[MediaWiki-commits] [Gerrit] operations/puppet[production]: tcpircbot: convert role to profile
Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/400250 )
Change subject: tcpircbot: convert role to profile
..
tcpircbot: convert role to profile
Change-Id: I8aeb27f380c71ba090247b22ac6fa01135166f68
---
A modules/profile/manifests/tcpircbot.pp
M modules/role/manifests/tcpircbot.pp
2 files changed, 61 insertions(+), 51 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/profile/manifests/tcpircbot.pp
b/modules/profile/manifests/tcpircbot.pp
new file mode 100644
index 000..6e33d0d
--- /dev/null
+++ b/modules/profile/manifests/tcpircbot.pp
@@ -0,0 +1,57 @@
+class profile::tcpircbot(
+$ensure='present',
+){
+
+include passwords::logmsgbot
+
+tcpircbot::instance { 'logmsgbot':
+ensure => $ensure,
+channels => '#wikimedia-operations',
+password => $passwords::logmsgbot::logmsgbot_password,
+cidr => [
+':::127.0.0.1/128', # loopback
+':::10.64.32.167/128', # logging: eventlog1001
+':::10.64.0.196/128', # deployment eqiad v4: tin
+'2620:0:861:101:10:64:0:196/128', # deployment eqiad v6: tin
+':::10.192.32.22/128', # deployment codfw v4: naos
+'2620:0:860:103:10:192:32:22/128', # deployment codfw v6: naos
+':::10.64.32.13/128', # maintenance eqiad v4: terbium
+'2620:0:861:103:10:64:32:13/64',# maintenance eqiad v6: terbium
+':::10.192.48.45/128', # maintenance codfw v4: wasat
+'2620:0:860:104:10:192:48:45/64', # maintenance codfw v6: wasat
+':::10.64.16.73/128', # puppetmaster1001.eqiad.wmnet
+'2620:0:861:102:10:64:16:73/128', # puppetmaster1001.eqiad.wmnet
+':::10.192.0.27/128', # puppetmaster2001.codfw.wmnet
+'2620:0:860:101:10:192:0:27/128', # puppetmaster2001.codfw.wmnet
+':::10.64.32.20/128', # neodymium.eqiad.wmnet
+'2620:0:861:103:10:64:32:20/64',# neodymium.eqiad.wmnet
+':::10.192.0.140/128', # sarin.codfw.wmnet
+'2620:0:860:101:10:192:0:140/64', # sarin.codfw.wmnet
+],
+}
+if $ensure == 'present' {
+nrpe::monitor_service { 'tcpircbot':
+description => 'tcpircbot_service_running',
+nrpe_command => '/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1
-C python -a tcpircbot.py',
+}
+}
+
+$allowed_hosts = [
+'eventlog1001.eqiad.wmnet', # logging eqiad
+'tin.eqiad.wmnet', # deployment eqiad
+'naos.codfw.wmnet', # deployment codfw
+'puppetmaster1001.eqiad.wmnet', # puppet eqiad
+'puppetmaster2001.codfw.wmnet', # puppet codfw
+'terbium.eqiad.wmnet', # maintenance eqiad
+'wasat.codfw.wmnet',# maintenance codfw
+'neodymium.eqiad.wmnet',# cluster mgmt eqiad
+'sarin.codfw.wmnet',# cluster mgmt codfw
+]
+
+$allowed_hosts_ferm = join($allowed_hosts, ' ')
+ferm::service { 'tcpircbot_allowed':
+proto => 'tcp',
+port => '9200',
+srange => "(@resolve((${allowed_hosts_ferm}))
@resolve((${allowed_hosts_ferm}), ))",
+}
+}
diff --git a/modules/role/manifests/tcpircbot.pp
b/modules/role/manifests/tcpircbot.pp
index b1f1da4..8a4799f 100644
--- a/modules/role/manifests/tcpircbot.pp
+++ b/modules/role/manifests/tcpircbot.pp
@@ -1,59 +1,12 @@
-class role::tcpircbot($ensure='present') {
-include ::tcpircbot
-include passwords::logmsgbot
+class role::tcpircbot {
system::role { 'tcpircbot':
description => 'tcpircbot server',
}
-tcpircbot::instance { 'logmsgbot':
-ensure => $ensure,
-channels => '#wikimedia-operations',
-password => $passwords::logmsgbot::logmsgbot_password,
-cidr => [
-':::127.0.0.1/128', # loopback
-':::10.64.32.167/128', # logging: eventlog1001
-':::10.64.0.196/128', # deployment eqiad v4: tin
-'2620:0:861:101:10:64:0:196/128', # deployment eqiad v6: tin
-':::10.192.32.22/128', # deployment codfw v4: naos
-'2620:0:860:103:10:192:32:22/128', # deployment codfw v6: naos
-':::10.64.32.13/128', # maintenance eqiad v4: terbium
-'2620:0:861:103:10:64:32:13/64',# maintenance eqiad v6: terbium
-':::10.192.48.45/128', # maintenance codfw v4: wasat
-'2620:0:860:104:10:192:48:45/64', # maintenance codfw v6: wasat
-':::10.64.16.73/128', #
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tcpircbot: convert role to profile
Dzahn has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/400250 )
Change subject: tcpircbot: convert role to profile
..
