172 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -595,6 +595,7 @@ # tendril db node 'db1011.eqiad.wmnet' { role(mariadb::tendril) +include ::base::firewall } node 'dbstore1001.eqiad.wmnet' { diff --git a/modules/profile/manifests/mariadb/core/multiinstance.pp b/modules/profile/manifests/mariadb/core/multiinstance.pp index 8f669c4..0f82887 100644 --- a/modules/profile/manifests/mariadb/core/multiinstance.pp +++ b/modules/profile/manifests/mariadb/core/multiinstance.pp @@ -18,8 +18,16 @@ srange => '$PRODUCTION_NETWORKS', } -class { 'mariadb::packages_wmf': } -class { 'mariadb::service': +#TODO: define one group per shard +class {'role::mariadb::groups': +mysql_group => 'core', +mysql_shard => 's1', +mysql_role => 'slave', +socket => '/run/mysqld/mysqld.s1.sock', +} + +class {'mariadb::packages_wmf': } +class {'mariadb::service': override => "[Service]\nExecStartPre=/bin/sh -c \"echo 'mariadb main service is \ disabled, use mariadb@ instead'; exit 1\"", } @@ -38,7 +46,7 @@ binlog_format => 'ROW', } -file { '/etc/mysql/mysqld.conf.d': +file {'/etc/mysql/mysqld.conf.d': ensure => directory, owner => root, group => root, diff --git a/modules/profile/manifests/mariadb/grants/core.pp b/modules/profile/manifests/mariadb/grants/core.pp deleted file mode 100644 index 346401c..000 --- a/modules/profile/manifests/mariadb/grants/core.pp +++ /dev/null @@ -1,16 +0,0 @@ -# wikiadmin, wikiuser -class profile::mariadb::grants::core { - -include passwords::misc::scripts - -$wikiadmin_pass = $passwords::misc::scripts::wikiadmin_pass -$wikiuser_pass = $passwords::misc::scripts::wikiuser_pass - -file { '/etc/mysql/production-grants-core.sql': -ensure => present, -owner => 'root', -group => 'root', -mode=> '0400', -content => template('role/mariadb/grants/production-core.sql.erb'), -} -} diff --git a/modules/profile/manifests/mariadb/grants/production.pp b/modules/profile/manifests/mariadb/grants/production.pp deleted file mode 100644 index 4151434..000 --- a/modules/profile/manifests/mariadb/grants/production.pp +++ /dev/null @@ -1,72 +0,0 @@ -# root, repl, nagios, tendril, prometheus -# WARNING: any root user will have access to these files -# Do not apply to hosts with users with arbitrary roots -# or any non-production mysql, such as labs-support hosts, -# wikitech hosts, etc. -class profile::mariadb::grants::production( -$shard= false, -$prompt = '', -$password = 'undefined', -) { - -include passwords::misc::scripts -include passwords::tendril -include passwords::nodepool -include passwords::testreduce::mysql -include passwords::racktables -include passwords::prometheus -include passwords::servermon -include passwords::striker -include passwords::labsdbaccounts -include passwords::mysql::phabricator - -$root_pass = $passwords::misc::scripts::mysql_root_pass -$repl_pass =
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "cloud: setup for attended upgrade process"
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398256 ) Change subject: Revert "cloud: setup for attended upgrade process" .. Revert "cloud: setup for attended upgrade process" This reverts commit 8f9bdd5b83781fceacd86cc2122dd4802465038a. Change-Id: Iaf6f7cff34b4c0fa74c2cab5947d27467983d264 --- M hieradata/labs.yaml D hieradata/labs/project-proxy/common.yaml M hieradata/labs/tools/common.yaml M modules/apt/manifests/unattendedupgrades.pp M modules/profile/manifests/base/labs.pp 5 files changed, 7 insertions(+), 50 deletions(-) Approvals: Rush: Verified; Looks good to me, approved diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index 786efaa..aa078d5 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -17,8 +17,6 @@ recursor: 'labs-recursor0.wikimedia.org' recursor_secondary: 'labs-recursor1.wikimedia.org' -profile::base::labs::unattended_distro: 'present' -profile::base::labs::unattended_wmf: 'present' profile::openstack::main::version: 'liberty' profile::openstack::base::region: "%{::site}" profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org' diff --git a/hieradata/labs/project-proxy/common.yaml b/hieradata/labs/project-proxy/common.yaml deleted file mode 100644 index 48de25f..000 --- a/hieradata/labs/project-proxy/common.yaml +++ /dev/null @@ -1,2 +0,0 @@ -profile::base::labs::unattended_wmf: 'absent' -profile::base::labs::unattended_updates: 'absent' diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml index dba5753..c62e87a 100644 --- a/hieradata/labs/tools/common.yaml +++ b/hieradata/labs/tools/common.yaml @@ -1,6 +1,3 @@ -profile::base::labs::unattended_wmf: 'absent' -profile::base::labs::unattended_updates: 'absent' - "profile::base::core_dump_pattern": core classes: - role::aptly::client diff --git a/modules/apt/manifests/unattendedupgrades.pp b/modules/apt/manifests/unattendedupgrades.pp index ab22e72..c02745c 100644 --- a/modules/apt/manifests/unattendedupgrades.pp +++ b/modules/apt/manifests/unattendedupgrades.pp @@ -1,26 +1,13 @@ -# Manage unattended updates across cloud instances -# Note: security updates can not be disabled (enabled by default) -# -# [*unattended_wmf*] -# present/absent to enable/disable wmf packages -# -# [*unattended_updates*] -# present/absent to enable/disable updates suite packages - -class apt::unattendedupgrades( -$unattended_distro='present', -$unattended_wmf='present', -) { - +class apt::unattendedupgrades($ensure=present) { # package installation should enable security upgrades by default package { 'unattended-upgrades': -ensure => 'present', +ensure => $ensure, } # dpkg tries to determine the most conservative default action in case of # conffile conflict. This tells dpkg to use that action without asking apt::conf { 'dpkg-force-confdef': -ensure => 'present', +ensure => present, priority => '00', key => 'Dpkg::Options::', value=> '--force-confdef', @@ -29,36 +16,20 @@ # In case of conffile conflicts, tell dpkg to keep the old conffile without # asking apt::conf { 'dpkg-force-confold': -ensure => 'present', +ensure => present, priority => '00', key => 'Dpkg::Options::', value=> '--force-confold', } apt::conf { 'auto-upgrades': -ensure => 'present', +ensure => $ensure, priority => '20', key => 'APT::Periodic::Unattended-Upgrade', value=> '1', } -# https://wiki.debian.org/StableUpdates -# https://www.debian.org/News/2011/20110215 -apt::conf { 'unattended-upgrades-updates': -ensure => $unattended_distro, -priority => '52', -# Key with trailing '::' to append to potentially existing entry -key => 'Unattended-Upgrade::Origins-Pattern::', -# lint:ignore:single_quote_string_with_variables -value=> 'origin=${distro_id},codename=${distro_codename}-updates', -# lint:endignore -} - -# Unattended should update WMF packages -# https://apt.wikimedia.org/wikimedia/ -# https://wikitech.wikimedia.org/wiki/APT_repository apt::conf { 'unattended-upgrades-wikimedia': -ensure => $unattended_wmf, priority => '51', # Key with trailing '::' to append to potentially existing entry key => 'Unattended-Upgrade::Origins-Pattern::', diff --git a/modules/profile/manifests/base/labs.pp b/modules/profile/manifests/base/labs.pp index 5e37cbc..23816b3 100644 --- a/modules/profile/manifests/base/labs.pp +++ b/modules/profile/manifests/base/labs.pp @@ -1,13 +1,6 @@ -class profile::base::labs( -$unattended_wmf = hiera('profile::base::labs::unattended_wmf'), -$unattended_updates =
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "cloud: setup for attended upgrade process"
Hello Arturo Borrero Gonzalez, Yuvipanda, Merlijn van Deen, jenkins-bot, I'd like you to do a code review. Please visit https://gerrit.wikimedia.org/r/398256 to review the following change. Change subject: Revert "cloud: setup for attended upgrade process" .. Revert "cloud: setup for attended upgrade process" This reverts commit 8f9bdd5b83781fceacd86cc2122dd4802465038a. Change-Id: Iaf6f7cff34b4c0fa74c2cab5947d27467983d264 --- M hieradata/labs.yaml D hieradata/labs/project-proxy/common.yaml M hieradata/labs/tools/common.yaml M modules/apt/manifests/unattendedupgrades.pp M modules/profile/manifests/base/labs.pp 5 files changed, 7 insertions(+), 50 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/56/398256/1 diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index 786efaa..aa078d5 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -17,8 +17,6 @@ recursor: 'labs-recursor0.wikimedia.org' recursor_secondary: 'labs-recursor1.wikimedia.org' -profile::base::labs::unattended_distro: 'present' -profile::base::labs::unattended_wmf: 'present' profile::openstack::main::version: 'liberty' profile::openstack::base::region: "%{::site}" profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org' diff --git a/hieradata/labs/project-proxy/common.yaml b/hieradata/labs/project-proxy/common.yaml deleted file mode 100644 index 48de25f..000 --- a/hieradata/labs/project-proxy/common.yaml +++ /dev/null @@ -1,2 +0,0 @@ -profile::base::labs::unattended_wmf: 'absent' -profile::base::labs::unattended_updates: 'absent' diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml index dba5753..c62e87a 100644 --- a/hieradata/labs/tools/common.yaml +++ b/hieradata/labs/tools/common.yaml @@ -1,6 +1,3 @@ -profile::base::labs::unattended_wmf: 'absent' -profile::base::labs::unattended_updates: 'absent' - "profile::base::core_dump_pattern": core classes: - role::aptly::client diff --git a/modules/apt/manifests/unattendedupgrades.pp b/modules/apt/manifests/unattendedupgrades.pp index ab22e72..c02745c 100644 --- a/modules/apt/manifests/unattendedupgrades.pp +++ b/modules/apt/manifests/unattendedupgrades.pp @@ -1,26 +1,13 @@ -# Manage unattended updates across cloud instances -# Note: security updates can not be disabled (enabled by default) -# -# [*unattended_wmf*] -# present/absent to enable/disable wmf packages -# -# [*unattended_updates*] -# present/absent to enable/disable updates suite packages - -class apt::unattendedupgrades( -$unattended_distro='present', -$unattended_wmf='present', -) { - +class apt::unattendedupgrades($ensure=present) { # package installation should enable security upgrades by default package { 'unattended-upgrades': -ensure => 'present', +ensure => $ensure, } # dpkg tries to determine the most conservative default action in case of # conffile conflict. This tells dpkg to use that action without asking apt::conf { 'dpkg-force-confdef': -ensure => 'present', +ensure => present, priority => '00', key => 'Dpkg::Options::', value=> '--force-confdef', @@ -29,36 +16,20 @@ # In case of conffile conflicts, tell dpkg to keep the old conffile without # asking apt::conf { 'dpkg-force-confold': -ensure => 'present', +ensure => present, priority => '00', key => 'Dpkg::Options::', value=> '--force-confold', } apt::conf { 'auto-upgrades': -ensure => 'present', +ensure => $ensure, priority => '20', key => 'APT::Periodic::Unattended-Upgrade', value=> '1', } -# https://wiki.debian.org/StableUpdates -# https://www.debian.org/News/2011/20110215 -apt::conf { 'unattended-upgrades-updates': -ensure => $unattended_distro, -priority => '52', -# Key with trailing '::' to append to potentially existing entry -key => 'Unattended-Upgrade::Origins-Pattern::', -# lint:ignore:single_quote_string_with_variables -value=> 'origin=${distro_id},codename=${distro_codename}-updates', -# lint:endignore -} - -# Unattended should update WMF packages -# https://apt.wikimedia.org/wikimedia/ -# https://wikitech.wikimedia.org/wiki/APT_repository apt::conf { 'unattended-upgrades-wikimedia': -ensure => $unattended_wmf, priority => '51', # Key with trailing '::' to append to potentially existing entry key => 'Unattended-Upgrade::Origins-Pattern::', diff --git a/modules/profile/manifests/base/labs.pp b/modules/profile/manifests/base/labs.pp index 5e37cbc..23816b3 100644 --- a/modules/profile/manifests/base/labs.pp +++ b/modules/profile/manifests/base/labs.pp @@ -1,13 +1,6 @@
[MediaWiki-commits] [Gerrit] operations/puppet[production]: cloud: setup for attended upgrade process
