[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Keystone: Move api service to uwsgi/nginx"
Andrew Bogott has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/330364 ) Change subject: Revert "Keystone: Move api service to uwsgi/nginx" .. Revert "Keystone: Move api service to uwsgi/nginx" This reverts commit 2e2dd27d6e40886bcd048b675e5b4befc8777cee. Change-Id: Ia28fa7a6af5a903885de49b1ddb072e594714458 --- M hieradata/common.yaml M hieradata/eqiad.yaml M hieradata/regex.yaml M modules/openstack/manifests/keystone/service.pp M modules/role/manifests/labs/openstack/keystone.pp 5 files changed, 15 insertions(+), 53 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 16ea298..93e7062 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -357,7 +357,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' - public_port: '5000' db_host: 'm5-master.eqiad.wmnet' ldap_host: 'ldap-labs.eqiad.wikimedia.org' token_driver: 'normal' diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 4b9c47f..4f05197 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -145,7 +145,6 @@ keystoneconfig: auth_port: '35357' - public_port: '5000' auth_protocol: 'http' auth_host: 208.80.154.92 admin_project_id: 'admin' diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml index f18e091..1e59764 100644 --- a/hieradata/regex.yaml +++ b/hieradata/regex.yaml @@ -455,7 +455,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' -public_port: '5000' db_host: 'labtestcontrol2001.wikimedia.org' ldap_host: 'labtestservices2001.wikimedia.org' token_driver: 'normal' diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index 2982a66..08d77e2 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -53,13 +53,15 @@ mode=> '0644', notify => Service['keystone'], recurse => true; -# Disable the keystone process itself; this will be handled -# by nginx and uwsgi -'/etc/init/keystone.conf': -ensure => 'absent'; } if $::fqdn == hiera('labs_nova_controller') { +service { 'keystone': +ensure=> running, +subscribe => File['/etc/keystone/keystone.conf'], +require => Package['keystone']; +} + # Clean up expired keystone tokens, because keystone seems to leak them $keystone_db_name = $keystoneconfig['db_name'] $keystone_db_user = $keystoneconfig['db_user'] @@ -73,6 +75,10 @@ command => "/usr/bin/mysql ${keystone_db_name} -h${keystone_db_host} -u${keystone_db_user} -p${keystone_db_pass} -e 'DELETE FROM token WHERE NOW() - INTERVAL 2 day > expires LIMIT 1;'", } +nrpe::monitor_service { 'check_keystone_process': +description => 'keystone process', +nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/keystone-all'", +} monitoring::service { 'keystone-http-35357': description => 'keystone http', check_command => 'check_http_on_port!35357', @@ -81,12 +87,10 @@ description => 'keystone http', check_command => 'check_http_on_port!5000', } -} - -# stop the keystone process itself; this will be handled -# by nginx and uwsgi -service { 'keystone': -ensure => stopped, -require => Package['keystone']; +} else { +service { 'keystone': +ensure => stopped, +require => Package['keystone']; +} } } diff --git a/modules/role/manifests/labs/openstack/keystone.pp b/modules/role/manifests/labs/openstack/keystone.pp index 824948b..c8a568c 100644 --- a/modules/role/manifests/labs/openstack/keystone.pp +++ b/modules/role/manifests/labs/openstack/keystone.pp @@ -30,43 +30,4 @@ description => 'Keystone admin and observer projects exist', check_command => 'check_keystone_projects', } - -file { '/var/log/uwsgi/keystone': -ensure => directory, -owner => 'www-data', -group => 'www-data', -mode => '0644', -} - -# Keystone admin API -service::uwsgi { 'keystone-admin': -port=> $keystoneconfig['auth_port'], -healthcheck_url => '/', -deployment => None, -config => { -wsgi-file => '/usr/bin/keystone-wsgi-admin', -name => 'keystone', -uid => 'keystone', -gid => 'keystone', -processes =>
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Keystone: Move api service to uwsgi/nginx"
