[MediaWiki-commits] [Gerrit] operations/puppet[production]: base::resolving: explicitly pass arguments
Giuseppe Lavagetto has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/403440 ) Change subject: base::resolving: explicitly pass arguments .. base::resolving: explicitly pass arguments Instead of relying on top-scope variable overriding each other, do the following: * Remove the conditional on $nameserver_override in the resolv.conf template * Add $nameservers as a local variable, which defaults to $::nameservers * Pass the value from profile::base in case it's defined in hiera, and have care to exclude the IP of the current node from the list to avoid self-dependencies * Remove all the $nameservers_override from the node definitions and add those to per-site, per-role hiera Change-Id: Ib0926a8966db2066d87a9ddea4265ed741c07437 --- M hieradata/role/codfw/lvs/balancer.yaml M hieradata/role/codfw/recursor.yaml M hieradata/role/eqiad/lvs/balancer.yaml M hieradata/role/eqiad/recursor.yaml M hieradata/role/esams/lvs/balancer.yaml M hieradata/role/ulsfo/lvs/balancer.yaml M manifests/site.pp M modules/base/manifests/resolving.pp M modules/base/spec/classes/resolving_spec.rb M modules/base/templates/resolv.conf.erb M modules/profile/manifests/base.pp 11 files changed, 51 insertions(+), 53 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/role/codfw/lvs/balancer.yaml b/hieradata/role/codfw/lvs/balancer.yaml index 5fd35e0..19d968c 100644 --- a/hieradata/role/codfw/lvs/balancer.yaml +++ b/hieradata/role/codfw/lvs/balancer.yaml @@ -8,3 +8,11 @@ - public1-b-codfw - public1-c-codfw - public1-d-codfw +# lvs200[25] are LVS balancers for the codfw recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (acamar and achernar) with fallback to eqiad +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '208.80.153.12' # acamar + - '208.80.153.42' # achenar + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/codfw/recursor.yaml b/hieradata/role/codfw/recursor.yaml index d3fb55e..7f5238b 100644 --- a/hieradata/role/codfw/recursor.yaml +++ b/hieradata/role/codfw/recursor.yaml @@ -1,3 +1,8 @@ profile::bird::neighbors_list: - 208.80.153.192 # cr1-codfw loopback - 208.80.153.193 # cr2-codfw loopback +profile::base::nameservers: +# - '208.80.153.12' # acamar +# - '208.80.153.42' # achenar + - '208.80.153.254' # codfw lvs + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/eqiad/lvs/balancer.yaml b/hieradata/role/eqiad/lvs/balancer.yaml index 4b1764e..b14b9ba 100644 --- a/hieradata/role/eqiad/lvs/balancer.yaml +++ b/hieradata/role/eqiad/lvs/balancer.yaml @@ -8,3 +8,11 @@ - public1-b-eqiad - public1-c-eqiad - public1-d-eqiad +# lvs100[25] are LVS balancers for the eqiad recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (chromium and hydrogen) with fallback to codfw +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '208.80.154.50' # hydrogen + - '208.80.154.157' # chromium + - '208.80.153.254' # codfw lvs diff --git a/hieradata/role/eqiad/recursor.yaml b/hieradata/role/eqiad/recursor.yaml index 446f990..d560dc0 100644 --- a/hieradata/role/eqiad/recursor.yaml +++ b/hieradata/role/eqiad/recursor.yaml @@ -1,3 +1,8 @@ profile::bird::neighbors_list: - 208.80.154.196 # cr1-eqiad loopback - 208.80.154.197 # cr2-eqiad loopback +profile::base::nameservers: +# - '208.80.154.50' # hydrogen +# - '208.80.154.157' # chromium + - '208.80.154.254' # eqiad lvs + - '208.80.153.254' # codfw lvs diff --git a/hieradata/role/esams/lvs/balancer.yaml b/hieradata/role/esams/lvs/balancer.yaml index c4e9150..3b1d667 100644 --- a/hieradata/role/esams/lvs/balancer.yaml +++ b/hieradata/role/esams/lvs/balancer.yaml @@ -1,3 +1,11 @@ profile::pybal::config_host: conf1003.eqiad.wmnet profile::lvs::tagged_subnets: - public1-esams +# lvs300[24] are LVS balancers for the esams recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (nescio and maerlant) with fallback to eqiad +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '91.198.174.106' # nescio + - '91.198.174.122' # maerlant + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/ulsfo/lvs/balancer.yaml b/hieradata/role/ulsfo/lvs/balancer.yaml index ada9df4..d4976fb 100644 --- a/hieradata/role/ulsfo/lvs/balancer.yaml +++ b/hieradata/role/ulsfo/lvs/balancer.yaml @@ -1,2 +1,7 @@ profile::pybal::config_host: conf2003.codfw.wmnet profile::lvs::tagged_subnets: [] +# ns override for all lvs for now, see T103921 +profile::base::nameservers: + - '208.80.153.12' # acamar + - '208.80.153.42' # achenar + - '208.80.154.254' # eqiad lvs diff --git a/manifests/site.pp b/manifests/site.pp index b5b4d43..8803b67 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -12,17 +12,11 @@
