[MediaWiki-commits] [Gerrit] puppetmaster: Move the role into the role module - change (operations/puppet)
Alexandros Kosiaris has uploaded a new change for review. https://gerrit.wikimedia.org/r/248850 Change subject: puppetmaster: Move the role into the role module .. puppetmaster: Move the role into the role module Move the puppetmaster role into the role module Change-Id: I3571dab849cc8874367ec57dedbb3a1fb34aef92 --- D manifests/role/puppetmaster.pp A modules/role/manifests/puppetmaster/backend.pp A modules/role/manifests/puppetmaster/frontend.pp A modules/role/manifests/puppetmaster/labs.pp 4 files changed, 119 insertions(+), 117 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/50/248850/1 diff --git a/manifests/role/puppetmaster.pp b/manifests/role/puppetmaster.pp deleted file mode 100644 index 8edcbc2..000 --- a/manifests/role/puppetmaster.pp +++ /dev/null @@ -1,117 +0,0 @@ -# vim: set tabstop=4 shiftwidth=4 softtabstop=4 expandtab textwidth=80 smarttab - -class role::puppetmaster::frontend { -include passwords::puppet::database - -include role::backup::host -backup::set { 'var-lib-puppet-ssl': } -backup::set { 'var-lib-puppet-volatile': } - -system::role { 'puppetmaster': -description => 'Puppetmaster frontend' -} - -class { '::puppetmaster': -server_type => 'frontend', -workers => [ -{ -'worker' => 'palladium.eqiad.wmnet', -'loadfactor' => 10, -}, -{ -'worker' => 'strontium.eqiad.wmnet', -'loadfactor' => 20, -}, -], -config => { -'storeconfigs' => true, # Required by thin_storeconfigs on puppet 3.x -'thin_storeconfigs' => true, -'dbadapter' => 'mysql', -'dbuser'=> 'puppet', -'dbpassword'=> $passwords::puppet::database::puppet_production_db_pass, -'dbserver' => 'm1-master.eqiad.wmnet', -} -} -} - -class role::puppetmaster::backend { -include passwords::puppet::database -include base::firewall - -system::role { 'puppetmaster': -description => 'Puppetmaster backend' -} - -class { '::puppetmaster': -server_type => 'backend', -config => { -'storeconfigs' => true, # Required by thin_storeconfigs on puppet 3.x -'thin_storeconfigs' => true, -# lint:ignore:quoted_booleans -# Not a simple boolean, this must be quoted. -'ca'=> 'false', -# lint:endignore -'ca_server' => 'palladium.eqiad.wmnet', -'dbadapter' => 'mysql', -'dbuser'=> 'puppet', -'dbpassword'=> $passwords::puppet::database::puppet_production_db_pass, -'dbserver' => 'm1-master.eqiad.wmnet', -'dbconnections' => '256', -} -} - -ferm::service { 'puppetmaster-backend': -proto => 'tcp', -port => 8141, -} - -$puppetmaster_hostname = hiera('puppetmaster') -ferm::service { 'ssh_puppet_merge': -proto => 'tcp', -port => '22', -srange => "@resolve(${puppetmaster_hostname})" -} -} - -class role::puppetmaster::labs { -include network::constants - -$labs_ranges = [ - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-a-eqiad']['ipv4'], - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-b-eqiad']['ipv4'], - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-c-eqiad']['ipv4'], - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-d-eqiad']['ipv4'], -] - -include ldap::role::config::labs -$ldapconfig = $ldap::role::config::labs::ldapconfig -$basedn = $ldapconfig['basedn'] - -# Only allow puppet access from the instances -$allow_from = $::realm ? { -'production' => flatten([$labs_ranges, '208.80.154.14']), -'labs' => [ '192.168.0.0/21' ], -} - -class { '::puppetmaster': -server_name => hiera('labs_puppet_master'), -allow_from => $allow_from, -config => { -'thin_storeconfigs' => false, -'node_terminus' => 'ldap', -'ldapserver'=> $ldapconfig['servernames'][0], -'ldapbase' => "ou=hosts,${basedn}", -'ldapstring'=> '(&(objectclass=puppetClient)(associatedDomain=%s))', -'ldapuser' => $ldapconfig['proxyagent'], -'ldappassword' => $ldapconfig['proxypass'], -'ldaptls' => true, -
