[MediaWiki-commits] [Gerrit] puppetmaster: Move the role into the role module - change (operations/puppet)
Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/248850
Change subject: puppetmaster: Move the role into the role module
..
puppetmaster: Move the role into the role module
Move the puppetmaster role into the role module
Change-Id: I3571dab849cc8874367ec57dedbb3a1fb34aef92
---
D manifests/role/puppetmaster.pp
A modules/role/manifests/puppetmaster/backend.pp
A modules/role/manifests/puppetmaster/frontend.pp
A modules/role/manifests/puppetmaster/labs.pp
4 files changed, 119 insertions(+), 117 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/50/248850/1
diff --git a/manifests/role/puppetmaster.pp b/manifests/role/puppetmaster.pp
deleted file mode 100644
index 8edcbc2..000
--- a/manifests/role/puppetmaster.pp
+++ /dev/null
@@ -1,117 +0,0 @@
-# vim: set tabstop=4 shiftwidth=4 softtabstop=4 expandtab textwidth=80 smarttab
-
-class role::puppetmaster::frontend {
-include passwords::puppet::database
-
-include role::backup::host
-backup::set { 'var-lib-puppet-ssl': }
-backup::set { 'var-lib-puppet-volatile': }
-
-system::role { 'puppetmaster':
-description => 'Puppetmaster frontend'
-}
-
-class { '::puppetmaster':
-server_type => 'frontend',
-workers => [
-{
-'worker' => 'palladium.eqiad.wmnet',
-'loadfactor' => 10,
-},
-{
-'worker' => 'strontium.eqiad.wmnet',
-'loadfactor' => 20,
-},
-],
-config => {
-'storeconfigs' => true, # Required by thin_storeconfigs on
puppet 3.x
-'thin_storeconfigs' => true,
-'dbadapter' => 'mysql',
-'dbuser'=> 'puppet',
-'dbpassword'=>
$passwords::puppet::database::puppet_production_db_pass,
-'dbserver' => 'm1-master.eqiad.wmnet',
-}
-}
-}
-
-class role::puppetmaster::backend {
-include passwords::puppet::database
-include base::firewall
-
-system::role { 'puppetmaster':
-description => 'Puppetmaster backend'
-}
-
-class { '::puppetmaster':
-server_type => 'backend',
-config => {
-'storeconfigs' => true, # Required by thin_storeconfigs on
puppet 3.x
-'thin_storeconfigs' => true,
-# lint:ignore:quoted_booleans
-# Not a simple boolean, this must be quoted.
-'ca'=> 'false',
-# lint:endignore
-'ca_server' => 'palladium.eqiad.wmnet',
-'dbadapter' => 'mysql',
-'dbuser'=> 'puppet',
-'dbpassword'=>
$passwords::puppet::database::puppet_production_db_pass,
-'dbserver' => 'm1-master.eqiad.wmnet',
-'dbconnections' => '256',
-}
-}
-
-ferm::service { 'puppetmaster-backend':
-proto => 'tcp',
-port => 8141,
-}
-
-$puppetmaster_hostname = hiera('puppetmaster')
-ferm::service { 'ssh_puppet_merge':
-proto => 'tcp',
-port => '22',
-srange => "@resolve(${puppetmaster_hostname})"
-}
-}
-
-class role::puppetmaster::labs {
-include network::constants
-
-$labs_ranges = [
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-a-eqiad']['ipv4'],
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-b-eqiad']['ipv4'],
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-c-eqiad']['ipv4'],
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-d-eqiad']['ipv4'],
-]
-
-include ldap::role::config::labs
-$ldapconfig = $ldap::role::config::labs::ldapconfig
-$basedn = $ldapconfig['basedn']
-
-# Only allow puppet access from the instances
-$allow_from = $::realm ? {
-'production' => flatten([$labs_ranges, '208.80.154.14']),
-'labs' => [ '192.168.0.0/21' ],
-}
-
-class { '::puppetmaster':
-server_name => hiera('labs_puppet_master'),
-allow_from => $allow_from,
-config => {
-'thin_storeconfigs' => false,
-'node_terminus' => 'ldap',
-'ldapserver'=> $ldapconfig['servernames'][0],
-'ldapbase' => "ou=hosts,${basedn}",
-'ldapstring'=>
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-'ldapuser' => $ldapconfig['proxyagent'],
-'ldappassword' => $ldapconfig['proxypass'],
-'ldaptls' => true,
-
[MediaWiki-commits] [Gerrit] puppetmaster: Move the role into the role module - change (operations/puppet)
Alexandros Kosiaris has submitted this change and it was merged.