Hello jenkins-bot, I'd like you to do a code review. Please visit https://gerrit.wikimedia.org/r/330364 to review the following change. Change subject: Revert "Keystone: Move api service to uwsgi/nginx" .. Revert "Keystone: Move api service to uwsgi/nginx" This reverts commit 2e2dd27d6e40886bcd048b675e5b4befc8777cee. Change-Id: Ia28fa7a6af5a903885de49b1ddb072e594714458 --- M hieradata/common.yaml M hieradata/eqiad.yaml M hieradata/regex.yaml M modules/openstack/manifests/keystone/service.pp M modules/role/manifests/labs/openstack/keystone.pp 5 files changed, 15 insertions(+), 53 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/64/330364/1 diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 16ea298..93e7062 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -357,7 +357,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' - public_port: '5000' db_host: 'm5-master.eqiad.wmnet' ldap_host: 'ldap-labs.eqiad.wikimedia.org' token_driver: 'normal' diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 4b9c47f..4f05197 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -145,7 +145,6 @@ keystoneconfig: auth_port: '35357' - public_port: '5000' auth_protocol: 'http' auth_host: 208.80.154.92 admin_project_id: 'admin' diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml index f18e091..1e59764 100644 --- a/hieradata/regex.yaml +++ b/hieradata/regex.yaml @@ -455,7 +455,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' -public_port: '5000' db_host: 'labtestcontrol2001.wikimedia.org' ldap_host: 'labtestservices2001.wikimedia.org' token_driver: 'normal' diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index 2982a66..08d77e2 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -53,13 +53,15 @@ mode=> '0644', notify => Service['keystone'], recurse => true; -# Disable the keystone process itself; this will be handled -# by nginx and uwsgi -'/etc/init/keystone.conf': -ensure => 'absent'; } if $::fqdn == hiera('labs_nova_controller') { +service { 'keystone': +ensure=> running, +subscribe => File['/etc/keystone/keystone.conf'], +require => Package['keystone']; +} + # Clean up expired keystone tokens, because keystone seems to leak them $keystone_db_name = $keystoneconfig['db_name'] $keystone_db_user = $keystoneconfig['db_user'] @@ -73,6 +75,10 @@ command => "/usr/bin/mysql ${keystone_db_name} -h${keystone_db_host} -u${keystone_db_user} -p${keystone_db_pass} -e 'DELETE FROM token WHERE NOW() - INTERVAL 2 day > expires LIMIT 1;'", } +nrpe::monitor_service { 'check_keystone_process': +description => 'keystone process', +nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/keystone-all'", +} monitoring::service { 'keystone-http-35357': description => 'keystone http', check_command => 'check_http_on_port!35357', @@ -81,12 +87,10 @@ description => 'keystone http', check_command => 'check_http_on_port!5000', } -} - -# stop the keystone process itself; this will be handled -# by nginx and uwsgi -service { 'keystone': -ensure => stopped, -require => Package['keystone']; +} else { +service { 'keystone': +ensure => stopped, +require => Package['keystone']; +} } } diff --git a/modules/role/manifests/labs/openstack/keystone.pp b/modules/role/manifests/labs/openstack/keystone.pp index 824948b..c8a568c 100644 --- a/modules/role/manifests/labs/openstack/keystone.pp +++ b/modules/role/manifests/labs/openstack/keystone.pp @@ -30,43 +30,4 @@ description => 'Keystone admin and observer projects exist', check_command => 'check_keystone_projects', } - -file { '/var/log/uwsgi/keystone': -ensure => directory, -owner => 'www-data', -group => 'www-data', -mode => '0644', -} - -# Keystone admin API -service::uwsgi { 'keystone-admin': -port=> $keystoneconfig['auth_port'], -healthcheck_url => '/', -deployment => None, -config => { -wsgi-file => '/usr/bin/keystone-wsgi-admin', -name => 'keystone', -uid => 'keystone', -gid
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Keystone: Move api service to uwsgi/nginx"
