[MediaWiki-commits] [Gerrit] operations/puppet[production]: base::resolving: explicitly pass arguments
Giuseppe Lavagetto has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/403440 ) Change subject: base::resolving: explicitly pass arguments .. base::resolving: explicitly pass arguments Instead of relying on top-scope variable overriding each other, do the following: * Remove the conditional on $nameserver_override in the resolv.conf template * Add $nameservers as a local variable, which defaults to $::nameservers * Pass the value from profile::base in case it's defined in hiera, and have care to exclude the IP of the current node from the list to avoid self-dependencies * Remove all the $nameservers_override from the node definitions and add those to per-site, per-role hiera Change-Id: Ib0926a8966db2066d87a9ddea4265ed741c07437 --- M hieradata/role/codfw/lvs/balancer.yaml M hieradata/role/codfw/recursor.yaml M hieradata/role/eqiad/lvs/balancer.yaml M hieradata/role/eqiad/recursor.yaml M hieradata/role/esams/lvs/balancer.yaml M hieradata/role/ulsfo/lvs/balancer.yaml M manifests/site.pp M modules/base/manifests/resolving.pp M modules/base/spec/classes/resolving_spec.rb M modules/base/templates/resolv.conf.erb M modules/profile/manifests/base.pp 11 files changed, 51 insertions(+), 53 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/role/codfw/lvs/balancer.yaml b/hieradata/role/codfw/lvs/balancer.yaml index 5fd35e0..19d968c 100644 --- a/hieradata/role/codfw/lvs/balancer.yaml +++ b/hieradata/role/codfw/lvs/balancer.yaml @@ -8,3 +8,11 @@ - public1-b-codfw - public1-c-codfw - public1-d-codfw +# lvs200[25] are LVS balancers for the codfw recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (acamar and achernar) with fallback to eqiad +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '208.80.153.12' # acamar + - '208.80.153.42' # achenar + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/codfw/recursor.yaml b/hieradata/role/codfw/recursor.yaml index d3fb55e..7f5238b 100644 --- a/hieradata/role/codfw/recursor.yaml +++ b/hieradata/role/codfw/recursor.yaml @@ -1,3 +1,8 @@ profile::bird::neighbors_list: - 208.80.153.192 # cr1-codfw loopback - 208.80.153.193 # cr2-codfw loopback +profile::base::nameservers: +# - '208.80.153.12' # acamar +# - '208.80.153.42' # achenar + - '208.80.153.254' # codfw lvs + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/eqiad/lvs/balancer.yaml b/hieradata/role/eqiad/lvs/balancer.yaml index 4b1764e..b14b9ba 100644 --- a/hieradata/role/eqiad/lvs/balancer.yaml +++ b/hieradata/role/eqiad/lvs/balancer.yaml @@ -8,3 +8,11 @@ - public1-b-eqiad - public1-c-eqiad - public1-d-eqiad +# lvs100[25] are LVS balancers for the eqiad recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (chromium and hydrogen) with fallback to codfw +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '208.80.154.50' # hydrogen + - '208.80.154.157' # chromium + - '208.80.153.254' # codfw lvs diff --git a/hieradata/role/eqiad/recursor.yaml b/hieradata/role/eqiad/recursor.yaml index 446f990..d560dc0 100644 --- a/hieradata/role/eqiad/recursor.yaml +++ b/hieradata/role/eqiad/recursor.yaml @@ -1,3 +1,8 @@ profile::bird::neighbors_list: - 208.80.154.196 # cr1-eqiad loopback - 208.80.154.197 # cr2-eqiad loopback +profile::base::nameservers: +# - '208.80.154.50' # hydrogen +# - '208.80.154.157' # chromium + - '208.80.154.254' # eqiad lvs + - '208.80.153.254' # codfw lvs diff --git a/hieradata/role/esams/lvs/balancer.yaml b/hieradata/role/esams/lvs/balancer.yaml index c4e9150..3b1d667 100644 --- a/hieradata/role/esams/lvs/balancer.yaml +++ b/hieradata/role/esams/lvs/balancer.yaml @@ -1,3 +1,11 @@ profile::pybal::config_host: conf1003.eqiad.wmnet profile::lvs::tagged_subnets: - public1-esams +# lvs300[24] are LVS balancers for the esams recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (nescio and maerlant) with fallback to eqiad +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '91.198.174.106' # nescio + - '91.198.174.122' # maerlant + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/ulsfo/lvs/balancer.yaml b/hieradata/role/ulsfo/lvs/balancer.yaml index ada9df4..d4976fb 100644 --- a/hieradata/role/ulsfo/lvs/balancer.yaml +++ b/hieradata/role/ulsfo/lvs/balancer.yaml @@ -1,2 +1,7 @@ profile::pybal::config_host: conf2003.codfw.wmnet profile::lvs::tagged_subnets: [] +# ns override for all lvs for now, see T103921 +profile::base::nameservers: + - '208.80.153.12' # acamar + - '208.80.153.42' # achenar + - '208.80.154.254' # eqiad lvs diff --git a/manifests/site.pp b/manifests/site.pp index b5b4d43..8803b67 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -12,17 +12,11 @@
[MediaWiki-commits] [Gerrit] operations/puppet[production]: base::resolving: explicitly pass arguments
Giuseppe Lavagetto has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/403440 )
Change subject: base::resolving: explicitly pass arguments
..
