Ryan Lane has submitted this change and it was merged.
Change subject: Enable keystone redis driver for eqiad.
......................................................................
Enable keystone redis driver for eqiad.
Change-Id: Ide28fd3edcce6e0dc312533b25126107d26ab318
---
M manifests/openstack.pp
M manifests/role/keystone.pp
2 files changed, 33 insertions(+), 8 deletions(-)
Approvals:
Ryan Lane: Looks good to me, approved
Andrew Bogott: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/manifests/openstack.pp b/manifests/openstack.pp
index e2e8440..c417d84 100644
--- a/manifests/openstack.pp
+++ b/manifests/openstack.pp
@@ -17,10 +17,15 @@
ferm::rule { 'ldap_backend_private_labs':
rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (1389
1636) ACCEPT;',
}
- ferm::rule {' ldap_admin_replication':
+ ferm::rule { 'ldap_admin_replication':
rule => "saddr (10.0.0.244 $other_master) proto tcp dport (4444 8989)
ACCEPT;",
}
+ # Redis replication for keystone
+ ferm::rule { 'redis_replication':
+ rule => "saddr ($other_master) proto tcp dport (6379) ACCEPT;",
+ }
+
# internal services to Labs virt servers
ferm::rule { 'keystone':
rule => "saddr ($other_master $labs_nodes) proto tcp dport (5000
35357) ACCEPT;",
diff --git a/manifests/role/keystone.pp b/manifests/role/keystone.pp
index 4964463..9073cf1 100644
--- a/manifests/role/keystone.pp
+++ b/manifests/role/keystone.pp
@@ -5,13 +5,6 @@
db_name => "keystone",
db_user => "keystone",
db_pass => $passwords::openstack::keystone::keystone_db_pass,
- token_driver => $realm ? {
- 'production' => 'sql',
- 'labs' => 'redis',
- },
- token_driver_password => $realm ? {
- 'labs' =>
$passwords::openstack::keystone::keystone_db_pass,
- },
ldap_base_dn => "dc=wikimedia,dc=org",
ldap_user_dn => "uid=novaadmin,ou=people,dc=wikimedia,dc=org",
ldap_user_id_attribute => "uid",
@@ -40,6 +33,13 @@
"production" => "208.80.152.32",
"labs" => "127.0.0.1",
},
+ token_driver => $realm ? {
+ 'production' => 'sql',
+ 'labs' => 'redis',
+ },
+ token_driver_password => $realm ? {
+ 'labs' =>
$passwords::openstack::keystone::keystone_db_pass,
+ },
}
$keystoneconfig = merge($pmtpakeystoneconfig, $commonkeystoneconfig)
}
@@ -58,6 +58,13 @@
"production" => "208.80.154.18",
"labs" => "127.0.0.1",
},
+ token_driver => $realm ? {
+ 'production' => 'redis',
+ 'labs' => 'redis',
+ },
+ token_driver_password => $realm ? {
+ 'labs' =>
$passwords::openstack::keystone::keystone_db_pass,
+ },
}
$keystoneconfig = merge($eqiadkeystoneconfig, $commonkeystoneconfig)
}
@@ -74,6 +81,19 @@
class { "openstack::keystone-service": openstack_version =>
$openstack_version, keystoneconfig => $keystoneconfig }
}
+class role::keystone::redis {
+ include passwords::openstack::keystone
+
+ class { "::redis":
+ maxmemory => "250mb",
+ persist => "aof",
+ redis_replication => { 'virt0.pmtpa.wmnet' =>
'virt1000.eqiad.wmnet' },
+ password =>
$passwords::openstack::keystone::keystone_db_pass,
+ dir => "/var/lib/redis/",
+ auto_aof_rewrite_min_size => "64mb",
+ }
+}
+
class role::keystone::redis::labs {
include passwords::openstack::keystone
--
To view, visit https://gerrit.wikimedia.org/r/114423
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ide28fd3edcce6e0dc312533b25126107d26ab318
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ryan Lane <rl...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Ryan Lane <rl...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