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/394200 ) Change subject: cloud: setup for attended upgrade process .. cloud: setup for attended upgrade process exclude: * project-proxy * tools Bug: T181647 Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111 --- M hieradata/labs.yaml A hieradata/labs/project-proxy/common.yaml M hieradata/labs/tools/common.yaml M modules/apt/manifests/unattendedupgrades.pp M modules/profile/manifests/base/labs.pp 5 files changed, 50 insertions(+), 7 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index aa078d5..786efaa 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -17,6 +17,8 @@ recursor: 'labs-recursor0.wikimedia.org' recursor_secondary: 'labs-recursor1.wikimedia.org' +profile::base::labs::unattended_distro: 'present' +profile::base::labs::unattended_wmf: 'present' profile::openstack::main::version: 'liberty' profile::openstack::base::region: "%{::site}" profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org' diff --git a/hieradata/labs/project-proxy/common.yaml b/hieradata/labs/project-proxy/common.yaml new file mode 100644 index 000..48de25f --- /dev/null +++ b/hieradata/labs/project-proxy/common.yaml @@ -0,0 +1,2 @@ +profile::base::labs::unattended_wmf: 'absent' +profile::base::labs::unattended_updates: 'absent' diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml index c62e87a..dba5753 100644 --- a/hieradata/labs/tools/common.yaml +++ b/hieradata/labs/tools/common.yaml @@ -1,3 +1,6 @@ +profile::base::labs::unattended_wmf: 'absent' +profile::base::labs::unattended_updates: 'absent' + "profile::base::core_dump_pattern": core classes: - role::aptly::client diff --git a/modules/apt/manifests/unattendedupgrades.pp b/modules/apt/manifests/unattendedupgrades.pp index c02745c..ab22e72 100644 --- a/modules/apt/manifests/unattendedupgrades.pp +++ b/modules/apt/manifests/unattendedupgrades.pp @@ -1,13 +1,26 @@ -class apt::unattendedupgrades($ensure=present) { +# Manage unattended updates across cloud instances +# Note: security updates can not be disabled (enabled by default) +# +# [*unattended_wmf*] +# present/absent to enable/disable wmf packages +# +# [*unattended_updates*] +# present/absent to enable/disable updates suite packages + +class apt::unattendedupgrades( +$unattended_distro='present', +$unattended_wmf='present', +) { + # package installation should enable security upgrades by default package { 'unattended-upgrades': -ensure => $ensure, +ensure => 'present', } # dpkg tries to determine the most conservative default action in case of # conffile conflict. This tells dpkg to use that action without asking apt::conf { 'dpkg-force-confdef': -ensure => present, +ensure => 'present', priority => '00', key => 'Dpkg::Options::', value=> '--force-confdef', @@ -16,20 +29,36 @@ # In case of conffile conflicts, tell dpkg to keep the old conffile without # asking apt::conf { 'dpkg-force-confold': -ensure => present, +ensure => 'present', priority => '00', key => 'Dpkg::Options::', value=> '--force-confold', } apt::conf { 'auto-upgrades': -ensure => $ensure, +ensure => 'present', priority => '20', key => 'APT::Periodic::Unattended-Upgrade', value=> '1', } +# https://wiki.debian.org/StableUpdates +# https://www.debian.org/News/2011/20110215 +apt::conf { 'unattended-upgrades-updates': +ensure => $unattended_distro, +priority => '52', +# Key with trailing '::' to append to potentially existing entry +key => 'Unattended-Upgrade::Origins-Pattern::', +# lint:ignore:single_quote_string_with_variables +value=> 'origin=${distro_id},codename=${distro_codename}-updates', +# lint:endignore +} + +# Unattended should update WMF packages +# https://apt.wikimedia.org/wikimedia/ +# https://wikitech.wikimedia.org/wiki/APT_repository apt::conf { 'unattended-upgrades-wikimedia': +ensure => $unattended_wmf, priority => '51', # Key with trailing '::' to append to potentially existing entry key => 'Unattended-Upgrade::Origins-Pattern::', diff --git a/modules/profile/manifests/base/labs.pp b/modules/profile/manifests/base/labs.pp index 23816b3..5e37cbc 100644 --- a/modules/profile/manifests/base/labs.pp +++ b/modules/profile/manifests/base/labs.pp @@ -1,6 +1,13 @@ -class profile::base::labs { -include ::apt::unattendedupgrades +class profile::base::labs( +$unattended_wmf =
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: sane class dependency handling for labtest[n]
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398169 ) Change subject: openstack: sane class dependency handling for labtest[n] .. openstack: sane class dependency handling for labtest[n] Bug: T171494 Change-Id: I6f235999ff42c91637d845c2c1a457e59ab6099f --- M modules/profile/manifests/openstack/base/nova/api/service.pp M modules/profile/manifests/openstack/base/nova/compute/service.pp M modules/profile/manifests/openstack/base/nova/conductor/service.pp M modules/profile/manifests/openstack/base/nova/fullstack/service.pp M modules/profile/manifests/openstack/base/nova/network/service.pp M modules/profile/manifests/openstack/base/nova/scheduler/service.pp M modules/profile/manifests/openstack/base/nova/spiceproxy/service.pp M modules/profile/manifests/openstack/labtest/clientlib.pp M modules/profile/manifests/openstack/labtest/cloudrepo.pp M modules/profile/manifests/openstack/labtest/designate/service.pp M modules/profile/manifests/openstack/labtest/glance.pp M modules/profile/manifests/openstack/labtest/horizon/dashboard.pp M modules/profile/manifests/openstack/labtest/keystone/service.pp M modules/profile/manifests/openstack/labtest/nova/api/service.pp M modules/profile/manifests/openstack/labtest/nova/common.pp M modules/profile/manifests/openstack/labtest/nova/compute/service.pp M modules/profile/manifests/openstack/labtest/nova/conductor/service.pp M modules/profile/manifests/openstack/labtest/nova/network/service.pp M modules/profile/manifests/openstack/labtest/nova/scheduler/service.pp M modules/profile/manifests/openstack/labtest/nova/spiceproxy/service.pp M modules/profile/manifests/openstack/labtest/observerenv.pp M modules/profile/manifests/openstack/labtest/pdns/dns_floating_ip_updater.pp M modules/profile/manifests/openstack/labtest/rabbitmq.pp M modules/profile/manifests/openstack/labtestn/clientlib.pp 24 files changed, 33 insertions(+), 2 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/base/nova/api/service.pp b/modules/profile/manifests/openstack/base/nova/api/service.pp index f1b5993..35a40f2 100644 --- a/modules/profile/manifests/openstack/base/nova/api/service.pp +++ b/modules/profile/manifests/openstack/base/nova/api/service.pp @@ -5,8 +5,10 @@ class {'::openstack::nova::api::service': active => ($::fqdn == $nova_api_host), } +contain '::openstack::nova::api::service' class {'::openstack::nova::api::monitor': active => ($::fqdn == $nova_api_host), } +contain '::openstack::nova::api::monitor' } diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp b/modules/profile/manifests/openstack/base/nova/compute/service.pp index 1764deb..27fc19a 100644 --- a/modules/profile/manifests/openstack/base/nova/compute/service.pp +++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp @@ -56,4 +56,5 @@ certname => $certname, ca_target=> $ca_target, } +contain '::openstack::nova::compute::service' } diff --git a/modules/profile/manifests/openstack/base/nova/conductor/service.pp b/modules/profile/manifests/openstack/base/nova/conductor/service.pp index a6eeeb0..a0462ff 100644 --- a/modules/profile/manifests/openstack/base/nova/conductor/service.pp +++ b/modules/profile/manifests/openstack/base/nova/conductor/service.pp @@ -5,4 +5,5 @@ class {'::openstack::nova::conductor::service': active => $::fqdn == $nova_controller, } +contain '::openstack::nova::conductor::service' } diff --git a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp index ca83640..dbb95e1 100644 --- a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp +++ b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp @@ -7,4 +7,5 @@ active => ($::fqdn == $nova_api_host), password => $osstackcanary_pass, } +contain '::openstack::nova::fullstack::service' } diff --git a/modules/profile/manifests/openstack/base/nova/network/service.pp b/modules/profile/manifests/openstack/base/nova/network/service.pp index 355f1d0..f952115 100644 --- a/modules/profile/manifests/openstack/base/nova/network/service.pp +++ b/modules/profile/manifests/openstack/base/nova/network/service.pp @@ -34,4 +34,5 @@ dns_recursor => $dns_recursor, dns_recursor_secondary => $dns_recursor_secondary, } +contain '::openstack::nova::network::service' } diff --git a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp b/modules/profile/manifests/openstack/base/nova/scheduler/service.pp index d6ad90d..61da5d8 100644 --- a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp +++
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: sane class dependency handling for labtest[n]
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398169 ) Change subject: openstack: sane class dependency handling for labtest[n] .. openstack: sane class dependency handling for labtest[n] Bug: T171494 Change-Id: I6f235999ff42c91637d845c2c1a457e59ab6099f --- M modules/profile/manifests/openstack/base/nova/api/service.pp M modules/profile/manifests/openstack/base/nova/compute/service.pp M modules/profile/manifests/openstack/base/nova/conductor/service.pp M modules/profile/manifests/openstack/base/nova/fullstack/service.pp M modules/profile/manifests/openstack/base/nova/network/service.pp M modules/profile/manifests/openstack/base/nova/scheduler/service.pp M modules/profile/manifests/openstack/base/nova/spiceproxy/service.pp M modules/profile/manifests/openstack/labtest/clientlib.pp M modules/profile/manifests/openstack/labtest/cloudrepo.pp M modules/profile/manifests/openstack/labtest/designate/service.pp M modules/profile/manifests/openstack/labtest/glance.pp M modules/profile/manifests/openstack/labtest/horizon/dashboard.pp M modules/profile/manifests/openstack/labtest/keystone/service.pp M modules/profile/manifests/openstack/labtest/nova/api/service.pp M modules/profile/manifests/openstack/labtest/nova/common.pp M modules/profile/manifests/openstack/labtest/nova/compute/service.pp M modules/profile/manifests/openstack/labtest/nova/conductor/service.pp M modules/profile/manifests/openstack/labtest/nova/network/service.pp M modules/profile/manifests/openstack/labtest/nova/scheduler/service.pp M modules/profile/manifests/openstack/labtest/nova/spiceproxy/service.pp M modules/profile/manifests/openstack/labtest/observerenv.pp M modules/profile/manifests/openstack/labtest/pdns/dns_floating_ip_updater.pp M modules/profile/manifests/openstack/labtest/rabbitmq.pp M modules/profile/manifests/openstack/labtestn/clientlib.pp 24 files changed, 33 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/69/398169/1 diff --git a/modules/profile/manifests/openstack/base/nova/api/service.pp b/modules/profile/manifests/openstack/base/nova/api/service.pp index f1b5993..35a40f2 100644 --- a/modules/profile/manifests/openstack/base/nova/api/service.pp +++ b/modules/profile/manifests/openstack/base/nova/api/service.pp @@ -5,8 +5,10 @@ class {'::openstack::nova::api::service': active => ($::fqdn == $nova_api_host), } +contain '::openstack::nova::api::service' class {'::openstack::nova::api::monitor': active => ($::fqdn == $nova_api_host), } +contain '::openstack::nova::api::monitor' } diff --git a/modules/profile/manifests/openstack/base/nova/compute/service.pp b/modules/profile/manifests/openstack/base/nova/compute/service.pp index 1764deb..27fc19a 100644 --- a/modules/profile/manifests/openstack/base/nova/compute/service.pp +++ b/modules/profile/manifests/openstack/base/nova/compute/service.pp @@ -56,4 +56,5 @@ certname => $certname, ca_target=> $ca_target, } +contain '::openstack::nova::compute::service' } diff --git a/modules/profile/manifests/openstack/base/nova/conductor/service.pp b/modules/profile/manifests/openstack/base/nova/conductor/service.pp index a6eeeb0..a0462ff 100644 --- a/modules/profile/manifests/openstack/base/nova/conductor/service.pp +++ b/modules/profile/manifests/openstack/base/nova/conductor/service.pp @@ -5,4 +5,5 @@ class {'::openstack::nova::conductor::service': active => $::fqdn == $nova_controller, } +contain '::openstack::nova::conductor::service' } diff --git a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp index ca83640..dbb95e1 100644 --- a/modules/profile/manifests/openstack/base/nova/fullstack/service.pp +++ b/modules/profile/manifests/openstack/base/nova/fullstack/service.pp @@ -7,4 +7,5 @@ active => ($::fqdn == $nova_api_host), password => $osstackcanary_pass, } +contain '::openstack::nova::fullstack::service' } diff --git a/modules/profile/manifests/openstack/base/nova/network/service.pp b/modules/profile/manifests/openstack/base/nova/network/service.pp index 355f1d0..f952115 100644 --- a/modules/profile/manifests/openstack/base/nova/network/service.pp +++ b/modules/profile/manifests/openstack/base/nova/network/service.pp @@ -34,4 +34,5 @@ dns_recursor => $dns_recursor, dns_recursor_secondary => $dns_recursor_secondary, } +contain '::openstack::nova::network::service' } diff --git a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp b/modules/profile/manifests/openstack/base/nova/scheduler/service.pp index d6ad90d..61da5d8 100644 --- a/modules/profile/manifests/openstack/base/nova/scheduler/service.pp +++
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labtest and labtestn roles for net