Change subject: puppetmaster: Move the role into the role module
..
puppetmaster: Move the role into the role module
Move the puppetmaster role into the role module
Change-Id: I3571dab849cc8874367ec57dedbb3a1fb34aef92
---
D manifests/role/puppetmaster.pp
A modules/role/manifests/puppetmaster/backend.pp
A modules/role/manifests/puppetmaster/frontend.pp
A modules/role/manifests/puppetmaster/labs.pp
4 files changed, 119 insertions(+), 117 deletions(-)
Approvals:
Alexandros Kosiaris: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/puppetmaster.pp b/manifests/role/puppetmaster.pp
deleted file mode 100644
index 8edcbc2..000
--- a/manifests/role/puppetmaster.pp
+++ /dev/null
@@ -1,117 +0,0 @@
-# vim: set tabstop=4 shiftwidth=4 softtabstop=4 expandtab textwidth=80 smarttab
-
-class role::puppetmaster::frontend {
-include passwords::puppet::database
-
-include role::backup::host
-backup::set { 'var-lib-puppet-ssl': }
-backup::set { 'var-lib-puppet-volatile': }
-
-system::role { 'puppetmaster':
-description => 'Puppetmaster frontend'
-}
-
-class { '::puppetmaster':
-server_type => 'frontend',
-workers => [
-{
-'worker' => 'palladium.eqiad.wmnet',
-'loadfactor' => 10,
-},
-{
-'worker' => 'strontium.eqiad.wmnet',
-'loadfactor' => 20,
-},
-],
-config => {
-'storeconfigs' => true, # Required by thin_storeconfigs on
puppet 3.x
-'thin_storeconfigs' => true,
-'dbadapter' => 'mysql',
-'dbuser'=> 'puppet',
-'dbpassword'=>
$passwords::puppet::database::puppet_production_db_pass,
-'dbserver' => 'm1-master.eqiad.wmnet',
-}
-}
-}
-
-class role::puppetmaster::backend {
-include passwords::puppet::database
-include base::firewall
-
-system::role { 'puppetmaster':
-description => 'Puppetmaster backend'
-}
-
-class { '::puppetmaster':
-server_type => 'backend',
-config => {
-'storeconfigs' => true, # Required by thin_storeconfigs on
puppet 3.x
-'thin_storeconfigs' => true,
-# lint:ignore:quoted_booleans
-# Not a simple boolean, this must be quoted.
-'ca'=> 'false',
-# lint:endignore
-'ca_server' => 'palladium.eqiad.wmnet',
-'dbadapter' => 'mysql',
-'dbuser'=> 'puppet',
-'dbpassword'=>
$passwords::puppet::database::puppet_production_db_pass,
-'dbserver' => 'm1-master.eqiad.wmnet',
-'dbconnections' => '256',
-}
-}
-
-ferm::service { 'puppetmaster-backend':
-proto => 'tcp',
-port => 8141,
-}
-
-$puppetmaster_hostname = hiera('puppetmaster')
-ferm::service { 'ssh_puppet_merge':
-proto => 'tcp',
-port => '22',
-srange => "@resolve(${puppetmaster_hostname})"
-}
-}
-
-class role::puppetmaster::labs {
-include network::constants
-
-$labs_ranges = [
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-a-eqiad']['ipv4'],
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-b-eqiad']['ipv4'],
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-c-eqiad']['ipv4'],
-
$network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-d-eqiad']['ipv4'],
-]
-
-include ldap::role::config::labs
-$ldapconfig = $ldap::role::config::labs::ldapconfig
-$basedn = $ldapconfig['basedn']
-
-# Only allow puppet access from the instances
-$allow_from = $::realm ? {
-'production' => flatten([$labs_ranges, '208.80.154.14']),
-'labs' => [ '192.168.0.0/21' ],
-}
-
-class { '::puppetmaster':
-server_name => hiera('labs_puppet_master'),
-allow_from => $allow_from,
-config => {
-'thin_storeconfigs' => false,
-'node_terminus' => 'ldap',
-'ldapserver'=> $ldapconfig['servernames'][0],
-'ldapbase' => "ou=hosts,${basedn}",
-'ldapstring'=>
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-'ldapuser' => $ldapconfig['proxyagent'],
-'ldappassword' => $ldapconfig['proxypass'],
-'ldaptls' => true,
-'autosign' =>