Andrew Bogott has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/330341 ) Change subject: Revert "Keystone: Move api service to uwsgi/nginx" .. Revert "Keystone: Move api service to uwsgi/nginx" This works but I can't get the old keystone process to quit and relinquish the port This reverts commit 7122564873c55b8cb819c49786fc70f9c10de3df. Change-Id: Idb4143fb9cb57771a43aa2e3f9c85d5a4ac08bee --- M hieradata/common.yaml M hieradata/eqiad.yaml M hieradata/regex.yaml M modules/openstack/manifests/keystone/service.pp M modules/role/manifests/labs/openstack/keystone.pp 5 files changed, 15 insertions(+), 53 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 16ea298..93e7062 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -357,7 +357,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' - public_port: '5000' db_host: 'm5-master.eqiad.wmnet' ldap_host: 'ldap-labs.eqiad.wikimedia.org' token_driver: 'normal' diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 4b9c47f..4f05197 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -145,7 +145,6 @@ keystoneconfig: auth_port: '35357' - public_port: '5000' auth_protocol: 'http' auth_host: 208.80.154.92 admin_project_id: 'admin' diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml index f18e091..1e59764 100644 --- a/hieradata/regex.yaml +++ b/hieradata/regex.yaml @@ -455,7 +455,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' -public_port: '5000' db_host: 'labtestcontrol2001.wikimedia.org' ldap_host: 'labtestservices2001.wikimedia.org' token_driver: 'normal' diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index 2982a66..08d77e2 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -53,13 +53,15 @@ mode=> '0644', notify => Service['keystone'], recurse => true; -# Disable the keystone process itself; this will be handled -# by nginx and uwsgi -'/etc/init/keystone.conf': -ensure => 'absent'; } if $::fqdn == hiera('labs_nova_controller') { +service { 'keystone': +ensure=> running, +subscribe => File['/etc/keystone/keystone.conf'], +require => Package['keystone']; +} + # Clean up expired keystone tokens, because keystone seems to leak them $keystone_db_name = $keystoneconfig['db_name'] $keystone_db_user = $keystoneconfig['db_user'] @@ -73,6 +75,10 @@ command => "/usr/bin/mysql ${keystone_db_name} -h${keystone_db_host} -u${keystone_db_user} -p${keystone_db_pass} -e 'DELETE FROM token WHERE NOW() - INTERVAL 2 day > expires LIMIT 1;'", } +nrpe::monitor_service { 'check_keystone_process': +description => 'keystone process', +nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/keystone-all'", +} monitoring::service { 'keystone-http-35357': description => 'keystone http', check_command => 'check_http_on_port!35357', @@ -81,12 +87,10 @@ description => 'keystone http', check_command => 'check_http_on_port!5000', } -} - -# stop the keystone process itself; this will be handled -# by nginx and uwsgi -service { 'keystone': -ensure => stopped, -require => Package['keystone']; +} else { +service { 'keystone': +ensure => stopped, +require => Package['keystone']; +} } } diff --git a/modules/role/manifests/labs/openstack/keystone.pp b/modules/role/manifests/labs/openstack/keystone.pp index 824948b..c8a568c 100644 --- a/modules/role/manifests/labs/openstack/keystone.pp +++ b/modules/role/manifests/labs/openstack/keystone.pp @@ -30,43 +30,4 @@ description => 'Keystone admin and observer projects exist', check_command => 'check_keystone_projects', } - -file { '/var/log/uwsgi/keystone': -ensure => directory, -owner => 'www-data', -group => 'www-data', -mode => '0644', -} - -# Keystone admin API -service::uwsgi { 'keystone-admin': -port=> $keystoneconfig['auth_port'], -healthcheck_url => '/', -deployment => None, -config => { -wsgi-file => '/usr/bin/keystone-wsgi-admin', -name => 'keystone', -uid
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Keystone: Move api service to uwsgi/nginx"