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398145 ) Change subject: openstack: labtest and labtestn roles for net .. openstack: labtest and labtestn roles for net * labtestneutron2001 apply labtestn net role (with standard in the role) * labtestnet2002 apply wmcs::openstack::labtest::net_standby * create role::wmcs::openstack::labtest::net_standby to match main * clientlib for role::wmcs::openstack::labtestn::net Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552 --- M manifests/site.pp A modules/role/manifests/wmcs/openstack/labtest/net_standby.pp M modules/role/manifests/wmcs/openstack/labtestn/net.pp 3 files changed, 11 insertions(+), 6 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/site.pp b/manifests/site.pp index 13a40eb..d058f15 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1000,7 +1000,6 @@ node 'labtestneutron2001.codfw.wmnet' { role(wmcs::openstack::labtestn::net) -include ::standard } node /^labtestvirt200[1-3]\.codfw\.wmnet$/ { @@ -1015,9 +1014,7 @@ } node 'labtestnet2002.codfw.wmnet' { -# WIP -include ::standard -include ::base::firewall +role(wmcs::openstack::labtest::net_standby) } node 'labtestneutron2002.codfw.wmnet' { diff --git a/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp new file mode 100644 index 000..acbfbf4 --- /dev/null +++ b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp @@ -0,0 +1,7 @@ +class role::wmcs::openstack::labtest::net_standby { +system::role { $name: } +include ::standard +include ::profile::openstack::labtest::cloudrepo +include ::profile::openstack::labtest::clientlib +include ::profile::openstack::labtest::observerenv +} diff --git a/modules/role/manifests/wmcs/openstack/labtestn/net.pp b/modules/role/manifests/wmcs/openstack/labtestn/net.pp index 948e3c0..100cbe3 100644 --- a/modules/role/manifests/wmcs/openstack/labtestn/net.pp +++ b/modules/role/manifests/wmcs/openstack/labtestn/net.pp @@ -1,5 +1,6 @@ class role::wmcs::openstack::labtestn::net { system::role { $name: } -include ::profile::openstack::labtestn::cloudrepo -include ::profile::openstack::labtestn::nova::common +# Do not add base firewall +include ::standard +include ::profile::openstack::labtestn::clientlib } -- To view, visit https://gerrit.wikimedia.org/r/398145 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Giuseppe Lavagetto Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: labtest and labtestn roles for net
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398145 ) Change subject: openstack: labtest and labtestn roles for net .. openstack: labtest and labtestn roles for net * labtestneutron2001 apply labtestn net role (with standard in the role) * labtestnet2002 apply wmcs::openstack::labtest::net_standby * create role::wmcs::openstack::labtest::net_standby to match main * clientlib for role::wmcs::openstack::labtestn::net Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552 --- M manifests/site.pp A modules/role/manifests/wmcs/openstack/labtest/net_standby.pp M modules/role/manifests/wmcs/openstack/labtestn/net.pp 3 files changed, 11 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/45/398145/1 diff --git a/manifests/site.pp b/manifests/site.pp index d0f9935..3af0cb7 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1000,7 +1000,6 @@ node 'labtestneutron2001.codfw.wmnet' { role(wmcs::openstack::labtestn::net) -include ::standard } node /^labtestvirt200[1-3]\.codfw\.wmnet$/ { @@ -1015,9 +1014,7 @@ } node 'labtestnet2002.codfw.wmnet' { -# WIP -include ::standard -include ::base::firewall +role(wmcs::openstack::labtest::net_standby) } node 'labtestneutron2002.codfw.wmnet' { diff --git a/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp new file mode 100644 index 000..acbfbf4 --- /dev/null +++ b/modules/role/manifests/wmcs/openstack/labtest/net_standby.pp @@ -0,0 +1,7 @@ +class role::wmcs::openstack::labtest::net_standby { +system::role { $name: } +include ::standard +include ::profile::openstack::labtest::cloudrepo +include ::profile::openstack::labtest::clientlib +include ::profile::openstack::labtest::observerenv +} diff --git a/modules/role/manifests/wmcs/openstack/labtestn/net.pp b/modules/role/manifests/wmcs/openstack/labtestn/net.pp index 948e3c0..100cbe3 100644 --- a/modules/role/manifests/wmcs/openstack/labtestn/net.pp +++ b/modules/role/manifests/wmcs/openstack/labtestn/net.pp @@ -1,5 +1,6 @@ class role::wmcs::openstack::labtestn::net { system::role { $name: } -include ::profile::openstack::labtestn::cloudrepo -include ::profile::openstack::labtestn::nova::common +# Do not add base firewall +include ::standard +include ::profile::openstack::labtestn::clientlib } -- To view, visit https://gerrit.wikimedia.org/r/398145 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5fef57e3a59cc0f0f03c108fe9c5f99163ad9552 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: consistent style for ensure present
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398140 ) Change subject: openstack: consistent style for ensure present .. openstack: consistent style for ensure present present => 'present' Change-Id: Ic9f75873e07dcfcc5dda4024ade8636a817d9179 --- M modules/openstack/manifests/clientlib.pp M modules/openstack/manifests/designate/dns_floating_ip_updater.pp M modules/openstack/manifests/glance/image_sync.pp M modules/openstack/manifests/glance/service.pp M modules/openstack/manifests/keystone/service.pp M modules/openstack/manifests/nova/api/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/conductor/service.pp M modules/openstack/manifests/nova/network/service.pp M modules/openstack/manifests/nova/spiceproxy/service.pp M modules/openstack/manifests/util/admin_scripts.pp M modules/openstack/manifests/wikitech/openstack_manager.pp 12 files changed, 27 insertions(+), 27 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/clientlib.pp b/modules/openstack/manifests/clientlib.pp index d1e5ee1..85eda78 100644 --- a/modules/openstack/manifests/clientlib.pp +++ b/modules/openstack/manifests/clientlib.pp @@ -18,7 +18,7 @@ # Wrapper python class to easily query openstack clients file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py': -ensure => present, +ensure => 'present', source => 'puppet:///modules/openstack/clientlib/mwopenstackclients.py', mode => '0755', owner => 'root', diff --git a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp index 9e284b0..1863946 100644 --- a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp +++ b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp @@ -21,7 +21,7 @@ } file { '/etc/labs-floating-ips-dns-config.yaml': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode=> '0440', @@ -29,7 +29,7 @@ } file { '/etc/dns-floating-ip-updater.py': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode=> '0750', diff --git a/modules/openstack/manifests/glance/image_sync.pp b/modules/openstack/manifests/glance/image_sync.pp index dfa6a1c..f96be67 100644 --- a/modules/openstack/manifests/glance/image_sync.pp +++ b/modules/openstack/manifests/glance/image_sync.pp @@ -17,7 +17,7 @@ # Set up a keypair and rsync image files between active and standby user { 'glancesync': -ensure => present, +ensure => 'present', name => 'glancesync', shell => '/bin/sh', comment=> 'glance rsync user', @@ -28,7 +28,7 @@ } ssh::userkey { 'glancesync': -ensure => present, +ensure => 'present', require => User['glancesync'], content => secret('ssh/glancesync/glancesync.pub'), } diff --git a/modules/openstack/manifests/glance/service.pp b/modules/openstack/manifests/glance/service.pp index 5c2d4e8..29bd89c 100644 --- a/modules/openstack/manifests/glance/service.pp +++ b/modules/openstack/manifests/glance/service.pp @@ -14,7 +14,7 @@ ) { package { 'glance': -ensure => present, +ensure => 'present', } file { $glance_data: diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index bbbdce7..44f8dfc 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -58,7 +58,7 @@ if $token_driver == 'redis' { package { 'python-keystone-redis': -ensure => present; +ensure => 'present'; } } diff --git a/modules/openstack/manifests/nova/api/service.pp b/modules/openstack/manifests/nova/api/service.pp index d7fe098..8011e9b 100644 --- a/modules/openstack/manifests/nova/api/service.pp +++ b/modules/openstack/manifests/nova/api/service.pp @@ -7,7 +7,7 @@ require openstack::nova::common package { 'nova-api': -ensure => present, +ensure => 'present', } service { 'nova-api': diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index aad8727..15f5f07 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -24,14 +24,14 @@ # was split from the bridge kernel module into a separate module (br_netfilter) if (versioncmp($::kernelversion, '3.18') >= 0) { kmod::module { 'br_netfilter': -ensure => present, +
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: consistent style for ensure present
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398140 ) Change subject: openstack: consistent style for ensure present .. openstack: consistent style for ensure present present => 'present' Change-Id: Ic9f75873e07dcfcc5dda4024ade8636a817d9179 --- M modules/openstack/manifests/clientlib.pp M modules/openstack/manifests/designate/dns_floating_ip_updater.pp M modules/openstack/manifests/glance/image_sync.pp M modules/openstack/manifests/glance/service.pp M modules/openstack/manifests/keystone/service.pp M modules/openstack/manifests/nova/api/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/conductor/service.pp M modules/openstack/manifests/nova/network/service.pp M modules/openstack/manifests/nova/spiceproxy/service.pp M modules/openstack/manifests/util/admin_scripts.pp M modules/openstack/manifests/wikitech/openstack_manager.pp 12 files changed, 27 insertions(+), 27 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/40/398140/1 diff --git a/modules/openstack/manifests/clientlib.pp b/modules/openstack/manifests/clientlib.pp index d1e5ee1..85eda78 100644 --- a/modules/openstack/manifests/clientlib.pp +++ b/modules/openstack/manifests/clientlib.pp @@ -18,7 +18,7 @@ # Wrapper python class to easily query openstack clients file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py': -ensure => present, +ensure => 'present', source => 'puppet:///modules/openstack/clientlib/mwopenstackclients.py', mode => '0755', owner => 'root', diff --git a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp index 9e284b0..1863946 100644 --- a/modules/openstack/manifests/designate/dns_floating_ip_updater.pp +++ b/modules/openstack/manifests/designate/dns_floating_ip_updater.pp @@ -21,7 +21,7 @@ } file { '/etc/labs-floating-ips-dns-config.yaml': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode=> '0440', @@ -29,7 +29,7 @@ } file { '/etc/dns-floating-ip-updater.py': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode=> '0750', diff --git a/modules/openstack/manifests/glance/image_sync.pp b/modules/openstack/manifests/glance/image_sync.pp index dfa6a1c..f96be67 100644 --- a/modules/openstack/manifests/glance/image_sync.pp +++ b/modules/openstack/manifests/glance/image_sync.pp @@ -17,7 +17,7 @@ # Set up a keypair and rsync image files between active and standby user { 'glancesync': -ensure => present, +ensure => 'present', name => 'glancesync', shell => '/bin/sh', comment=> 'glance rsync user', @@ -28,7 +28,7 @@ } ssh::userkey { 'glancesync': -ensure => present, +ensure => 'present', require => User['glancesync'], content => secret('ssh/glancesync/glancesync.pub'), } diff --git a/modules/openstack/manifests/glance/service.pp b/modules/openstack/manifests/glance/service.pp index 5c2d4e8..29bd89c 100644 --- a/modules/openstack/manifests/glance/service.pp +++ b/modules/openstack/manifests/glance/service.pp @@ -14,7 +14,7 @@ ) { package { 'glance': -ensure => present, +ensure => 'present', } file { $glance_data: diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index bbbdce7..44f8dfc 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -58,7 +58,7 @@ if $token_driver == 'redis' { package { 'python-keystone-redis': -ensure => present; +ensure => 'present'; } } diff --git a/modules/openstack/manifests/nova/api/service.pp b/modules/openstack/manifests/nova/api/service.pp index d7fe098..8011e9b 100644 --- a/modules/openstack/manifests/nova/api/service.pp +++ b/modules/openstack/manifests/nova/api/service.pp @@ -7,7 +7,7 @@ require openstack::nova::common package { 'nova-api': -ensure => present, +ensure => 'present', } service { 'nova-api': diff --git a/modules/openstack/manifests/nova/compute/service.pp b/modules/openstack/manifests/nova/compute/service.pp index aad8727..15f5f07 100644 --- a/modules/openstack/manifests/nova/compute/service.pp +++ b/modules/openstack/manifests/nova/compute/service.pp @@ -24,14 +24,14 @@ # was split from the bridge kernel module into a separate module (br_netfilter) if (versioncmp($::kernelversion, '3.18') >= 0) { kmod::module { 'br_netfilter': -ensure => present, +