base::resolving: explicitly pass arguments
Instead of relying on top-scope variable overriding each other, do the
following:
* Remove the conditional on $nameserver_override in the resolv.conf
template
* Add $nameservers as a local variable, which defaults to $::nameservers
* Pass the value from profile::base in case it's defined in hiera, and
have care to exclude the IP of the current node from the list to avoid
self-dependencies
* Remove all the $nameservers_override from the node definitions and add
those to per-site, per-role hiera
Change-Id: Ib0926a8966db2066d87a9ddea4265ed741c07437
---
M hieradata/role/codfw/lvs/balancer.yaml
M hieradata/role/codfw/recursor.yaml
M hieradata/role/eqiad/lvs/balancer.yaml
M hieradata/role/eqiad/recursor.yaml
M hieradata/role/esams/lvs/balancer.yaml
M hieradata/role/ulsfo/lvs/balancer.yaml
M manifests/site.pp
M modules/base/manifests/resolving.pp
M modules/base/templates/resolv.conf.erb
M modules/profile/manifests/base.pp
10 files changed, 45 insertions(+), 49 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/40/403440/1
diff --git a/hieradata/role/codfw/lvs/balancer.yaml
b/hieradata/role/codfw/lvs/balancer.yaml
index 5fd35e0..19d968c 100644
--- a/hieradata/role/codfw/lvs/balancer.yaml
+++ b/hieradata/role/codfw/lvs/balancer.yaml
@@ -8,3 +8,11 @@
- public1-b-codfw
- public1-c-codfw
- public1-d-codfw
+# lvs200[25] are LVS balancers for the codfw recursive DNS IP,
+# so they need to use the recursive DNS backends directly
+# (acamar and achernar) with fallback to eqiad
+# (doing this for all lvs for now, see T103921)
+profile::base::nameservers:
+ - '208.80.153.12' # acamar
+ - '208.80.153.42' # achenar
+ - '208.80.154.254' # eqiad lvs
diff --git a/hieradata/role/codfw/recursor.yaml
b/hieradata/role/codfw/recursor.yaml
index d3fb55e..1b56bf8 100644
--- a/hieradata/role/codfw/recursor.yaml
+++ b/hieradata/role/codfw/recursor.yaml
@@ -1,3 +1,7 @@
profile::bird::neighbors_list:
- 208.80.153.192 # cr1-codfw loopback
- 208.80.153.193 # cr2-codfw loopback
+profile::base::nameservers:
+ - '208.80.153.12' # acamar
+ - '208.80.153.42' # achenar
+ - '208.80.154.254' # eqiad lvs
diff --git a/hieradata/role/eqiad/lvs/balancer.yaml
b/hieradata/role/eqiad/lvs/balancer.yaml
index 4b1764e..b14b9ba 100644
--- a/hieradata/role/eqiad/lvs/balancer.yaml
+++ b/hieradata/role/eqiad/lvs/balancer.yaml
@@ -8,3 +8,11 @@
- public1-b-eqiad
- public1-c-eqiad
- public1-d-eqiad
+# lvs100[25] are LVS balancers for the eqiad recursive DNS IP,
+# so they need to use the recursive DNS backends directly
+# (chromium and hydrogen) with fallback to codfw
+# (doing this for all lvs for now, see T103921)
+profile::base::nameservers:
+ - '208.80.154.50' # hydrogen
+ - '208.80.154.157' # chromium
+ - '208.80.153.254' # codfw lvs
diff --git a/hieradata/role/eqiad/recursor.yaml
b/hieradata/role/eqiad/recursor.yaml
index 446f990..043a099 100644
--- a/hieradata/role/eqiad/recursor.yaml
+++ b/hieradata/role/eqiad/recursor.yaml
@@ -1,3 +1,7 @@
profile::bird::neighbors_list:
- 208.80.154.196 # cr1-eqiad loopback
- 208.80.154.197 # cr2-eqiad loopback
+profile::base::nameservers:
+ - '208.80.154.50' # hydrogen
+ - '208.80.154.157' # chromium
+ - '208.80.153.254' # codfw lvs
diff --git a/hieradata/role/esams/lvs/balancer.yaml
b/hieradata/role/esams/lvs/balancer.yaml
index c4e9150..3b1d667 100644
--- a/hieradata/role/esams/lvs/balancer.yaml
+++ b/hieradata/role/esams/lvs/balancer.yaml
@@ -1,3 +1,11 @@
profile::pybal::config_host: conf1003.eqiad.wmnet
profile::lvs::tagged_subnets:
- public1-esams
+# lvs300[24] are LVS balancers for the esams recursive DNS IP,
+# so they need to use the recursive DNS backends directly
+# (nescio and maerlant) with fallback to eqiad
+# (doing this for all lvs for now, see T103921)
+profile::base::nameservers:
+ - '91.198.174.106' # nescio
+ - '91.198.174.122' # maerlant
+ - '208.80.154.254' # eqiad lvs
diff --git a/hieradata/role/ulsfo/lvs/balancer.yaml
b/hieradata/role/ulsfo/lvs/balancer.yaml
index ada9df4..d4976fb 100644
--- a/hieradata/role/ulsfo/lvs/balancer.yaml
+++ b/hieradata/role/ulsfo/lvs/balancer.yaml
@@ -1,2 +1,7 @@
profile::pybal::config_host: conf2003.codfw.wmnet
profile::lvs::tagged_subnets: []
+# ns override for all lvs for now, see T103921
+profile::base::nameservers:
+ - '208.80.153.12' # acamar
+ - '208.80.153.42' # achenar
+ - '208.80.154.254' # eqiad lvs
diff --git a/manifests/site.pp b/manifests/site.pp
index 020e122..00eae02 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -12,17 +12,11 @@
node 'acamar.wikimedia.org' {
role(recursor)
-# use achernar (directly) + eqiad LVS (avoid self-dep)
-
