[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetdb: Do not hardcode puppetmasters
Giuseppe Lavagetto has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/329330 ) Change subject: puppetdb: Do not hardcode puppetmasters .. puppetdb: Do not hardcode puppetmasters For Labs PuppetDB setups, it is necessary to be able to specify different puppetmasters so that they are not blocked by the firewall. In the general case, for an instance set up to serve as a PuppetDB it is most likely that "the" puppetmaster is all the puppetmasters, so this change sets it as default for Labs. Bug: T153577 Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c --- M hieradata/labs.yaml M modules/role/manifests/puppetmaster/puppetdb.pp 2 files changed, 4 insertions(+), 16 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index c20b7a6..fd912dc 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -33,6 +33,9 @@ archiva::proxy::ssl_enabled: false archiva::proxy::certificate_name: ssl-cert-snakeoil statsite::instance::graphite_host: 'labmon1001.eqiad.wmnet' +puppetmaster::servers: + "%{hiera('puppetmaster')}": +- { worker: "%{hiera('puppetmaster')}", loadfactor: 10 } # Default to Dummy authenticator in JupyterHubs in labs jupyterhub::authenticator: dummy diff --git a/modules/role/manifests/puppetmaster/puppetdb.pp b/modules/role/manifests/puppetmaster/puppetdb.pp index ac03a10..642bf6c 100644 --- a/modules/role/manifests/puppetmaster/puppetdb.pp +++ b/modules/role/manifests/puppetmaster/puppetdb.pp @@ -39,22 +39,7 @@ } # Only the TLS-terminating nginx proxy will be exposed -# TODO: Use map() once we migrate to the future parser -# It should have been -# -# $puppetmasters = map(values(hiera('puppetmaster::servers')) |p| { p['worker'] }) -# -# Instead, we will have to jump through hoops (templates, yaml parsing, -# parser functions) for this simple thing. So don't and just hardcode it. -# Does it suck ? Yes it does. But we are not going through all that -$puppetmasters = [ -'puppetmaster1001.eqiad.wmnet', -'puppetmaster1002.eqiad.wmnet', -'puppetmaster2001.codfw.wmnet', -'puppetmaster2002.codfw.wmnet', -'rhodium.eqiad.wmnet', -] -$puppetmasters_ferm = join($puppetmasters, ' ') +$puppetmasters_ferm = inline_template('<%= scope.function_hiera([\'puppetmaster::servers\']).values.flatten(1).map { |p| p[\'worker\'] }.sort.join(\' \')%>') ferm::service { 'puppetdb': proto => 'tcp', port=> 443, -- To view, visit https://gerrit.wikimedia.org/r/329330 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Tim LandscheidtGerrit-Reviewer: Alexandros Kosiaris Gerrit-Reviewer: Giuseppe Lavagetto Gerrit-Reviewer: Tim Landscheidt Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetdb: Do not hardcode puppetmasters
Hello Alexandros Kosiaris, I'd like you to do a code review. Please visit https://gerrit.wikimedia.org/r/329330 to review the following change. Change subject: puppetdb: Do not hardcode puppetmasters .. puppetdb: Do not hardcode puppetmasters For Labs PuppetDB setups, it is necessary to be able to specify different puppetmasters so that they are not blocked by the firewall. In the general case, for an instance set up to serve as a PuppetDB it is most likely that "the" puppetmaster is all the puppetmasters, so this change sets it as default for Labs. Bug: T153577 Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c --- M hieradata/labs.yaml M modules/role/manifests/puppetmaster/puppetdb.pp 2 files changed, 4 insertions(+), 16 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/30/329330/1 diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index c20b7a6..fd912dc 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -33,6 +33,9 @@ archiva::proxy::ssl_enabled: false archiva::proxy::certificate_name: ssl-cert-snakeoil statsite::instance::graphite_host: 'labmon1001.eqiad.wmnet' +puppetmaster::servers: + "%{hiera('puppetmaster')}": +- { worker: "%{hiera('puppetmaster')}", loadfactor: 10 } # Default to Dummy authenticator in JupyterHubs in labs jupyterhub::authenticator: dummy diff --git a/modules/role/manifests/puppetmaster/puppetdb.pp b/modules/role/manifests/puppetmaster/puppetdb.pp index ac03a10..642bf6c 100644 --- a/modules/role/manifests/puppetmaster/puppetdb.pp +++ b/modules/role/manifests/puppetmaster/puppetdb.pp @@ -39,22 +39,7 @@ } # Only the TLS-terminating nginx proxy will be exposed -# TODO: Use map() once we migrate to the future parser -# It should have been -# -# $puppetmasters = map(values(hiera('puppetmaster::servers')) |p| { p['worker'] }) -# -# Instead, we will have to jump through hoops (templates, yaml parsing, -# parser functions) for this simple thing. So don't and just hardcode it. -# Does it suck ? Yes it does. But we are not going through all that -$puppetmasters = [ -'puppetmaster1001.eqiad.wmnet', -'puppetmaster1002.eqiad.wmnet', -'puppetmaster2001.codfw.wmnet', -'puppetmaster2002.codfw.wmnet', -'rhodium.eqiad.wmnet', -] -$puppetmasters_ferm = join($puppetmasters, ' ') +$puppetmasters_ferm = inline_template('<%= scope.function_hiera([\'puppetmaster::servers\']).values.flatten(1).map { |p| p[\'worker\'] }.sort.join(\' \')%>') ferm::service { 'puppetdb': proto => 'tcp', port=> 443, -- To view, visit https://gerrit.wikimedia.org/r/329330 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Tim LandscheidtGerrit-Reviewer: Alexandros Kosiaris ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits