[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetdb: Do not hardcode puppetmasters
Giuseppe Lavagetto has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/329330 )
Change subject: puppetdb: Do not hardcode puppetmasters
..
puppetdb: Do not hardcode puppetmasters
For Labs PuppetDB setups, it is necessary to be able to specify
different puppetmasters so that they are not blocked by the firewall.
In the general case, for an instance set up to serve as a PuppetDB it
is most likely that "the" puppetmaster is all the puppetmasters, so
this change sets it as default for Labs.
Bug: T153577
Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c
---
M hieradata/labs.yaml
M modules/role/manifests/puppetmaster/puppetdb.pp
2 files changed, 4 insertions(+), 16 deletions(-)
Approvals:
Giuseppe Lavagetto: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index c20b7a6..fd912dc 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -33,6 +33,9 @@
archiva::proxy::ssl_enabled: false
archiva::proxy::certificate_name: ssl-cert-snakeoil
statsite::instance::graphite_host: 'labmon1001.eqiad.wmnet'
+puppetmaster::servers:
+ "%{hiera('puppetmaster')}":
+- { worker: "%{hiera('puppetmaster')}", loadfactor: 10 }
# Default to Dummy authenticator in JupyterHubs in labs
jupyterhub::authenticator: dummy
diff --git a/modules/role/manifests/puppetmaster/puppetdb.pp
b/modules/role/manifests/puppetmaster/puppetdb.pp
index ac03a10..642bf6c 100644
--- a/modules/role/manifests/puppetmaster/puppetdb.pp
+++ b/modules/role/manifests/puppetmaster/puppetdb.pp
@@ -39,22 +39,7 @@
}
# Only the TLS-terminating nginx proxy will be exposed
-# TODO: Use map() once we migrate to the future parser
-# It should have been
-#
-# $puppetmasters = map(values(hiera('puppetmaster::servers')) |p| {
p['worker'] })
-#
-# Instead, we will have to jump through hoops (templates, yaml parsing,
-# parser functions) for this simple thing. So don't and just hardcode it.
-# Does it suck ? Yes it does. But we are not going through all that
-$puppetmasters = [
-'puppetmaster1001.eqiad.wmnet',
-'puppetmaster1002.eqiad.wmnet',
-'puppetmaster2001.codfw.wmnet',
-'puppetmaster2002.codfw.wmnet',
-'rhodium.eqiad.wmnet',
-]
-$puppetmasters_ferm = join($puppetmasters, ' ')
+$puppetmasters_ferm = inline_template('<%=
scope.function_hiera([\'puppetmaster::servers\']).values.flatten(1).map { |p|
p[\'worker\'] }.sort.join(\' \')%>')
ferm::service { 'puppetdb':
proto => 'tcp',
port=> 443,
--
To view, visit https://gerrit.wikimedia.org/r/329330
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt
Gerrit-Reviewer: Alexandros Kosiaris
Gerrit-Reviewer: Giuseppe Lavagetto
Gerrit-Reviewer: Tim Landscheidt
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetdb: Do not hardcode puppetmasters
Hello Alexandros Kosiaris,
I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/329330
to review the following change.
Change subject: puppetdb: Do not hardcode puppetmasters
..
puppetdb: Do not hardcode puppetmasters
For Labs PuppetDB setups, it is necessary to be able to specify
different puppetmasters so that they are not blocked by the firewall.
In the general case, for an instance set up to serve as a PuppetDB it
is most likely that "the" puppetmaster is all the puppetmasters, so
this change sets it as default for Labs.
Bug: T153577
Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c
---
M hieradata/labs.yaml
M modules/role/manifests/puppetmaster/puppetdb.pp
2 files changed, 4 insertions(+), 16 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/30/329330/1
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index c20b7a6..fd912dc 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -33,6 +33,9 @@
archiva::proxy::ssl_enabled: false
archiva::proxy::certificate_name: ssl-cert-snakeoil
statsite::instance::graphite_host: 'labmon1001.eqiad.wmnet'
+puppetmaster::servers:
+ "%{hiera('puppetmaster')}":
+- { worker: "%{hiera('puppetmaster')}", loadfactor: 10 }
# Default to Dummy authenticator in JupyterHubs in labs
jupyterhub::authenticator: dummy
diff --git a/modules/role/manifests/puppetmaster/puppetdb.pp
b/modules/role/manifests/puppetmaster/puppetdb.pp
index ac03a10..642bf6c 100644
--- a/modules/role/manifests/puppetmaster/puppetdb.pp
+++ b/modules/role/manifests/puppetmaster/puppetdb.pp
@@ -39,22 +39,7 @@
}
# Only the TLS-terminating nginx proxy will be exposed
-# TODO: Use map() once we migrate to the future parser
-# It should have been
-#
-# $puppetmasters = map(values(hiera('puppetmaster::servers')) |p| {
p['worker'] })
-#
-# Instead, we will have to jump through hoops (templates, yaml parsing,
-# parser functions) for this simple thing. So don't and just hardcode it.
-# Does it suck ? Yes it does. But we are not going through all that
-$puppetmasters = [
-'puppetmaster1001.eqiad.wmnet',
-'puppetmaster1002.eqiad.wmnet',
-'puppetmaster2001.codfw.wmnet',
-'puppetmaster2002.codfw.wmnet',
-'rhodium.eqiad.wmnet',
-]
-$puppetmasters_ferm = join($puppetmasters, ' ')
+$puppetmasters_ferm = inline_template('<%=
scope.function_hiera([\'puppetmaster::servers\']).values.flatten(1).map { |p|
p[\'worker\'] }.sort.join(\' \')%>')
ferm::service { 'puppetdb':
proto => 'tcp',
port=> 443,
--
To view, visit https://gerrit.wikimedia.org/r/329330
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt
Gerrit-Reviewer: Alexandros Kosiaris
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