Hello Alex Monk, BryanDavis, jenkins-bot, I'd like you to do a code review. Please visit https://gerrit.wikimedia.org/r/330341 to review the following change. Change subject: Revert "Keystone: Move api service to uwsgi/nginx" .. Revert "Keystone: Move api service to uwsgi/nginx" This works but I can't get the old keystone process to quit and relinquish the port This reverts commit 7122564873c55b8cb819c49786fc70f9c10de3df. Change-Id: Idb4143fb9cb57771a43aa2e3f9c85d5a4ac08bee --- M hieradata/common.yaml M hieradata/eqiad.yaml M hieradata/regex.yaml M modules/openstack/manifests/keystone/service.pp M modules/role/manifests/labs/openstack/keystone.pp 5 files changed, 15 insertions(+), 53 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/41/330341/1 diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 16ea298..93e7062 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -357,7 +357,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' - public_port: '5000' db_host: 'm5-master.eqiad.wmnet' ldap_host: 'ldap-labs.eqiad.wikimedia.org' token_driver: 'normal' diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 4b9c47f..4f05197 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -145,7 +145,6 @@ keystoneconfig: auth_port: '35357' - public_port: '5000' auth_protocol: 'http' auth_host: 208.80.154.92 admin_project_id: 'admin' diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml index f18e091..1e59764 100644 --- a/hieradata/regex.yaml +++ b/hieradata/regex.yaml @@ -455,7 +455,6 @@ ldap_proxyagent : 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org' auth_protocol: 'http' auth_port: '35357' -public_port: '5000' db_host: 'labtestcontrol2001.wikimedia.org' ldap_host: 'labtestservices2001.wikimedia.org' token_driver: 'normal' diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index 2982a66..08d77e2 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -53,13 +53,15 @@ mode=> '0644', notify => Service['keystone'], recurse => true; -# Disable the keystone process itself; this will be handled -# by nginx and uwsgi -'/etc/init/keystone.conf': -ensure => 'absent'; } if $::fqdn == hiera('labs_nova_controller') { +service { 'keystone': +ensure=> running, +subscribe => File['/etc/keystone/keystone.conf'], +require => Package['keystone']; +} + # Clean up expired keystone tokens, because keystone seems to leak them $keystone_db_name = $keystoneconfig['db_name'] $keystone_db_user = $keystoneconfig['db_user'] @@ -73,6 +75,10 @@ command => "/usr/bin/mysql ${keystone_db_name} -h${keystone_db_host} -u${keystone_db_user} -p${keystone_db_pass} -e 'DELETE FROM token WHERE NOW() - INTERVAL 2 day > expires LIMIT 1;'", } +nrpe::monitor_service { 'check_keystone_process': +description => 'keystone process', +nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/keystone-all'", +} monitoring::service { 'keystone-http-35357': description => 'keystone http', check_command => 'check_http_on_port!35357', @@ -81,12 +87,10 @@ description => 'keystone http', check_command => 'check_http_on_port!5000', } -} - -# stop the keystone process itself; this will be handled -# by nginx and uwsgi -service { 'keystone': -ensure => stopped, -require => Package['keystone']; +} else { +service { 'keystone': +ensure => stopped, +require => Package['keystone']; +} } } diff --git a/modules/role/manifests/labs/openstack/keystone.pp b/modules/role/manifests/labs/openstack/keystone.pp index 824948b..c8a568c 100644 --- a/modules/role/manifests/labs/openstack/keystone.pp +++ b/modules/role/manifests/labs/openstack/keystone.pp @@ -30,43 +30,4 @@ description => 'Keystone admin and observer projects exist', check_command => 'check_keystone_projects', } - -file { '/var/log/uwsgi/keystone': -ensure => directory, -owner => 'www-data', -group => 'www-data', -mode => '0644', -} - -# Keystone admin API -service::uwsgi { 'keystone-admin': -port=> $keystoneconfig['auth_port'], -healthcheck_url => '/', -deployment => None, -config => { -wsgi-file =>