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dependency changes for require_package
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398121 ) Change subject: openstack: dependency changes for require_package .. openstack: dependency changes for require_package * labsaliaser.pp does not need client packages as they are part of clientlib base * admin_scripts portions that require context will be moved to another manifest Bug: T171494 Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1 --- M modules/dnsrecursor/manifests/labsaliaser.pp M modules/openstack/manifests/util/admin_scripts.pp 2 files changed, 0 insertions(+), 6 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/dnsrecursor/manifests/labsaliaser.pp b/modules/dnsrecursor/manifests/labsaliaser.pp index 7461e61..fa6c2fb 100644 --- a/modules/dnsrecursor/manifests/labsaliaser.pp +++ b/modules/dnsrecursor/manifests/labsaliaser.pp @@ -8,8 +8,6 @@ $puppetmaster_hostname, ) { -require_package(['python-novaclient', 'python-keystoneclient']) - $config = { 'username' => $username, 'password' => $password, diff --git a/modules/openstack/manifests/util/admin_scripts.pp b/modules/openstack/manifests/util/admin_scripts.pp index f29a172..f3a6ecf 100644 --- a/modules/openstack/manifests/util/admin_scripts.pp +++ b/modules/openstack/manifests/util/admin_scripts.pp @@ -3,7 +3,6 @@ $version, ) { -require openstack::nova::common # Installing this package ensures that we have all the UIDs that # are used to store an instance volume. That's important for # when we rsync files via this host. @@ -112,10 +111,7 @@ # XXX: per deployment? file { '/root/.ssh/compute-hosts-key': content => secret('ssh/nova/nova.key'), -owner => 'nova', -group => 'nova', mode => '0600', -require => Package['nova-common'], show_diff => false, } -- To view, visit https://gerrit.wikimedia.org/r/398121 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dependency changes for require_package
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398121 ) Change subject: openstack: dependency changes for require_package .. openstack: dependency changes for require_package * labsaliaser.pp does not need client packages as they are part of clientlib base * admin_scripts portions that require context will be moved to another manifest Bug: T171494 Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1 --- M modules/dnsrecursor/manifests/labsaliaser.pp M modules/openstack/manifests/util/admin_scripts.pp 2 files changed, 0 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/21/398121/1 diff --git a/modules/dnsrecursor/manifests/labsaliaser.pp b/modules/dnsrecursor/manifests/labsaliaser.pp index 7461e61..fa6c2fb 100644 --- a/modules/dnsrecursor/manifests/labsaliaser.pp +++ b/modules/dnsrecursor/manifests/labsaliaser.pp @@ -8,8 +8,6 @@ $puppetmaster_hostname, ) { -require_package(['python-novaclient', 'python-keystoneclient']) - $config = { 'username' => $username, 'password' => $password, diff --git a/modules/openstack/manifests/util/admin_scripts.pp b/modules/openstack/manifests/util/admin_scripts.pp index f29a172..f3a6ecf 100644 --- a/modules/openstack/manifests/util/admin_scripts.pp +++ b/modules/openstack/manifests/util/admin_scripts.pp @@ -3,7 +3,6 @@ $version, ) { -require openstack::nova::common # Installing this package ensures that we have all the UIDs that # are used to store an instance volume. That's important for # when we rsync files via this host. @@ -112,10 +111,7 @@ # XXX: per deployment? file { '/root/.ssh/compute-hosts-key': content => secret('ssh/nova/nova.key'), -owner => 'nova', -group => 'nova', mode => '0600', -require => Package['nova-common'], show_diff => false, } -- To view, visit https://gerrit.wikimedia.org/r/398121 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8b8ae7b00309bd86e96a850af644ad5e00db3ab1 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dedupe packages and reduce require_package
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398118 ) Change subject: openstack: dedupe packages and reduce require_package .. openstack: dedupe packages and reduce require_package require_package basically hacks the native dependency chain. This becomes problematic when dealing with additional repositories such as the cloudrepo on new installs. Resulting in packages that exist in the default distro repo being installed at incorrect older versions. * Consolidate openstack client libs into clientlib.pp * Add neutron client lib * Add debian jessie specific packages * Reduce dependence on require_package generally Bug: T171494 Change-Id: I98430d9896e7e0562a50248f0c890385d7cae70d --- M modules/openstack/manifests/clientlib.pp M modules/openstack/manifests/cloudrepo.pp M modules/openstack/manifests/designate/service.pp M modules/openstack/manifests/nova/common.pp M modules/openstack/manifests/util/admin_scripts.pp M modules/profile/manifests/openstack/main/cumin/master.pp 6 files changed, 45 insertions(+), 25 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/clientlib.pp b/modules/openstack/manifests/clientlib.pp index 7074594..d1e5ee1 100644 --- a/modules/openstack/manifests/clientlib.pp +++ b/modules/openstack/manifests/clientlib.pp @@ -3,14 +3,18 @@ $version, ) { -$packages = [ +$py2packages = [ 'python-novaclient', 'python-glanceclient', 'python-keystoneclient', 'python-openstackclient', 'python-designateclient', +'python-neutronclient', ] -require_package($packages) + +package{ $py2packages: +ensure => 'present', +} # Wrapper python class to easily query openstack clients file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py': @@ -21,9 +25,19 @@ group => 'root', } +if os_version('debian jessie') and $version == 'liberty' { + +$debian_jessie_packages = [ +'python-keystoneauth1', +] + +package{ $debian_jessie_packages: +ensure => 'present', +} +} + # assumption is any version not liberty is newer # Ubuntu on liberty /does not/ - if os_version('ubuntu trusty') and $version != 'liberty' { $python3packages = [ @@ -31,10 +45,13 @@ 'python3-novaclient', 'python3-glanceclient', ] -require_package($python3packages) + +package{ $python3packages: +ensure => 'present', +} file { '/usr/lib/python3/dist-packages/mwopenstackclients.py': -ensure => present, +ensure => 'present', source => 'puppet:///modules/openstack/clientlib/mwopenstackclients.py', mode => '0755', owner => 'root', diff --git a/modules/openstack/manifests/cloudrepo.pp b/modules/openstack/manifests/cloudrepo.pp index 563ed59..d83318a 100644 --- a/modules/openstack/manifests/cloudrepo.pp +++ b/modules/openstack/manifests/cloudrepo.pp @@ -6,6 +6,7 @@ class openstack::cloudrepo( $version='liberty', ) { + # As of 26/10/2015 we support kilo on trusty (lsb_release -c) if ($::lsbdistcodename == 'trusty') { apt::repository { 'ubuntucloud': diff --git a/modules/openstack/manifests/designate/service.pp b/modules/openstack/manifests/designate/service.pp index 404cba2..3223d6a 100644 --- a/modules/openstack/manifests/designate/service.pp +++ b/modules/openstack/manifests/designate/service.pp @@ -37,14 +37,12 @@ $puppetmaster_hostname_ip = ipresolve($puppetmaster_hostname,4) require_package( -'python-designateclient', 'designate-sink', 'designate-common', 'designate', 'designate-api', 'designate-doc', 'designate-central', -'python-novaclient' ) file { '/usr/lib/python2.7/dist-packages/wmf_sink': diff --git a/modules/openstack/manifests/nova/common.pp b/modules/openstack/manifests/nova/common.pp index 5be8d5b..affa993 100644 --- a/modules/openstack/manifests/nova/common.pp +++ b/modules/openstack/manifests/nova/common.pp @@ -37,7 +37,10 @@ 'bridge-utils', 'nova-common', ] -require_package($packages) + +package { $packages: +ensure => 'present', +} # For some reason the Mitaka nova-common package installs # a logrotate rule for nova/*.log and also a nova/nova-manage.log. diff --git a/modules/openstack/manifests/util/admin_scripts.pp b/modules/openstack/manifests/util/admin_scripts.pp index 88ace00..f29a172 100644 --- a/modules/openstack/manifests/util/admin_scripts.pp +++ b/modules/openstack/manifests/util/admin_scripts.pp @@ -3,11 +3,13 @@ $version, ) { -require_package('nova-common') +require openstack::nova::common
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: dedupe packages and reduce require_package
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398118 ) Change subject: openstack: dedupe packages and reduce require_package .. openstack: dedupe packages and reduce require_package require_package basically hacks the native dependency chain. This becomes problematic when dealing with additional repositories such as the cloudrepo on new installs. Resulting in packages that exist in the default distro repo being installed at incorrect older versions. * Consolidate openstack client libs into clientlib.pp * Add neutron client lib * Add debian jessie specific packages * Reduce dependence on require_package generally Bug: T171494 Change-Id: I98430d9896e7e0562a50248f0c890385d7cae70d --- M modules/openstack/manifests/clientlib.pp M modules/openstack/manifests/cloudrepo.pp M modules/openstack/manifests/designate/service.pp M modules/openstack/manifests/nova/common.pp M modules/openstack/manifests/util/admin_scripts.pp M modules/profile/manifests/openstack/main/cumin/master.pp 6 files changed, 44 insertions(+), 25 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/18/398118/1 diff --git a/modules/openstack/manifests/clientlib.pp b/modules/openstack/manifests/clientlib.pp index 7074594..ede9f0c 100644 --- a/modules/openstack/manifests/clientlib.pp +++ b/modules/openstack/manifests/clientlib.pp @@ -3,14 +3,18 @@ $version, ) { -$packages = [ +$py2packages = [ 'python-novaclient', 'python-glanceclient', 'python-keystoneclient', 'python-openstackclient', 'python-designateclient', +'python-neutronclient', ] -require_package($packages) + +package{ $py2packages: +ensure => 'present', +} # Wrapper python class to easily query openstack clients file { '/usr/lib/python2.7/dist-packages/mwopenstackclients.py': @@ -21,9 +25,18 @@ group => 'root', } + if os_version('debian jessie') and $version == 'liberty' { + +$debian_jessie_packages = [ +'python-keystoneauth1', +] + +package{ $debian_jessie_packages: +ensure => 'present', +} + # assumption is any version not liberty is newer # Ubuntu on liberty /does not/ - if os_version('ubuntu trusty') and $version != 'liberty' { $python3packages = [ @@ -31,10 +44,13 @@ 'python3-novaclient', 'python3-glanceclient', ] -require_package($python3packages) + +package{ $python3packages: +ensure => 'present', +} file { '/usr/lib/python3/dist-packages/mwopenstackclients.py': -ensure => present, +ensure => 'present', source => 'puppet:///modules/openstack/clientlib/mwopenstackclients.py', mode => '0755', owner => 'root', diff --git a/modules/openstack/manifests/cloudrepo.pp b/modules/openstack/manifests/cloudrepo.pp index 563ed59..d83318a 100644 --- a/modules/openstack/manifests/cloudrepo.pp +++ b/modules/openstack/manifests/cloudrepo.pp @@ -6,6 +6,7 @@ class openstack::cloudrepo( $version='liberty', ) { + # As of 26/10/2015 we support kilo on trusty (lsb_release -c) if ($::lsbdistcodename == 'trusty') { apt::repository { 'ubuntucloud': diff --git a/modules/openstack/manifests/designate/service.pp b/modules/openstack/manifests/designate/service.pp index 404cba2..3223d6a 100644 --- a/modules/openstack/manifests/designate/service.pp +++ b/modules/openstack/manifests/designate/service.pp @@ -37,14 +37,12 @@ $puppetmaster_hostname_ip = ipresolve($puppetmaster_hostname,4) require_package( -'python-designateclient', 'designate-sink', 'designate-common', 'designate', 'designate-api', 'designate-doc', 'designate-central', -'python-novaclient' ) file { '/usr/lib/python2.7/dist-packages/wmf_sink': diff --git a/modules/openstack/manifests/nova/common.pp b/modules/openstack/manifests/nova/common.pp index 5be8d5b..affa993 100644 --- a/modules/openstack/manifests/nova/common.pp +++ b/modules/openstack/manifests/nova/common.pp @@ -37,7 +37,10 @@ 'bridge-utils', 'nova-common', ] -require_package($packages) + +package { $packages: +ensure => 'present', +} # For some reason the Mitaka nova-common package installs # a logrotate rule for nova/*.log and also a nova/nova-manage.log. diff --git a/modules/openstack/manifests/util/admin_scripts.pp b/modules/openstack/manifests/util/admin_scripts.pp index 88ace00..f29a172 100644 --- a/modules/openstack/manifests/util/admin_scripts.pp +++ b/modules/openstack/manifests/util/admin_scripts.pp @@ -3,11 +3,13 @@ $version, ) { -require_package('nova-common') +require
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: cloud repo explicit apt-key update and apt-get u...