[MediaWiki-commits] [Gerrit] operations/puppet[production]: base::resolving: explicitly pass arguments
Giuseppe Lavagetto has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/403440 ) Change subject: base::resolving: explicitly pass arguments .. base::resolving: explicitly pass arguments Instead of relying on top-scope variable overriding each other, do the following: * Remove the conditional on $nameserver_override in the resolv.conf template * Add $nameservers as a local variable, which defaults to $::nameservers * Pass the value from profile::base in case it's defined in hiera, and have care to exclude the IP of the current node from the list to avoid self-dependencies * Remove all the $nameservers_override from the node definitions and add those to per-site, per-role hiera Change-Id: Ib0926a8966db2066d87a9ddea4265ed741c07437 --- M hieradata/role/codfw/lvs/balancer.yaml M hieradata/role/codfw/recursor.yaml M hieradata/role/eqiad/lvs/balancer.yaml M hieradata/role/eqiad/recursor.yaml M hieradata/role/esams/lvs/balancer.yaml M hieradata/role/ulsfo/lvs/balancer.yaml M manifests/site.pp M modules/base/manifests/resolving.pp M modules/base/templates/resolv.conf.erb M modules/profile/manifests/base.pp 10 files changed, 45 insertions(+), 49 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/40/403440/1 diff --git a/hieradata/role/codfw/lvs/balancer.yaml b/hieradata/role/codfw/lvs/balancer.yaml index 5fd35e0..19d968c 100644 --- a/hieradata/role/codfw/lvs/balancer.yaml +++ b/hieradata/role/codfw/lvs/balancer.yaml @@ -8,3 +8,11 @@ - public1-b-codfw - public1-c-codfw - public1-d-codfw +# lvs200[25] are LVS balancers for the codfw recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (acamar and achernar) with fallback to eqiad +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '208.80.153.12' # acamar + - '208.80.153.42' # achenar + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/codfw/recursor.yaml b/hieradata/role/codfw/recursor.yaml index d3fb55e..1b56bf8 100644 --- a/hieradata/role/codfw/recursor.yaml +++ b/hieradata/role/codfw/recursor.yaml @@ -1,3 +1,7 @@ profile::bird::neighbors_list: - 208.80.153.192 # cr1-codfw loopback - 208.80.153.193 # cr2-codfw loopback +profile::base::nameservers: + - '208.80.153.12' # acamar + - '208.80.153.42' # achenar + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/eqiad/lvs/balancer.yaml b/hieradata/role/eqiad/lvs/balancer.yaml index 4b1764e..b14b9ba 100644 --- a/hieradata/role/eqiad/lvs/balancer.yaml +++ b/hieradata/role/eqiad/lvs/balancer.yaml @@ -8,3 +8,11 @@ - public1-b-eqiad - public1-c-eqiad - public1-d-eqiad +# lvs100[25] are LVS balancers for the eqiad recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (chromium and hydrogen) with fallback to codfw +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '208.80.154.50' # hydrogen + - '208.80.154.157' # chromium + - '208.80.153.254' # codfw lvs diff --git a/hieradata/role/eqiad/recursor.yaml b/hieradata/role/eqiad/recursor.yaml index 446f990..043a099 100644 --- a/hieradata/role/eqiad/recursor.yaml +++ b/hieradata/role/eqiad/recursor.yaml @@ -1,3 +1,7 @@ profile::bird::neighbors_list: - 208.80.154.196 # cr1-eqiad loopback - 208.80.154.197 # cr2-eqiad loopback +profile::base::nameservers: + - '208.80.154.50' # hydrogen + - '208.80.154.157' # chromium + - '208.80.153.254' # codfw lvs diff --git a/hieradata/role/esams/lvs/balancer.yaml b/hieradata/role/esams/lvs/balancer.yaml index c4e9150..3b1d667 100644 --- a/hieradata/role/esams/lvs/balancer.yaml +++ b/hieradata/role/esams/lvs/balancer.yaml @@ -1,3 +1,11 @@ profile::pybal::config_host: conf1003.eqiad.wmnet profile::lvs::tagged_subnets: - public1-esams +# lvs300[24] are LVS balancers for the esams recursive DNS IP, +# so they need to use the recursive DNS backends directly +# (nescio and maerlant) with fallback to eqiad +# (doing this for all lvs for now, see T103921) +profile::base::nameservers: + - '91.198.174.106' # nescio + - '91.198.174.122' # maerlant + - '208.80.154.254' # eqiad lvs diff --git a/hieradata/role/ulsfo/lvs/balancer.yaml b/hieradata/role/ulsfo/lvs/balancer.yaml index ada9df4..d4976fb 100644 --- a/hieradata/role/ulsfo/lvs/balancer.yaml +++ b/hieradata/role/ulsfo/lvs/balancer.yaml @@ -1,2 +1,7 @@ profile::pybal::config_host: conf2003.codfw.wmnet profile::lvs::tagged_subnets: [] +# ns override for all lvs for now, see T103921 +profile::base::nameservers: + - '208.80.153.12' # acamar + - '208.80.153.42' # achenar + - '208.80.154.254' # eqiad lvs diff --git a/manifests/site.pp b/manifests/site.pp index 020e122..00eae02 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -12,17 +12,11 @@ node 'acamar.wikimedia.org' { role(recursor) -# use achernar (directly) + eqiad LVS (avoid self-dep) -