tcpircbot: convert role to profile
Change-Id: I8aeb27f380c71ba090247b22ac6fa01135166f68
---
A modules/profile/manifests/tcpircbot.pp
M modules/role/manifests/tcpircbot.pp
2 files changed, 61 insertions(+), 52 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/50/400250/1
diff --git a/modules/profile/manifests/tcpircbot.pp
b/modules/profile/manifests/tcpircbot.pp
new file mode 100644
index 000..85a3bf5
--- /dev/null
+++ b/modules/profile/manifests/tcpircbot.pp
@@ -0,0 +1,55 @@
+class profile::tcpircbot(
+$ensure='present',
+){
+
+tcpircbot::instance { 'logmsgbot':
+ensure => $ensure,
+channels => '#wikimedia-operations',
+password => $passwords::logmsgbot::logmsgbot_password,
+cidr => [
+':::127.0.0.1/128', # loopback
+':::10.64.32.167/128', # logging: eventlog1001
+':::10.64.0.196/128', # deployment eqiad v4: tin
+'2620:0:861:101:10:64:0:196/128', # deployment eqiad v6: tin
+':::10.192.32.22/128', # deployment codfw v4: naos
+'2620:0:860:103:10:192:32:22/128', # deployment codfw v6: naos
+':::10.64.32.13/128', # maintenance eqiad v4: terbium
+'2620:0:861:103:10:64:32:13/64',# maintenance eqiad v6: terbium
+':::10.192.48.45/128', # maintenance codfw v4: wasat
+'2620:0:860:104:10:192:48:45/64', # maintenance codfw v6: wasat
+':::10.64.16.73/128', # puppetmaster1001.eqiad.wmnet
+'2620:0:861:102:10:64:16:73/128', # puppetmaster1001.eqiad.wmnet
+':::10.192.0.27/128', # puppetmaster2001.codfw.wmnet
+'2620:0:860:101:10:192:0:27/128', # puppetmaster2001.codfw.wmnet
+':::10.64.32.20/128', # neodymium.eqiad.wmnet
+'2620:0:861:103:10:64:32:20/64',# neodymium.eqiad.wmnet
+':::10.192.0.140/128', # sarin.codfw.wmnet
+'2620:0:860:101:10:192:0:140/64', # sarin.codfw.wmnet
+],
+}
+if $ensure == 'present' {
+nrpe::monitor_service { 'tcpircbot':
+description => 'tcpircbot_service_running',
+nrpe_command => '/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1
-C python -a tcpircbot.py',
+}
+}
+
+$allowed_hosts = [
+'eventlog1001.eqiad.wmnet', # logging eqiad
+'tin.eqiad.wmnet', # deployment eqiad
+'naos.codfw.wmnet', # deployment codfw
+'puppetmaster1001.eqiad.wmnet', # puppet eqiad
+'puppetmaster2001.codfw.wmnet', # puppet codfw
+'terbium.eqiad.wmnet', # maintenance eqiad
+'wasat.codfw.wmnet',# maintenance codfw
+'neodymium.eqiad.wmnet',# cluster mgmt eqiad
+'sarin.codfw.wmnet',# cluster mgmt codfw
+]
+
+$allowed_hosts_ferm = join($allowed_hosts, ' ')
+ferm::service { 'tcpircbot_allowed':
+proto => 'tcp',
+port => '9200',
+srange => "(@resolve((${allowed_hosts_ferm}))
@resolve((${allowed_hosts_ferm}), ))",
+}
+}
diff --git a/modules/role/manifests/tcpircbot.pp
b/modules/role/manifests/tcpircbot.pp
index b1f1da4..a5ed221 100644
--- a/modules/role/manifests/tcpircbot.pp
+++ b/modules/role/manifests/tcpircbot.pp
@@ -1,59 +1,13 @@
-class role::tcpircbot($ensure='present') {
-include ::tcpircbot
-include passwords::logmsgbot
+class role::tcpircbot {
system::role { 'tcpircbot':
description => 'tcpircbot server',
}
-tcpircbot::instance { 'logmsgbot':
-ensure => $ensure,
-channels => '#wikimedia-operations',
-password => $passwords::logmsgbot::logmsgbot_password,
-cidr => [
-':::127.0.0.1/128', # loopback
-':::10.64.32.167/128', # logging: eventlog1001
-':::10.64.0.196/128', # deployment eqiad v4: tin
-'2620:0:861:101:10:64:0:196/128', # deployment eqiad v6: tin
-':::10.192.32.22/128', # deployment codfw v4: naos
-'2620:0:860:103:10:192:32:22/128', # deployment codfw v6: naos
-':::10.64.32.13/128', # maintenance eqiad v4: terbium
-'2620:0:861:103:10:64:32:13/64',# maintenance eqiad v6: terbium
-':::10.192.48.45/128', # maintenance codfw v4: wasat
-'2620:0:860:104:10:192:48:45/64', # maintenance codfw v6: wasat
-':::10.64.16.73/128', # puppetmaster1001.eqiad.wmnet
-'2620:0:861:102:10:64:16:73/128', #