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398088 ) Change subject: openstack: cloud repo explicit apt-key update and apt-get update .. openstack: cloud repo explicit apt-key update and apt-get update At the moment this throws errors for untrusted packages via the cloudrepo. Theory is an apt-key update and following apt-get update inline will resolve. Bug: T171494 Change-Id: I1461ff56d5907e76034be362094a8adecdc92897 --- M modules/openstack/manifests/cloudrepo.pp 1 file changed, 11 insertions(+), 1 deletion(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/cloudrepo.pp b/modules/openstack/manifests/cloudrepo.pp index 0eefde0..563ed59 100644 --- a/modules/openstack/manifests/cloudrepo.pp +++ b/modules/openstack/manifests/cloudrepo.pp @@ -12,8 +12,18 @@ uri=> 'http://ubuntu-cloud.archive.canonical.com/ubuntu', dist => "trusty-updates/${version}", components => 'main', -keyfile=> 'puppet:///modules/openstack/cloudrepo/ubuntu-cloud.key'; +keyfile=> 'puppet:///modules/openstack/cloudrepo/ubuntu-cloud.key', +notify => Exec['apt_key_and_update']; } + +# First installs can trip without this +# seeing the mid-run repo as untrusted +exec {'apt_key_and_update': +command => '/usr/bin/apt-key update && /usr/bin/apt-get update', +refreshonly => true, +logoutput => true, +} + } elsif os_version('debian jessie') and ($version != 'liberty') { fail("T169099: There is no plan for ${version} on Jessie") } -- To view, visit https://gerrit.wikimedia.org/r/398088 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1461ff56d5907e76034be362094a8adecdc92897 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: cloud repo explicit apt-key update and apt-get u...
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398088 ) Change subject: openstack: cloud repo explicit apt-key update and apt-get update .. openstack: cloud repo explicit apt-key update and apt-get update At the moment this throws errors for untrusted packages via the cloudrepo. Theory is an apt-key update and following apt-get update inline will resolve. Bug: T171494 Change-Id: I1461ff56d5907e76034be362094a8adecdc92897 --- M modules/openstack/manifests/cloudrepo.pp 1 file changed, 10 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/88/398088/1 diff --git a/modules/openstack/manifests/cloudrepo.pp b/modules/openstack/manifests/cloudrepo.pp index 0eefde0..1063832 100644 --- a/modules/openstack/manifests/cloudrepo.pp +++ b/modules/openstack/manifests/cloudrepo.pp @@ -13,7 +13,17 @@ dist => "trusty-updates/${version}", components => 'main', keyfile=> 'puppet:///modules/openstack/cloudrepo/ubuntu-cloud.key'; +notify => Exec['apt_key_and_update'], } + +# First installs can trip without this +# seeing the mid-run repo as untrusted +exec {'apt_key_and_update': +command => '/usr/bin/apt-key update && /usr/bin/apt-get update', +refreshonly => true, +logoutput => true, +} + } elsif os_version('debian jessie') and ($version != 'liberty') { fail("T169099: There is no plan for ${version} on Jessie") } -- To view, visit https://gerrit.wikimedia.org/r/398088 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1461ff56d5907e76034be362094a8adecdc92897 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain classes for dependency handling
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/397903 ) Change subject: openstack: contain classes for dependency handling .. openstack: contain classes for dependency handling Bug: T171494 Change-Id: I6db063a930517dbc5059dad781488025782cc89e --- M modules/profile/manifests/openstack/base/clientlib.pp M modules/profile/manifests/openstack/base/cloudrepo.pp M modules/profile/manifests/openstack/base/designate/service.pp M modules/profile/manifests/openstack/base/glance.pp M modules/profile/manifests/openstack/base/horizon/dashboard.pp M modules/profile/manifests/openstack/base/keystone/hooks.pp M modules/profile/manifests/openstack/base/keystone/service.pp M modules/profile/manifests/openstack/base/nova/common.pp M modules/profile/manifests/openstack/base/pdns/dns_floating_ip_updater.pp M modules/profile/manifests/openstack/base/rabbitmq.pp M modules/profile/manifests/openstack/labtestn/designate/service.pp M modules/profile/manifests/openstack/labtestn/glance.pp M modules/profile/manifests/openstack/labtestn/keystone/service.pp M modules/profile/manifests/openstack/labtestn/nova/common.pp M modules/profile/manifests/openstack/labtestn/rabbitmq.pp 15 files changed, 28 insertions(+), 5 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/base/clientlib.pp b/modules/profile/manifests/openstack/base/clientlib.pp index 87bfc5d..30aea86 100644 --- a/modules/profile/manifests/openstack/base/clientlib.pp +++ b/modules/profile/manifests/openstack/base/clientlib.pp @@ -2,9 +2,11 @@ $version = hiera('profile::openstack::base::version'), ) { -class {'openstack::clientlib': +class {'::openstack::clientlib': version => $version } +contain '::openstack::clientlib' -class {'openstack::common':} +class {'::openstack::common':} +contain '::openstack::common' } diff --git a/modules/profile/manifests/openstack/base/cloudrepo.pp b/modules/profile/manifests/openstack/base/cloudrepo.pp index 5fbe658..1f1904e 100644 --- a/modules/profile/manifests/openstack/base/cloudrepo.pp +++ b/modules/profile/manifests/openstack/base/cloudrepo.pp @@ -4,4 +4,5 @@ class { '::openstack::cloudrepo': version => $version, } +contain '::openstack::cloudrepo' } diff --git a/modules/profile/manifests/openstack/base/designate/service.pp b/modules/profile/manifests/openstack/base/designate/service.pp index b6169c0..c0bc23b 100644 --- a/modules/profile/manifests/openstack/base/designate/service.pp +++ b/modules/profile/manifests/openstack/base/designate/service.pp @@ -57,6 +57,7 @@ keystone_public_port => $keystone_public_port, keystone_auth_port => $keystone_auth_port, } +contain '::openstack::designate::service' # Open designate API to Labs web UIs and the commandline on labcontrol ferm::rule { 'designate-api': diff --git a/modules/profile/manifests/openstack/base/glance.pp b/modules/profile/manifests/openstack/base/glance.pp index c98d27b..90835b0 100644 --- a/modules/profile/manifests/openstack/base/glance.pp +++ b/modules/profile/manifests/openstack/base/glance.pp @@ -17,7 +17,7 @@ $keystone_admin_uri = "http://${nova_controller}:${auth_port}; $keystone_public_uri = "http://${nova_controller}:${public_port}; -class { 'openstack::glance::service': +class { '::openstack::glance::service': version => $version, active => $::fqdn == $nova_controller, keystone_admin_uri => $keystone_admin_uri, @@ -31,6 +31,7 @@ glance_data => $glance_data, glance_image_dir=> $glance_image_dir, } +contain '::openstack::glance::service' include ::network::constants $prod_networks = join($network::constants::production_networks, ' ') diff --git a/modules/profile/manifests/openstack/base/horizon/dashboard.pp b/modules/profile/manifests/openstack/base/horizon/dashboard.pp index 0f12da3..82fdd76 100644 --- a/modules/profile/manifests/openstack/base/horizon/dashboard.pp +++ b/modules/profile/manifests/openstack/base/horizon/dashboard.pp @@ -9,7 +9,7 @@ ) { # TODO: Add openstack::util::envscripts during profile conversion -class { 'openstack::horizon::service': +class { '::openstack::horizon::service': version => $version, nova_controller => $nova_controller, wmflabsdotorg_admin => $wmflabsdotorg_admin, @@ -18,11 +18,13 @@ ldap_user_pass => $ldap_user_pass, webserver_hostname => $webserver_hostname, } +contain '::openstack::horizon::service' # require => Class['openstack::horizon::service'], class {'::openstack::horizon::puppetpanel': version => $version, } +contain
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain classes for dependency handling
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/397903 ) Change subject: openstack: contain classes for dependency handling .. openstack: contain classes for dependency handling Bug: T171494 Change-Id: I6db063a930517dbc5059dad781488025782cc89e --- M modules/profile/manifests/openstack/base/clientlib.pp M modules/profile/manifests/openstack/base/cloudrepo.pp M modules/profile/manifests/openstack/base/designate/service.pp M modules/profile/manifests/openstack/base/glance.pp M modules/profile/manifests/openstack/base/horizon/dashboard.pp M modules/profile/manifests/openstack/base/keystone/hooks.pp M modules/profile/manifests/openstack/base/keystone/service.pp M modules/profile/manifests/openstack/base/nodepool/service.pp M modules/profile/manifests/openstack/base/nova/common.pp M modules/profile/manifests/openstack/base/pdns/dns_floating_ip_updater.pp M modules/profile/manifests/openstack/base/rabbitmq.pp M modules/profile/manifests/openstack/labtestn/designate/service.pp M modules/profile/manifests/openstack/labtestn/glance.pp M modules/profile/manifests/openstack/labtestn/keystone/service.pp M modules/profile/manifests/openstack/labtestn/nova/common.pp M modules/profile/manifests/openstack/labtestn/rabbitmq.pp 16 files changed, 29 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/03/397903/1 diff --git a/modules/profile/manifests/openstack/base/clientlib.pp b/modules/profile/manifests/openstack/base/clientlib.pp index 87bfc5d..30aea86 100644 --- a/modules/profile/manifests/openstack/base/clientlib.pp +++ b/modules/profile/manifests/openstack/base/clientlib.pp @@ -2,9 +2,11 @@ $version = hiera('profile::openstack::base::version'), ) { -class {'openstack::clientlib': +class {'::openstack::clientlib': version => $version } +contain '::openstack::clientlib' -class {'openstack::common':} +class {'::openstack::common':} +contain '::openstack::common' } diff --git a/modules/profile/manifests/openstack/base/cloudrepo.pp b/modules/profile/manifests/openstack/base/cloudrepo.pp index 5fbe658..1f1904e 100644 --- a/modules/profile/manifests/openstack/base/cloudrepo.pp +++ b/modules/profile/manifests/openstack/base/cloudrepo.pp @@ -4,4 +4,5 @@ class { '::openstack::cloudrepo': version => $version, } +contain '::openstack::cloudrepo' } diff --git a/modules/profile/manifests/openstack/base/designate/service.pp b/modules/profile/manifests/openstack/base/designate/service.pp index b6169c0..c0bc23b 100644 --- a/modules/profile/manifests/openstack/base/designate/service.pp +++ b/modules/profile/manifests/openstack/base/designate/service.pp @@ -57,6 +57,7 @@ keystone_public_port => $keystone_public_port, keystone_auth_port => $keystone_auth_port, } +contain '::openstack::designate::service' # Open designate API to Labs web UIs and the commandline on labcontrol ferm::rule { 'designate-api': diff --git a/modules/profile/manifests/openstack/base/glance.pp b/modules/profile/manifests/openstack/base/glance.pp index c98d27b..90835b0 100644 --- a/modules/profile/manifests/openstack/base/glance.pp +++ b/modules/profile/manifests/openstack/base/glance.pp @@ -17,7 +17,7 @@ $keystone_admin_uri = "http://${nova_controller}:${auth_port}; $keystone_public_uri = "http://${nova_controller}:${public_port}; -class { 'openstack::glance::service': +class { '::openstack::glance::service': version => $version, active => $::fqdn == $nova_controller, keystone_admin_uri => $keystone_admin_uri, @@ -31,6 +31,7 @@ glance_data => $glance_data, glance_image_dir=> $glance_image_dir, } +contain '::openstack::glance::service' include ::network::constants $prod_networks = join($network::constants::production_networks, ' ') diff --git a/modules/profile/manifests/openstack/base/horizon/dashboard.pp b/modules/profile/manifests/openstack/base/horizon/dashboard.pp index 0f12da3..82fdd76 100644 --- a/modules/profile/manifests/openstack/base/horizon/dashboard.pp +++ b/modules/profile/manifests/openstack/base/horizon/dashboard.pp @@ -9,7 +9,7 @@ ) { # TODO: Add openstack::util::envscripts during profile conversion -class { 'openstack::horizon::service': +class { '::openstack::horizon::service': version => $version, nova_controller => $nova_controller, wmflabsdotorg_admin => $wmflabsdotorg_admin, @@ -18,11 +18,13 @@ ldap_user_pass => $ldap_user_pass, webserver_hostname => $webserver_hostname, } +contain '::openstack::horizon::service' # require => Class['openstack::horizon::service'], class {'::openstack::horizon::puppetpanel':
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain relationship for needed classes
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/397874 ) Change subject: openstack: contain relationship for needed classes .. openstack: contain relationship for needed classes Dependency and nested classes is not implicit. Bug: T171494 Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305 --- M modules/profile/manifests/openstack/labtestn/clientlib.pp M modules/profile/manifests/openstack/labtestn/cloudrepo.pp M modules/profile/manifests/openstack/labtestn/observerenv.pp 3 files changed, 4 insertions(+), 1 deletion(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/manifests/openstack/labtestn/clientlib.pp b/modules/profile/manifests/openstack/labtestn/clientlib.pp index c21be9e..3b5f0be 100644 --- a/modules/profile/manifests/openstack/labtestn/clientlib.pp +++ b/modules/profile/manifests/openstack/labtestn/clientlib.pp @@ -6,4 +6,5 @@ class {'profile::openstack::base::clientlib': version => $version } +contain 'profile::openstack::base::clientlib' } diff --git a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp index 50cfb97..5e3e1e3 100644 --- a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp +++ b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp @@ -4,4 +4,5 @@ class { '::profile::openstack::base::cloudrepo': version => $version } +contain '::profile::openstack::base::cloudrepo' } diff --git a/modules/profile/manifests/openstack/labtestn/observerenv.pp b/modules/profile/manifests/openstack/labtestn/observerenv.pp index c72dbf2..c52e388 100644 --- a/modules/profile/manifests/openstack/labtestn/observerenv.pp +++ b/modules/profile/manifests/openstack/labtestn/observerenv.pp @@ -3,8 +3,9 @@ $observer_password = hiera('profile::openstack::labtestn::observer_password'), ) { -class {'profile::openstack::base::observerenv': +class {'::profile::openstack::base::observerenv': nova_controller => $nova_controller, observer_password => $observer_password, } +contain '::profile::openstack::base::observerenv' } -- To view, visit https://gerrit.wikimedia.org/r/397874 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: contain relationship for needed classes
