[MediaWiki-commits] [Gerrit] operations/puppet[production]: librenms: convert role to profile, variables to params
Dzahn has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/399966 ) Change subject: librenms: convert role to profile, variables to params .. librenms: convert role to profile, variables to params Change-Id: I208253b00783d62888c3db2e778518cadc14e25f --- A hieradata/role/common/librenms.yaml A modules/profile/manifests/librenms.pp M modules/role/manifests/librenms.pp 3 files changed, 177 insertions(+), 169 deletions(-) Approvals: jenkins-bot: Verified Dzahn: Looks good to me, approved diff --git a/hieradata/role/common/librenms.yaml b/hieradata/role/common/librenms.yaml new file mode 100644 index 000..98b7ac5 --- /dev/null +++ b/hieradata/role/common/librenms.yaml @@ -0,0 +1,2 @@ +profile::librenms::sitename: 'librenms.wikimedia.org' +profile::librenms::install_dir: '/srv/deployment/librenms/librenms' diff --git a/modules/profile/manifests/librenms.pp b/modules/profile/manifests/librenms.pp new file mode 100644 index 000..abe440a --- /dev/null +++ b/modules/profile/manifests/librenms.pp @@ -0,0 +1,174 @@ +# http://www.librenms.org/ | https://github.com/librenms/librenms + +# $active_server +# Which of the netmon servers should actually poll data and +# have active cron jobs. We don't want both to do it at the same time. +# Switch it in hieradata/common.yaml, the default is just a fallback. +# +class profile::librenms ( +$sitename = hiera('profile::librenms::sitename'), +$install_dir = hiera('profile::librenms::install_dir'), +$active_server = hiera('netmon_server'), +$graphite_host = hiera('graphite_host', 'graphite-in.eqiad.wmnet'), +$graphite_prefix = hiera('graphite_prefix', 'librenms') +){ + +include ::network::constants +include ::passwords::librenms +include ::passwords::network + +# NOTE: scap will manage the deploy user +scap::target { 'librenms/librenms': +deploy_user => 'deploy-librenms', +before => Class['::librenms'], +} + +$config = { +'title_image' => '//upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Wikimedia_Foundation_logo_-_horizontal_%282012-2016%29.svg/140px-Wikimedia_Foundation_logo_-_horizontal_%282012-2016%29.svg.png', + +# disable evil daily auto-git pull +'update' => 0, + +'db_host' => 'm1-master.eqiad.wmnet', +'db_user' => $passwords::librenms::db_user, +'db_pass' => $passwords::librenms::db_pass, +'db_name' => 'librenms', +'db' => { +'extension' => 'mysqli', +}, + +'snmp' => { +'community' => [ $passwords::network::snmp_ro_community ], +}, +'irc_host' => 'irc.freenode.org', +'irc_chan' => '#wikimedia-netops-test,#wikimedia-netops', +'irc_alert'=> true, +'irc_debug'=> false, +'irc_alert_chan' => '#wikimedia-netops-test', +'irc_alert_utf8' => true, +'irc_nick' => 'librenms-wmf', + +'autodiscovery'=> { +'xdp' => true, +'ospf' => true, +'bgp' => false, +'snmpscan' => false, +}, +'geoloc' => { +'latlng' => true, +'engine' => 'google', +}, +'location_map' => { +'eqiad' => 'Equinix, Ashburn, Virginia, USA', +'codfw' => 'CyrusOne, Carrollton, Texas, USA', +'eqdfw' => 'Equinix, Carrollton, Texas, USA', +'ulsfo' => 'United Layer, San Francisco, California, USA', +'eqord' => 'Equinix, Chicago, Illinois, USA', +'knams' => 'Vancis, Amsterdam, The Netherlands', +'esams' => 'EvoSwitch, Amsterdam, The Netherlands', +'eqsin' => 'Equinix, Singapore', +}, +'astext' => { +'64600' => 'PyBal', +'64601' => 'Kubernetes', +'64602' => 'Kubernetes', +'64603' => 'Kubernetes', +'64700' => 'frack-eqiad', +'64701' => 'frack-codfw', +'65001' => 'confed-eqiad-eqord', +'65002' => 'confed-eqdfw-codfw', +'65003' => 'confed-esams', +'65004' => 'confed-ulsfo', +'65005' => 'confed-eqsin', +'65517' => 'Equinix', +}, +'email_from' => 'librenms', +'twofactor' => true, +'twofactor_lock' => 300, +'rancid_configs' => ['/var/lib/rancid/core/configs/'], +'rancid_ignorecomments' => 1, +'enable_inventory' => 1, +'enable_syslog'=> 1, +'enable_billing' => 1, +'syslog_filter'=> [ +'message repeated', +'Connection from UDP: [', +'CMD ( /usr/libexec/atrun)', +'CMD (newsyslog)', +'CMD (adjkerntz -a)', +
[MediaWiki-commits] [Gerrit] operations/puppet[production]: librenms: convert role to profile, variables to params
Dzahn has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/399966 ) Change subject: librenms: convert role to profile, variables to params .. librenms: convert role to profile, variables to params Change-Id: I208253b00783d62888c3db2e778518cadc14e25f --- A modules/profile/manifests/librenms.pp M modules/role/manifests/librenms.pp 2 files changed, 174 insertions(+), 169 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/66/399966/1 diff --git a/modules/profile/manifests/librenms.pp b/modules/profile/manifests/librenms.pp new file mode 100644 index 000..870fb67 --- /dev/null +++ b/modules/profile/manifests/librenms.pp @@ -0,0 +1,170 @@ +# http://www.librenms.org/ | https://github.com/librenms/librenms + +# $active_server +# Which of the netmon servers should actually poll data and +# have active cron jobs. We don't want both to do it at the same time. +# Switch it in hieradata/common.yaml, the default is just a fallback. +# +class profile::librenms ( +$sitename = 'librenms.wikimedia.org' +$install_dir = '/srv/deployment/librenms/librenms' +$active_server = hiera('netmon_server') +$graphite_host = hiera('graphite_host', 'graphite-in.eqiad.wmnet') +$graphite_prefix = hiera('graphite_prefix', 'librenms') +){ + +# NOTE: scap will manage the deploy user +scap::target { 'librenms/librenms': +deploy_user => 'deploy-librenms', +before => Class['::librenms'], +} + +$config = { +'title_image' => '//upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Wikimedia_Foundation_logo_-_horizontal_%282012-2016%29.svg/140px-Wikimedia_Foundation_logo_-_horizontal_%282012-2016%29.svg.png', + +# disable evil daily auto-git pull +'update' => 0, + +'db_host' => 'm1-master.eqiad.wmnet', +'db_user' => $passwords::librenms::db_user, +'db_pass' => $passwords::librenms::db_pass, +'db_name' => 'librenms', +'db' => { +'extension' => 'mysqli', +}, + +'snmp' => { +'community' => [ $passwords::network::snmp_ro_community ], +}, +'irc_host' => 'irc.freenode.org', +'irc_chan' => '#wikimedia-netops-test,#wikimedia-netops', +'irc_alert'=> true, +'irc_debug'=> false, +'irc_alert_chan' => '#wikimedia-netops-test', +'irc_alert_utf8' => true, +'irc_nick' => 'librenms-wmf', + +'autodiscovery'=> { +'xdp' => true, +'ospf' => true, +'bgp' => false, +'snmpscan' => false, +}, +'geoloc' => { +'latlng' => true, +'engine' => 'google', +}, +'location_map' => { +'eqiad' => 'Equinix, Ashburn, Virginia, USA', +'codfw' => 'CyrusOne, Carrollton, Texas, USA', +'eqdfw' => 'Equinix, Carrollton, Texas, USA', +'ulsfo' => 'United Layer, San Francisco, California, USA', +'eqord' => 'Equinix, Chicago, Illinois, USA', +'knams' => 'Vancis, Amsterdam, The Netherlands', +'esams' => 'EvoSwitch, Amsterdam, The Netherlands', +'eqsin' => 'Equinix, Singapore', +}, +'astext' => { +'64600' => 'PyBal', +'64601' => 'Kubernetes', +'64602' => 'Kubernetes', +'64603' => 'Kubernetes', +'64700' => 'frack-eqiad', +'64701' => 'frack-codfw', +'65001' => 'confed-eqiad-eqord', +'65002' => 'confed-eqdfw-codfw', +'65003' => 'confed-esams', +'65004' => 'confed-ulsfo', +'65005' => 'confed-eqsin', +'65517' => 'Equinix', +}, +'email_from' => 'librenms', +'twofactor' => true, +'twofactor_lock' => 300, +'rancid_configs' => ['/var/lib/rancid/core/configs/'], +'rancid_ignorecomments' => 1, +'enable_inventory' => 1, +'enable_syslog'=> 1, +'enable_billing' => 1, +'syslog_filter'=> [ +'message repeated', +'Connection from UDP: [', +'CMD ( /usr/libexec/atrun)', +'CMD (newsyslog)', +'CMD (adjkerntz -a)', +'kernel time sync enabled', +'preauth', +], + +'auth_mechanism' => 'ldap', +'auth_ldap_server' => 'ldap://ldap-labs.eqiad.wikimedia.org ldap://ldap-labs.codfw.wikimedia.org', +'auth_ldap_starttls' => 'require', +'auth_ldap_port' => 389, + +# This is dumb -- the code requires us to specify the dn rather +# than doing a search, so logins will require 'shell name' rather +# than the