[MediaWiki-commits] [Gerrit] puppetmaster: Move the role into the role module - change (operations/puppet)
Alexandros Kosiaris has submitted this change and it was merged. Change subject: puppetmaster: Move the role into the role module .. puppetmaster: Move the role into the role module Move the puppetmaster role into the role module Change-Id: I3571dab849cc8874367ec57dedbb3a1fb34aef92 --- D manifests/role/puppetmaster.pp A modules/role/manifests/puppetmaster/backend.pp A modules/role/manifests/puppetmaster/frontend.pp A modules/role/manifests/puppetmaster/labs.pp 4 files changed, 119 insertions(+), 117 deletions(-) Approvals: Alexandros Kosiaris: Verified; Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/puppetmaster.pp b/manifests/role/puppetmaster.pp deleted file mode 100644 index 8edcbc2..000 --- a/manifests/role/puppetmaster.pp +++ /dev/null @@ -1,117 +0,0 @@ -# vim: set tabstop=4 shiftwidth=4 softtabstop=4 expandtab textwidth=80 smarttab - -class role::puppetmaster::frontend { -include passwords::puppet::database - -include role::backup::host -backup::set { 'var-lib-puppet-ssl': } -backup::set { 'var-lib-puppet-volatile': } - -system::role { 'puppetmaster': -description => 'Puppetmaster frontend' -} - -class { '::puppetmaster': -server_type => 'frontend', -workers => [ -{ -'worker' => 'palladium.eqiad.wmnet', -'loadfactor' => 10, -}, -{ -'worker' => 'strontium.eqiad.wmnet', -'loadfactor' => 20, -}, -], -config => { -'storeconfigs' => true, # Required by thin_storeconfigs on puppet 3.x -'thin_storeconfigs' => true, -'dbadapter' => 'mysql', -'dbuser'=> 'puppet', -'dbpassword'=> $passwords::puppet::database::puppet_production_db_pass, -'dbserver' => 'm1-master.eqiad.wmnet', -} -} -} - -class role::puppetmaster::backend { -include passwords::puppet::database -include base::firewall - -system::role { 'puppetmaster': -description => 'Puppetmaster backend' -} - -class { '::puppetmaster': -server_type => 'backend', -config => { -'storeconfigs' => true, # Required by thin_storeconfigs on puppet 3.x -'thin_storeconfigs' => true, -# lint:ignore:quoted_booleans -# Not a simple boolean, this must be quoted. -'ca'=> 'false', -# lint:endignore -'ca_server' => 'palladium.eqiad.wmnet', -'dbadapter' => 'mysql', -'dbuser'=> 'puppet', -'dbpassword'=> $passwords::puppet::database::puppet_production_db_pass, -'dbserver' => 'm1-master.eqiad.wmnet', -'dbconnections' => '256', -} -} - -ferm::service { 'puppetmaster-backend': -proto => 'tcp', -port => 8141, -} - -$puppetmaster_hostname = hiera('puppetmaster') -ferm::service { 'ssh_puppet_merge': -proto => 'tcp', -port => '22', -srange => "@resolve(${puppetmaster_hostname})" -} -} - -class role::puppetmaster::labs { -include network::constants - -$labs_ranges = [ - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-a-eqiad']['ipv4'], - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-b-eqiad']['ipv4'], - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-c-eqiad']['ipv4'], - $network::constants::all_network_subnets['production']['eqiad']['private']['labs-instances1-d-eqiad']['ipv4'], -] - -include ldap::role::config::labs -$ldapconfig = $ldap::role::config::labs::ldapconfig -$basedn = $ldapconfig['basedn'] - -# Only allow puppet access from the instances -$allow_from = $::realm ? { -'production' => flatten([$labs_ranges, '208.80.154.14']), -'labs' => [ '192.168.0.0/21' ], -} - -class { '::puppetmaster': -server_name => hiera('labs_puppet_master'), -allow_from => $allow_from, -config => { -'thin_storeconfigs' => false, -'node_terminus' => 'ldap', -'ldapserver'=> $ldapconfig['servernames'][0], -'ldapbase' => "ou=hosts,${basedn}", -'ldapstring'=> '(&(objectclass=puppetClient)(associatedDomain=%s))', -'ldapuser' => $ldapconfig['proxyagent'], -'ldappassword' => $ldapconfig['proxypass'], -'ldaptls' => true, -'autosign' =>