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/397874 ) Change subject: openstack: contain relationship for needed classes .. openstack: contain relationship for needed classes Dependency and nested classes is not implicit. Bug: T171494 Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305 --- M modules/profile/manifests/openstack/labtestn/clientlib.pp M modules/profile/manifests/openstack/labtestn/cloudrepo.pp M modules/profile/manifests/openstack/labtestn/observerenv.pp 3 files changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/74/397874/1 diff --git a/modules/profile/manifests/openstack/labtestn/clientlib.pp b/modules/profile/manifests/openstack/labtestn/clientlib.pp index c21be9e..3b5f0be 100644 --- a/modules/profile/manifests/openstack/labtestn/clientlib.pp +++ b/modules/profile/manifests/openstack/labtestn/clientlib.pp @@ -6,4 +6,5 @@ class {'profile::openstack::base::clientlib': version => $version } +contain 'profile::openstack::base::clientlib' } diff --git a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp index 50cfb97..5e3e1e3 100644 --- a/modules/profile/manifests/openstack/labtestn/cloudrepo.pp +++ b/modules/profile/manifests/openstack/labtestn/cloudrepo.pp @@ -4,4 +4,5 @@ class { '::profile::openstack::base::cloudrepo': version => $version } +contain '::profile::openstack::base::cloudrepo' } diff --git a/modules/profile/manifests/openstack/labtestn/observerenv.pp b/modules/profile/manifests/openstack/labtestn/observerenv.pp index c72dbf2..c52e388 100644 --- a/modules/profile/manifests/openstack/labtestn/observerenv.pp +++ b/modules/profile/manifests/openstack/labtestn/observerenv.pp @@ -3,8 +3,9 @@ $observer_password = hiera('profile::openstack::labtestn::observer_password'), ) { -class {'profile::openstack::base::observerenv': +class {'::profile::openstack::base::observerenv': nova_controller => $nova_controller, observer_password => $observer_password, } +contain '::profile::openstack::base::observerenv' } -- To view, visit https://gerrit.wikimedia.org/r/397874 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iba783e5684cdb56b1aa5286e40d0745a33081305 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: first install control node dependency issues
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/397835 ) Change subject: openstack: first install control node dependency issues .. openstack: first install control node dependency issues Bug: T171494 Change-Id: I8721ec4b59745b9926759249cb9af9e8eaafae0b --- M modules/openstack/manifests/keystone/service.pp M modules/rabbitmq/manifests/init.pp 2 files changed, 50 insertions(+), 28 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index 36eae9a..bbbdce7 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -35,13 +35,25 @@ $labs_networks = $network::constants::labs_networks package { 'keystone': -ensure => present, +ensure => 'present', } + package { 'python-oath': -ensure => present, +ensure => 'present', } + package { 'python-mysql.connector': -ensure => present, +ensure => 'present', +} + +group {'keystone': +ensure => 'present', +require => Package['keystone'], +} + +user {'keystone': +ensure => 'present', +require => Package['keystone'], } if $token_driver == 'redis' { @@ -52,37 +64,43 @@ file { '/var/log/keystone': -ensure => directory, -owner => 'keystone', -group => 'www-data', -mode => '0775'; +ensure => 'directory', +owner => 'keystone', +group => 'www-data', +mode=> '0775', +require => Package['keystone']; '/etc/keystone': -ensure => directory, -owner => 'keystone', -group => 'keystone', -mode => '0755'; +ensure => 'directory', +owner => 'keystone', +group => 'keystone', +mode=> '0755', +require => Package['keystone']; '/etc/keystone/keystone.conf': -content => template("openstack/${version}/keystone/keystone.conf.erb"), +ensure => 'present', owner => 'keystone', group => 'keystone', mode=> '0444', +content => template("openstack/${version}/keystone/keystone.conf.erb"), notify => Service['keystone'], require => Package['keystone']; '/etc/keystone/keystone-paste.ini': -source => "puppet:///modules/openstack/${version}/keystone/keystone-paste.ini", +ensure => 'present', owner => 'root', group => 'root', mode=> '0644', +source => "puppet:///modules/openstack/${version}/keystone/keystone-paste.ini", notify => Service['keystone'], require => Package['keystone']; '/etc/keystone/policy.json': -source => "puppet:///modules/openstack/${version}/keystone/policy.json", +ensure => 'present', mode=> '0644', owner => 'root', group => 'root', +source => "puppet:///modules/openstack/${version}/keystone/policy.json", notify => Service['keystone'], require => Package['keystone']; '/etc/keystone/logging.conf': +ensure => 'present', source => "puppet:///modules/openstack/${version}/keystone/logging.conf", owner => 'root', group => 'root', @@ -90,13 +108,15 @@ notify => Service['keystone'], require => Package['keystone']; '/usr/lib/python2.7/dist-packages/wmfkeystoneauth': -source => "puppet:///modules/openstack/${version}/keystone/wmfkeystoneauth", +ensure => 'present', owner => 'root', group => 'root', mode=> '0644', +source => "puppet:///modules/openstack/${version}/keystone/wmfkeystoneauth", notify => Service['keystone'], recurse => true; '/usr/lib/python2.7/dist-packages/wmfkeystoneauth.egg-info': +ensure => 'present', source => "puppet:///modules/openstack/${version}/keystone/wmfkeystoneauth.egg-info", owner => 'root', group => 'root', diff --git a/modules/rabbitmq/manifests/init.pp b/modules/rabbitmq/manifests/init.pp index 3742638..f102954 100644 --- a/modules/rabbitmq/manifests/init.pp +++ b/modules/rabbitmq/manifests/init.pp @@ -22,11 +22,11 @@ ) { package { [ 'rabbitmq-server' ]: -ensure => present, +ensure => 'present', } file { '/etc/default/rabbitmq-server': -ensure => present, +
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: first control node dependency issues
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/397835 ) Change subject: openstack: first control node dependency issues .. openstack: first control node dependency issues Bug: T171494 Change-Id: I8721ec4b59745b9926759249cb9af9e8eaafae0b --- M modules/openstack/manifests/keystone/service.pp M modules/rabbitmq/manifests/init.pp 2 files changed, 33 insertions(+), 12 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/35/397835/1 diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index 36eae9a..9e0ef17 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -35,13 +35,30 @@ $labs_networks = $network::constants::labs_networks package { 'keystone': -ensure => present, +ensure => 'present', } + package { 'python-oath': -ensure => present, +ensure => 'present', } + package { 'python-mysql.connector': -ensure => present, +ensure => 'present', +} + +group {'keystone': +ensure => 'present', +require => Package['keystone'], +} + +user {'keystone': +ensure => 'present', +require => Package['keystone'], +} + +user {'keystone': +ensure => 'present', +require => Group['keystone'], } if $token_driver == 'redis' { @@ -52,15 +69,17 @@ file { '/var/log/keystone': -ensure => directory, -owner => 'keystone', -group => 'www-data', -mode => '0775'; +ensure => directory, +owner => 'keystone', +group => 'www-data', +mode=> '0775'; +require => Package['keystone']; '/etc/keystone': ensure => directory, owner => 'keystone', group => 'keystone', mode => '0755'; +require => Package['keystone']; '/etc/keystone/keystone.conf': content => template("openstack/${version}/keystone/keystone.conf.erb"), owner => 'keystone', diff --git a/modules/rabbitmq/manifests/init.pp b/modules/rabbitmq/manifests/init.pp index 3742638..553a871 100644 --- a/modules/rabbitmq/manifests/init.pp +++ b/modules/rabbitmq/manifests/init.pp @@ -22,11 +22,11 @@ ) { package { [ 'rabbitmq-server' ]: -ensure => present, +ensure => 'present', } file { '/etc/default/rabbitmq-server': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode=> '0444', @@ -36,19 +36,21 @@ } file { '/usr/local/sbin/rabbitmqadmin': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode => '0655', source => 'puppet:///modules/rabbitmq/rabbitmqadmin', +require => Package['rabbitmq-server'], } file { '/etc/rabbitmq/rabbitmq.config': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode => '0444', source => 'puppet:///modules/rabbitmq/rabbitmq.config', +require => Package['rabbitmq-server'], } service { 'rabbitmq-server': @@ -57,7 +59,7 @@ } file { '/usr/local/sbin/drain_queue': -ensure => present, +ensure => 'present', owner => 'root', group => 'root', mode => '0655', -- To view, visit https://gerrit.wikimedia.org/r/397835 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8721ec4b59745b9926759249cb9af9e8eaafae0b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: toolforge: bastion local throttling
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/394506 ) Change subject: toolforge: bastion local throttling .. toolforge: bastion local throttling Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943 --- M modules/toollabs/manifests/bastion.pp 1 file changed, 8 insertions(+), 0 deletions(-) Approvals: Rush: Looks good to me, approved BryanDavis: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/modules/toollabs/manifests/bastion.pp b/modules/toollabs/manifests/bastion.pp index 633038f..2b91e7d 100644 --- a/modules/toollabs/manifests/bastion.pp +++ b/modules/toollabs/manifests/bastion.pp @@ -72,6 +72,8 @@ }, }, rules => [ +'*:/usr/bin/php cpu /scripts', +'% memory /scripts', '*:/usr/bin/rubycpu /scripts', '% memory /scripts', '*:/usr/bin/ruby1.9.1 cpu /scripts', @@ -92,8 +94,12 @@ '% memory /scripts', '*:/usr/bin/tclsh8.6cpu /scripts', '% memory /scripts', +'*:/usr/bin/tclsh8.7cpu /scripts', +'% memory /scripts', '*:/shared/bin/node cpu /scripts', '% memory /scripts', +'*:/data/project/shared/tcl/bin/tclsh8.7cpu /scripts', +'% memory /scripts', ], } @@ -112,6 +118,8 @@ '*:/usr/bin/vim.diff memory /utilities', '*:/usr/bin/vim.tiny memory /utilities', '*:/usr/bin/nano memory /utilities', +'*:/usr/bin/unzip cpu /utilities', +'%memory /utilities', '*:/bin/tar cpu /utilities', '%memory /utilities', '*:/bin/bzip2 cpu /utilities', -- To view, visit https://gerrit.wikimedia.org/r/394506 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: BryanDavis Gerrit-Reviewer: Coren Gerrit-Reviewer: Merlijn van Deen Gerrit-Reviewer: Rush Gerrit-Reviewer: Yuvipanda Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: toolforge: bastion local throttling
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/394506 ) Change subject: toolforge: bastion local throttling .. toolforge: bastion local throttling Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943 --- M modules/toollabs/manifests/bastion.pp 1 file changed, 8 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/06/394506/1 diff --git a/modules/toollabs/manifests/bastion.pp b/modules/toollabs/manifests/bastion.pp index 633038f..2b91e7d 100644 --- a/modules/toollabs/manifests/bastion.pp +++ b/modules/toollabs/manifests/bastion.pp @@ -72,6 +72,8 @@ }, }, rules => [ +'*:/usr/bin/php cpu /scripts', +'% memory /scripts', '*:/usr/bin/rubycpu /scripts', '% memory /scripts', '*:/usr/bin/ruby1.9.1 cpu /scripts', @@ -92,8 +94,12 @@ '% memory /scripts', '*:/usr/bin/tclsh8.6cpu /scripts', '% memory /scripts', +'*:/usr/bin/tclsh8.7cpu /scripts', +'% memory /scripts', '*:/shared/bin/node cpu /scripts', '% memory /scripts', +'*:/data/project/shared/tcl/bin/tclsh8.7cpu /scripts', +'% memory /scripts', ], } @@ -112,6 +118,8 @@ '*:/usr/bin/vim.diff memory /utilities', '*:/usr/bin/vim.tiny memory /utilities', '*:/usr/bin/nano memory /utilities', +'*:/usr/bin/unzip cpu /utilities', +'%memory /utilities', '*:/bin/tar cpu /utilities', '%memory /utilities', '*:/bin/bzip2 cpu /utilities', -- To view, visit https://gerrit.wikimedia.org/r/394506 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I93bdaf82a0d1ff8f01fccc1b2d6156338db06943 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: base: qualify syslogs::readable defined type call
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/394377 ) Change subject: base: qualify syslogs::readable defined type call .. base: qualify syslogs::readable defined type call seems to be needed for puppet4 on master Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0 --- M modules/base/manifests/syslogs.pp 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Andrew Bogott: Looks good to me, but someone else must approve Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/base/manifests/syslogs.pp b/modules/base/manifests/syslogs.pp index c5b83f3..93ddbd3 100644 --- a/modules/base/manifests/syslogs.pp +++ b/modules/base/manifests/syslogs.pp @@ -5,6 +5,6 @@ ) { if $readable == true { -syslogs::readable { $logfiles: } +base::syslogs::readable { $logfiles: } } } -- To view, visit https://gerrit.wikimedia.org/r/394377 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0 Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: Gehel Gerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: base: seems to be needed for puppet4 on master
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/394377 ) Change subject: base: seems to be needed for puppet4 on master .. base: seems to be needed for puppet4 on master Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0 --- M modules/base/manifests/syslogs.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/77/394377/1 diff --git a/modules/base/manifests/syslogs.pp b/modules/base/manifests/syslogs.pp index c5b83f3..93ddbd3 100644 --- a/modules/base/manifests/syslogs.pp +++ b/modules/base/manifests/syslogs.pp @@ -5,6 +5,6 @@ ) { if $readable == true { -syslogs::readable { $logfiles: } +base::syslogs::readable { $logfiles: } } } -- To view, visit https://gerrit.wikimedia.org/r/394377 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4aaa62d53504c7c4e74fe4db14f98fc2fd2c4cf0 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: wip: toolforge: follow attended upgrade process
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/394200 ) Change subject: wip: toolforge: follow attended upgrade process .. wip: toolforge: follow attended upgrade process relies on changeset 392421 Bug: T181647 Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111 --- M hieradata/labs.yaml M hieradata/labs/tools/common.yaml M modules/apt/manifests/unattendedupgrades.pp M modules/profile/manifests/base/labs.pp 4 files changed, 25 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/00/394200/1 diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index 9cbccbf..f5582bf 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -17,6 +17,8 @@ recursor: 'labs-recursor0.wikimedia.org' recursor_secondary: 'labs-recursor1.wikimedia.org' +profile::base::labs::unattended_distro: true +profile::base::labs::unattended_wmf: true profile::openstack::main::version: 'liberty' profile::openstack::base::region: "%{::site}" profile::openstack::main::nova_controller: 'labcontrol1001.wikimedia.org' diff --git a/hieradata/labs/tools/common.yaml b/hieradata/labs/tools/common.yaml index c62e87a..6e5eb3f 100644 --- a/hieradata/labs/tools/common.yaml +++ b/hieradata/labs/tools/common.yaml @@ -1,3 +1,6 @@ +profile::base::labs::unattended_distro: false +profile::base::labs::unattended_wmf: false + "profile::base::core_dump_pattern": core classes: - role::aptly::client diff --git a/modules/apt/manifests/unattendedupgrades.pp b/modules/apt/manifests/unattendedupgrades.pp index c02745c..41fafe4 100644 --- a/modules/apt/manifests/unattendedupgrades.pp +++ b/modules/apt/manifests/unattendedupgrades.pp @@ -1,13 +1,17 @@ -class apt::unattendedupgrades($ensure=present) { +class apt::unattendedupgrades( +$unattended_distro=true, +$unattended_wmf=true, +) { + # package installation should enable security upgrades by default package { 'unattended-upgrades': -ensure => $ensure, +ensure => 'present', } # dpkg tries to determine the most conservative default action in case of # conffile conflict. This tells dpkg to use that action without asking apt::conf { 'dpkg-force-confdef': -ensure => present, +ensure => 'present', priority => '00', key => 'Dpkg::Options::', value=> '--force-confdef', @@ -16,20 +20,21 @@ # In case of conffile conflicts, tell dpkg to keep the old conffile without # asking apt::conf { 'dpkg-force-confold': -ensure => present, +ensure => 'present', priority => '00', key => 'Dpkg::Options::', value=> '--force-confold', } apt::conf { 'auto-upgrades': -ensure => $ensure, +ensure => $unattended_distro, priority => '20', key => 'APT::Periodic::Unattended-Upgrade', value=> '1', } apt::conf { 'unattended-upgrades-wikimedia': +ensure => $unattended_wmf, priority => '51', # Key with trailing '::' to append to potentially existing entry key => 'Unattended-Upgrade::Origins-Pattern::', diff --git a/modules/profile/manifests/base/labs.pp b/modules/profile/manifests/base/labs.pp index 23816b3..c028c3f 100644 --- a/modules/profile/manifests/base/labs.pp +++ b/modules/profile/manifests/base/labs.pp @@ -1,4 +1,13 @@ -class profile::base::labs { +class profile::base::labs( +$unattended_distro = hiera('profile::base::labs::unattended_distro'), +$unattended_wmf = hiera('profile::base::labs::unattended_wmf), +) { + +class {'::apt::unattendedupgrades': +unattended_distro => $unattended_distro, +unattended_wmf=> $unattended_wmf, +} + include ::apt::unattendedupgrades include ::apt::noupgrade -- To view, visit https://gerrit.wikimedia.org/r/394200 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id9e95a58860a0ef786324d62020347bf01a36111 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: bootstrapvz: add nbd-client package
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/393853 ) Change subject: bootstrapvz: add nbd-client package .. bootstrapvz: add nbd-client package For using qemu-nbd to inspect generated images Change-Id: I85432c9930099f5206eaabdda901b0116e57820e --- M modules/labs_bootstrapvz/manifests/init.pp 1 file changed, 4 insertions(+), 0 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/labs_bootstrapvz/manifests/init.pp b/modules/labs_bootstrapvz/manifests/init.pp index f7646ea..fb7098b 100644 --- a/modules/labs_bootstrapvz/manifests/init.pp +++ b/modules/labs_bootstrapvz/manifests/init.pp @@ -1,5 +1,9 @@ class labs_bootstrapvz() { +package { 'nbd-client': +ensure => 'present', +} + package { 'bootstrap-vz': ensure => present, } -- To view, visit https://gerrit.wikimedia.org/r/393853 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I85432c9930099f5206eaabdda901b0116e57820e Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: RushGerrit-Reviewer: Rush Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: bootstrapvz: add nbd-client package
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/393853 ) Change subject: bootstrapvz: add nbd-client package .. bootstrapvz: add nbd-client package For using qemu-nbd to inspect generated images Change-Id: I85432c9930099f5206eaabdda901b0116e57820e --- M modules/labs_bootstrapvz/manifests/init.pp 1 file changed, 4 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/53/393853/1 diff --git a/modules/labs_bootstrapvz/manifests/init.pp b/modules/labs_bootstrapvz/manifests/init.pp index f7646ea..fb7098b 100644 --- a/modules/labs_bootstrapvz/manifests/init.pp +++ b/modules/labs_bootstrapvz/manifests/init.pp @@ -1,5 +1,9 @@ class labs_bootstrapvz() { +package { 'nbd-client': +ensure => 'present', +} + package { 'bootstrap-vz': ensure => present, } -- To view, visit https://gerrit.wikimedia.org/r/393853 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I85432c9930099f5206eaabdda901b0116e57820e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "openstack: disable notify temporarily"
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/393615 ) Change subject: Revert "openstack: disable notify temporarily" .. Revert "openstack: disable notify temporarily" This reverts commit 19429745a6f776fb319091b5d3ef39adc5d5102d. Change-Id: If1026465c6a3e335c3d7bce7f263aed057179800 --- M modules/openstack/manifests/designate/service.pp M modules/openstack/manifests/glance/service.pp M modules/openstack/manifests/horizon/service.pp M modules/openstack/manifests/keystone/hooks.pp M modules/openstack/manifests/keystone/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/network/service.pp M modules/openstack/manifests/nova/scheduler/service.pp M modules/profile/manifests/openstack/base/pdns/recursor/service.pp 9 files changed, 37 insertions(+), 0 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/designate/service.pp b/modules/openstack/manifests/designate/service.pp index b209f23..404cba2 100644 --- a/modules/openstack/manifests/designate/service.pp +++ b/modules/openstack/manifests/designate/service.pp @@ -85,23 +85,27 @@ group => 'designate', mode=> '0440', content => template("openstack/${version}/designate/designate.conf.erb"), +notify => Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'], require => Package['designate-common']; '/etc/designate/api-paste.ini': content => template("openstack/${version}/designate/api-paste.ini.erb"), owner => 'designate', group => 'designate', +notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-api'], mode=> '0440'; '/etc/designate/policy.json': source => "puppet:///modules/openstack/${version}/designate/policy.json", owner => 'designate', group => 'designate', +notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; '/etc/designate/rootwrap.conf': source => "puppet:///modules/openstack/${version}/designate/rootwrap.conf", owner => 'root', group => 'root', +notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; } @@ -138,6 +142,7 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-pool-manager.upstart.erb'), +notify => Service['designate-pool-manager'], } file {'/etc/init/designate-mdns.conf': @@ -146,6 +151,7 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-mdns.upstart.erb'), +notify => Service['designate-mdns'], } # include rootwrap.d entries diff --git a/modules/openstack/manifests/glance/service.pp b/modules/openstack/manifests/glance/service.pp index 375507a..5c2d4e8 100644 --- a/modules/openstack/manifests/glance/service.pp +++ b/modules/openstack/manifests/glance/service.pp @@ -40,18 +40,21 @@ owner => 'glance', group => 'nogroup', mode=> '0440', +notify => Service['glance-api'], require => Package['glance']; '/etc/glance/glance-registry.conf': content => template("openstack/${version}/glance/glance-registry.conf.erb"), owner => 'glance', group => 'nogroup', mode=> '0440', +notify => Service['glance-registry'], require => Package['glance']; '/etc/glance/policy.json': source => "puppet:///modules/openstack/${version}/glance/policy.json", owner => 'root', group => 'root', mode=> '0644', +notify => Service['glance-api'], require => Package['glance']; } diff --git a/modules/openstack/manifests/horizon/service.pp b/modules/openstack/manifests/horizon/service.pp index 3856143..91241d9 100644 --- a/modules/openstack/manifests/horizon/service.pp +++ b/modules/openstack/manifests/horizon/service.pp @@ -49,6 +49,7 @@ group => 'horizon', mode=> '0440', require => Package['openstack-dashboard'], +notify => [Service['apache2'], Exec['djangorefresh']], } # In the perfect future, Horizon policies will be the same @@ -60,6 +61,7 @@ group => 'horizon', mode=> '0440', require =>
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "openstack: disable notify temporarily"
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/393615 ) Change subject: Revert "openstack: disable notify temporarily" .. Revert "openstack: disable notify temporarily" This reverts commit 19429745a6f776fb319091b5d3ef39adc5d5102d. Change-Id: If1026465c6a3e335c3d7bce7f263aed057179800 --- M modules/openstack/manifests/designate/service.pp M modules/openstack/manifests/glance/service.pp M modules/openstack/manifests/horizon/service.pp M modules/openstack/manifests/keystone/hooks.pp M modules/openstack/manifests/keystone/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/network/service.pp M modules/openstack/manifests/nova/scheduler/service.pp M modules/profile/manifests/openstack/base/pdns/recursor/service.pp 9 files changed, 37 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/15/393615/1 diff --git a/modules/openstack/manifests/designate/service.pp b/modules/openstack/manifests/designate/service.pp index b209f23..404cba2 100644 --- a/modules/openstack/manifests/designate/service.pp +++ b/modules/openstack/manifests/designate/service.pp @@ -85,23 +85,27 @@ group => 'designate', mode=> '0440', content => template("openstack/${version}/designate/designate.conf.erb"), +notify => Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'], require => Package['designate-common']; '/etc/designate/api-paste.ini': content => template("openstack/${version}/designate/api-paste.ini.erb"), owner => 'designate', group => 'designate', +notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-api'], mode=> '0440'; '/etc/designate/policy.json': source => "puppet:///modules/openstack/${version}/designate/policy.json", owner => 'designate', group => 'designate', +notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; '/etc/designate/rootwrap.conf': source => "puppet:///modules/openstack/${version}/designate/rootwrap.conf", owner => 'root', group => 'root', +notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; } @@ -138,6 +142,7 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-pool-manager.upstart.erb'), +notify => Service['designate-pool-manager'], } file {'/etc/init/designate-mdns.conf': @@ -146,6 +151,7 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-mdns.upstart.erb'), +notify => Service['designate-mdns'], } # include rootwrap.d entries diff --git a/modules/openstack/manifests/glance/service.pp b/modules/openstack/manifests/glance/service.pp index 375507a..5c2d4e8 100644 --- a/modules/openstack/manifests/glance/service.pp +++ b/modules/openstack/manifests/glance/service.pp @@ -40,18 +40,21 @@ owner => 'glance', group => 'nogroup', mode=> '0440', +notify => Service['glance-api'], require => Package['glance']; '/etc/glance/glance-registry.conf': content => template("openstack/${version}/glance/glance-registry.conf.erb"), owner => 'glance', group => 'nogroup', mode=> '0440', +notify => Service['glance-registry'], require => Package['glance']; '/etc/glance/policy.json': source => "puppet:///modules/openstack/${version}/glance/policy.json", owner => 'root', group => 'root', mode=> '0644', +notify => Service['glance-api'], require => Package['glance']; } diff --git a/modules/openstack/manifests/horizon/service.pp b/modules/openstack/manifests/horizon/service.pp index 3856143..91241d9 100644 --- a/modules/openstack/manifests/horizon/service.pp +++ b/modules/openstack/manifests/horizon/service.pp @@ -49,6 +49,7 @@ group => 'horizon', mode=> '0440', require => Package['openstack-dashboard'], +notify => [Service['apache2'], Exec['djangorefresh']], } # In the perfect future, Horizon policies will be the same @@ -60,6 +61,7 @@ group => 'horizon', mode=> '0440', require =>
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: disable notify temporarily
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/393600 ) Change subject: openstack: disable notify temporarily .. openstack: disable notify temporarily To be reverted post cleanup. This is a precautionary measure. Bug: T171494 Change-Id: I88300b1321b7286ce7c25c86703bd59630d58a97 --- M modules/openstack/manifests/designate/service.pp M modules/openstack/manifests/glance/service.pp M modules/openstack/manifests/horizon/service.pp M modules/openstack/manifests/keystone/hooks.pp M modules/openstack/manifests/keystone/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/network/service.pp M modules/openstack/manifests/nova/scheduler/service.pp M modules/profile/manifests/openstack/base/pdns/recursor/service.pp 9 files changed, 0 insertions(+), 37 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/manifests/designate/service.pp b/modules/openstack/manifests/designate/service.pp index 404cba2..b209f23 100644 --- a/modules/openstack/manifests/designate/service.pp +++ b/modules/openstack/manifests/designate/service.pp @@ -85,27 +85,23 @@ group => 'designate', mode=> '0440', content => template("openstack/${version}/designate/designate.conf.erb"), -notify => Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'], require => Package['designate-common']; '/etc/designate/api-paste.ini': content => template("openstack/${version}/designate/api-paste.ini.erb"), owner => 'designate', group => 'designate', -notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-api'], mode=> '0440'; '/etc/designate/policy.json': source => "puppet:///modules/openstack/${version}/designate/policy.json", owner => 'designate', group => 'designate', -notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; '/etc/designate/rootwrap.conf': source => "puppet:///modules/openstack/${version}/designate/rootwrap.conf", owner => 'root', group => 'root', -notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; } @@ -142,7 +138,6 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-pool-manager.upstart.erb'), -notify => Service['designate-pool-manager'], } file {'/etc/init/designate-mdns.conf': @@ -151,7 +146,6 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-mdns.upstart.erb'), -notify => Service['designate-mdns'], } # include rootwrap.d entries diff --git a/modules/openstack/manifests/glance/service.pp b/modules/openstack/manifests/glance/service.pp index 5c2d4e8..375507a 100644 --- a/modules/openstack/manifests/glance/service.pp +++ b/modules/openstack/manifests/glance/service.pp @@ -40,21 +40,18 @@ owner => 'glance', group => 'nogroup', mode=> '0440', -notify => Service['glance-api'], require => Package['glance']; '/etc/glance/glance-registry.conf': content => template("openstack/${version}/glance/glance-registry.conf.erb"), owner => 'glance', group => 'nogroup', mode=> '0440', -notify => Service['glance-registry'], require => Package['glance']; '/etc/glance/policy.json': source => "puppet:///modules/openstack/${version}/glance/policy.json", owner => 'root', group => 'root', mode=> '0644', -notify => Service['glance-api'], require => Package['glance']; } diff --git a/modules/openstack/manifests/horizon/service.pp b/modules/openstack/manifests/horizon/service.pp index 91241d9..3856143 100644 --- a/modules/openstack/manifests/horizon/service.pp +++ b/modules/openstack/manifests/horizon/service.pp @@ -49,7 +49,6 @@ group => 'horizon', mode=> '0440', require => Package['openstack-dashboard'], -notify => [Service['apache2'], Exec['djangorefresh']], } # In the perfect future, Horizon policies will be the same @@ -61,7 +60,6 @@ group => 'horizon', mode=> '0440', require =>
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: disable notify temporarily
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/393600 ) Change subject: openstack: disable notify temporarily .. openstack: disable notify temporarily To be reverted post cleanup. This is a precautionary measure. Bug: T171494 Change-Id: I88300b1321b7286ce7c25c86703bd59630d58a97 --- M modules/openstack/manifests/designate/service.pp M modules/openstack/manifests/glance/service.pp M modules/openstack/manifests/horizon/service.pp M modules/openstack/manifests/keystone/hooks.pp M modules/openstack/manifests/keystone/service.pp M modules/openstack/manifests/nova/compute/service.pp M modules/openstack/manifests/nova/network/service.pp M modules/openstack/manifests/nova/scheduler/service.pp M modules/profile/manifests/openstack/base/pdns/recursor/service.pp 9 files changed, 0 insertions(+), 37 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/00/393600/1 diff --git a/modules/openstack/manifests/designate/service.pp b/modules/openstack/manifests/designate/service.pp index 404cba2..b209f23 100644 --- a/modules/openstack/manifests/designate/service.pp +++ b/modules/openstack/manifests/designate/service.pp @@ -85,27 +85,23 @@ group => 'designate', mode=> '0440', content => template("openstack/${version}/designate/designate.conf.erb"), -notify => Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'], require => Package['designate-common']; '/etc/designate/api-paste.ini': content => template("openstack/${version}/designate/api-paste.ini.erb"), owner => 'designate', group => 'designate', -notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-api'], mode=> '0440'; '/etc/designate/policy.json': source => "puppet:///modules/openstack/${version}/designate/policy.json", owner => 'designate', group => 'designate', -notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; '/etc/designate/rootwrap.conf': source => "puppet:///modules/openstack/${version}/designate/rootwrap.conf", owner => 'root', group => 'root', -notify => Service['designate-api','designate-sink','designate-central'], require => Package['designate-common'], mode=> '0440'; } @@ -142,7 +138,6 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-pool-manager.upstart.erb'), -notify => Service['designate-pool-manager'], } file {'/etc/init/designate-mdns.conf': @@ -151,7 +146,6 @@ group => 'root', mode=> '0544', content => template('openstack/initscripts/designate-mdns.upstart.erb'), -notify => Service['designate-mdns'], } # include rootwrap.d entries diff --git a/modules/openstack/manifests/glance/service.pp b/modules/openstack/manifests/glance/service.pp index 5c2d4e8..375507a 100644 --- a/modules/openstack/manifests/glance/service.pp +++ b/modules/openstack/manifests/glance/service.pp @@ -40,21 +40,18 @@ owner => 'glance', group => 'nogroup', mode=> '0440', -notify => Service['glance-api'], require => Package['glance']; '/etc/glance/glance-registry.conf': content => template("openstack/${version}/glance/glance-registry.conf.erb"), owner => 'glance', group => 'nogroup', mode=> '0440', -notify => Service['glance-registry'], require => Package['glance']; '/etc/glance/policy.json': source => "puppet:///modules/openstack/${version}/glance/policy.json", owner => 'root', group => 'root', mode=> '0644', -notify => Service['glance-api'], require => Package['glance']; } diff --git a/modules/openstack/manifests/horizon/service.pp b/modules/openstack/manifests/horizon/service.pp index 91241d9..3856143 100644 --- a/modules/openstack/manifests/horizon/service.pp +++ b/modules/openstack/manifests/horizon/service.pp @@ -49,7 +49,6 @@ group => 'horizon', mode=> '0440', require => Package['openstack-dashboard'], -notify => [Service['apache2'], Exec['djangorefresh']], } # In the perfect future, Horizon policies will be the same @@ -61,7 +60,6 @@ group => 'horizon', mode=> '0440', require =>
[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: remove todo for horizon
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/392861 ) Change subject: openstack: remove todo for horizon .. openstack: remove todo for horizon The util env scripts were here largely through happenstance of tangled nova configurations previously. Bug: Bug: T171494 Change-Id: I87c541a339225b3f141adb61b291d9f2df753a64 --- M modules/profile/manifests/openstack/base/horizon/dashboard.pp 1 file changed, 0 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/61/392861/1 diff --git a/modules/profile/manifests/openstack/base/horizon/dashboard.pp b/modules/profile/manifests/openstack/base/horizon/dashboard.pp index 0f12da3..fed1608 100644 --- a/modules/profile/manifests/openstack/base/horizon/dashboard.pp +++ b/modules/profile/manifests/openstack/base/horizon/dashboard.pp @@ -8,7 +8,6 @@ $webserver_hostname = hiera('profile::openstack::base::horizon::webserver_hostname'), ) { -# TODO: Add openstack::util::envscripts during profile conversion class { 'openstack::horizon::service': version => $version, nova_controller => $nova_controller, -- To view, visit https://gerrit.wikimedia.org/r/392861 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I87c541a339225b3f141adb61b291d9f2df753a64 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] labs/private[master]: openstack: remove labtest per host values
Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/392859 ) Change subject: openstack: remove labtest per host values .. openstack: remove labtest per host values Bug: T171494 Change-Id: If819a071d9f90989919709c44f09331a2300 --- D hieradata/hosts/labtestcontrol2001.yaml D hieradata/hosts/labtestnet2001.yaml D hieradata/hosts/labtestneutron2001.yaml D hieradata/hosts/labtestservices2001.yaml D hieradata/hosts/labtestvirt2001.yaml D hieradata/hosts/labtestweb2001.yaml 6 files changed, 0 insertions(+), 72 deletions(-) Approvals: Rush: Verified; Looks good to me, approved diff --git a/hieradata/hosts/labtestcontrol2001.yaml b/hieradata/hosts/labtestcontrol2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestcontrol2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestnet2001.yaml b/hieradata/hosts/labtestnet2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestnet2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestneutron2001.yaml b/hieradata/hosts/labtestneutron2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestneutron2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestservices2001.yaml b/hieradata/hosts/labtestservices2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestservices2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestvirt2001.yaml b/hieradata/hosts/labtestvirt2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestvirt2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestweb2001.yaml b/hieradata/hosts/labtestweb2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestweb2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' -- To view, visit https://gerrit.wikimedia.org/r/392859 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If819a071d9f90989919709c44f09331a2300 Gerrit-PatchSet: 1 Gerrit-Project: labs/private Gerrit-Branch: master Gerrit-Owner: RushGerrit-Reviewer: Rush ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] labs/private[master]: openstack: remove labtest per host values
Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/392859 ) Change subject: openstack: remove labtest per host values .. openstack: remove labtest per host values Bug: T171494 Change-Id: If819a071d9f90989919709c44f09331a2300 --- D hieradata/hosts/labtestcontrol2001.yaml D hieradata/hosts/labtestnet2001.yaml D hieradata/hosts/labtestneutron2001.yaml D hieradata/hosts/labtestservices2001.yaml D hieradata/hosts/labtestvirt2001.yaml D hieradata/hosts/labtestweb2001.yaml 6 files changed, 0 insertions(+), 72 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/labs/private refs/changes/59/392859/1 diff --git a/hieradata/hosts/labtestcontrol2001.yaml b/hieradata/hosts/labtestcontrol2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestcontrol2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestnet2001.yaml b/hieradata/hosts/labtestnet2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestnet2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestneutron2001.yaml b/hieradata/hosts/labtestneutron2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestneutron2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestservices2001.yaml b/hieradata/hosts/labtestservices2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestservices2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestvirt2001.yaml b/hieradata/hosts/labtestvirt2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestvirt2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' diff --git a/hieradata/hosts/labtestweb2001.yaml b/hieradata/hosts/labtestweb2001.yaml deleted file mode 100644 index a770031..000 --- a/hieradata/hosts/labtestweb2001.yaml +++ /dev/null @@ -1,12 +0,0 @@ -novaconfig: -db_pass: 'lt-ueThe7moh7Hah' -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -keystoneconfig: -ldap_user_pass: 'lt-ueThe7moh7Hah' -ldap_proxyagent_pass: 'lt-Eche0ieng8UaNoo' - -labsldapconfig: - proxypass: 'lt-Eche0ieng8UaNoo' - script_user_pass: 'lt-ueThe7moh7Hah' -- To view, visit https://gerrit.wikimedia.org/r/392859 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If819a071d9f90989919709c44f09331a2300 Gerrit-PatchSet: 1 Gerrit-Project: labs/private Gerrit-Branch: master Gerrit-Owner: Rush___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits