Alexandros Kosiaris has submitted this change and it was merged.
Change subject: Split base::puppet to it own file. Amend puppet freshness check
......................................................................
Split base::puppet to it own file. Amend puppet freshness check
While at it also create a base::puppet::params file holding the various
configuration variables. Do this to allow the usage of those variables
in other parts of the code as well. Use that in base::monitoring::host
to enable warning/critical alerting threshold population
Change-Id: I8a38b93328fb6925fbe2026b9757291904f5cb8c
---
M modules/base/manifests/init.pp
M modules/base/manifests/monitoring/host.pp
A modules/base/manifests/puppet.pp
A modules/base/manifests/puppet/params.pp
4 files changed, 180 insertions(+), 170 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/base/manifests/init.pp b/modules/base/manifests/init.pp
index 8cffa78..f374738 100644
--- a/modules/base/manifests/init.pp
+++ b/modules/base/manifests/init.pp
@@ -43,175 +43,6 @@
}
}
-class base::puppet($server='puppet', $certname=undef) {
-
- include passwords::puppet::database
-
- ## run puppet by cron and
- ## rotate puppet logs generated by cron
- ## This is in mins. Do not set this to 0 or > 60
- $interval = 20
- $crontime = fqdn_rand(60)
- # Calculate freshness interval in seconds (hence *60)
- $freshnessinterval = $interval * 60 * 6
-
- package { [ 'puppet', 'facter', 'coreutils' ]:
- ensure => latest,
- require => Apt::Puppet['base']
- }
-
- if $::lsbdistid == 'Ubuntu' and (versioncmp($::lsbdistrelease, '10.04') ==
0 or versioncmp($::lsbdistrelease, '8.04') == 0) {
- package {'timeout':
- ensure => latest,
- }
- }
-
- # monitoring via snmp traps
- package { 'snmp':
- ensure => latest,
- }
-
- file { '/etc/snmp':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0644',
- require => Package['snmp'],
- }
-
- file { '/etc/snmp/snmp.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => template('base/snmp.conf.erb'),
- require => [ Package['snmp'], File['/etc/snmp'] ],
- }
-
- monitor_service { 'puppet freshness':
- description => 'Puppet freshness',
- check_command => 'puppet-FAIL',
- passive => 'true',
- freshness => $freshnessinterval,
- retries => 1,
- }
-
- case $::realm {
- 'production': {
- exec { 'neon puppet snmp trap':
- command => "snmptrap -v 1 -c public neon.wikimedia.org
.1.3.6.1.4.1.33298 `hostname` 6 1004 `uptime | awk '{ split(\$3,a,\":\"); print
(a[1]*60+a[2])*60 }'`",
- path => '/bin:/usr/bin',
- require => Package['snmp'],
- }
- }
- 'labs': {
- # The next two notifications are read in by the labsstatus.rb
puppet report handler.
- # It needs to know project/hostname for nova access.
- notify{"instanceproject: ${::instanceproject}":}
- notify{"hostname: ${::instancename}":}
- exec { 'puppet snmp trap':
- command => "snmptrap -v 1 -c public icinga.eqiad.wmflabs
.1.3.6.1.4.1.33298 ${::instancename}.${::site}.wmflabs 6 1004 `uptime | awk '{
split(\$3,a,\":\"); print (a[1]*60+a[2])*60 }'`",
- path => '/bin:/usr/bin',
- require => Package['snmp'],
- }
- }
- default: {
- err('realm must be either "labs" or "production".')
- }
- }
-
- file { '/etc/default/puppet':
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/base/puppet/puppet.default',
- }
-
- file { '/etc/puppet/puppet.conf':
- ensure => 'file',
- owner => 'root',
- group => 'root',
- mode => '0444',
- notify => Exec['compile puppet.conf'],
- }
-
- file { '/etc/puppet/puppet.conf.d/':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0550',
- }
-
- file { '/etc/puppet/puppet.conf.d/10-main.conf':
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => template('base/puppet.conf.d/10-main.conf.erb'),
- notify => Exec['compile puppet.conf'],
- }
-
- if $::realm == 'labs' {
- # Clear master certs if puppet.conf changed
- exec { 'delete master certs':
- path => '/usr/bin:/bin',
- command => 'rm -f /var/lib/puppet/ssl/certs/ca.pem; rm -f
/var/lib/puppet/ssl/crl.pem; rm -f /root/allowcertdeletion',
- onlyif => 'test -f /root/allowcertdeletion',
- subscribe => File['/etc/puppet/puppet.conf.d/10-main.conf'],
- refreshonly => true,
- }
- }
-
- file { '/etc/init.d/puppet':
- owner => 'root',
- group => 'root',
- mode => '0555',
- source => 'puppet:///modules/base/puppet/puppet.init',
- }
-
- class { 'puppet_statsd':
- statsd_host => 'statsd.eqiad.wmnet',
- metric_format => 'puppet.<%= metric %>',
- }
-
- # Compile /etc/puppet/puppet.conf from individual files in
/etc/puppet/puppet.conf.d
- exec { 'compile puppet.conf':
- path => '/usr/bin:/bin',
- command => "cat /etc/puppet/puppet.conf.d/??-*.conf >
/etc/puppet/puppet.conf",
- refreshonly => true,
- }
-
- ## do not use puppet agent
- service {'puppet':
- ensure => stopped,
- enable => false,
- }
-
- file { '/etc/cron.d/puppet':
- require => File['/etc/default/puppet'],
- mode => '0444',
- owner => 'root',
- group => 'root',
- content => template('base/puppet.cron.erb'),
- }
-
- file { '/etc/logrotate.d/puppet':
- mode => '0444',
- owner => 'root',
- group => 'root',
- source => 'puppet:///modules/base/logrotate/puppet',
- }
-
- # Report the last puppet run in MOTD
- if $::lsbdistid == 'Ubuntu' and versioncmp($::lsbdistrelease, '9.10') >= 0
{
- file { '/etc/update-motd.d/97-last-puppet-run':
- owner => 'root',
- group => 'root',
- mode => '0555',
- source => 'puppet:///modules/base/puppet/97-last-puppet-run',
- }
- }
-}
-
class base::remote-syslog {
if ($::lsbdistid == 'Ubuntu') and
($::hostname != 'nfs1') and
diff --git a/modules/base/manifests/monitoring/host.pp
b/modules/base/manifests/monitoring/host.pp
index 1d7b235..e102f4c 100644
--- a/modules/base/manifests/monitoring/host.pp
+++ b/modules/base/manifests/monitoring/host.pp
@@ -17,6 +17,8 @@
# admins
#
class base::monitoring::host($contact_group = 'admins') {
+ include base::puppet::params # In order to be able to use some variables
+
monitor_host { $::hostname:
contact_group => $contact_group
}
@@ -115,9 +117,11 @@
description => 'puppet disabled',
nrpe_command => '/usr/local/lib/nagios/plugins/check_puppet_disabled',
}
+ $warninginterval = $base::puppet::params::freshnessinterval
+ $criticalinterval = $base::puppet::params::freshnessinterval * 2
nrpe::monitor_service { 'puppet_checkpuppetrun':
description => 'puppet last run',
- nrpe_command => '/usr/local/lib/nagios/plugins/check_puppetrun',
+ nrpe_command => "/usr/local/lib/nagios/plugins/check_puppetrun -c
${warninginterval} -c ${criticalinterval}",
}
nrpe::monitor_service {'check_eth':
description => 'check configured eth',
diff --git a/modules/base/manifests/puppet.pp b/modules/base/manifests/puppet.pp
new file mode 100644
index 0000000..fdf48a7
--- /dev/null
+++ b/modules/base/manifests/puppet.pp
@@ -0,0 +1,166 @@
+class base::puppet($server='puppet', $certname=undef) {
+
+ include passwords::puppet::database
+ include base::puppet::params
+ $interval = $base::puppet::params::interval
+ $crontime = $base::puppet::params::crontime
+ $freshnessinterval = $base::puppet::params::freshnessinterval
+
+
+ package { [ 'puppet', 'facter', 'coreutils' ]:
+ ensure => latest,
+ require => Apt::Puppet['base']
+ }
+
+ if $::lsbdistid == 'Ubuntu' and (versioncmp($::lsbdistrelease, '10.04') ==
0 or versioncmp($::lsbdistrelease, '8.04') == 0) {
+ package {'timeout':
+ ensure => latest,
+ }
+ }
+
+ # monitoring via snmp traps
+ package { 'snmp':
+ ensure => latest,
+ }
+
+ file { '/etc/snmp':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ require => Package['snmp'],
+ }
+
+ file { '/etc/snmp/snmp.conf':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template('base/snmp.conf.erb'),
+ require => [ Package['snmp'], File['/etc/snmp'] ],
+ }
+
+ monitor_service { 'puppet freshness':
+ description => 'Puppet freshness',
+ check_command => 'puppet-FAIL',
+ passive => 'true',
+ freshness => $freshnessinterval,
+ retries => 1,
+ }
+
+ case $::realm {
+ 'production': {
+ exec { 'neon puppet snmp trap':
+ command => "snmptrap -v 1 -c public neon.wikimedia.org
.1.3.6.1.4.1.33298 `hostname` 6 1004 `uptime | awk '{ split(\$3,a,\":\"); print
(a[1]*60+a[2])*60 }'`",
+ path => '/bin:/usr/bin',
+ require => Package['snmp'],
+ }
+ }
+ 'labs': {
+ # The next two notifications are read in by the labsstatus.rb
puppet report handler.
+ # It needs to know project/hostname for nova access.
+ notify{"instanceproject: ${::instanceproject}":}
+ notify{"hostname: ${::instancename}":}
+ exec { 'puppet snmp trap':
+ command => "snmptrap -v 1 -c public icinga.eqiad.wmflabs
.1.3.6.1.4.1.33298 ${::instancename}.${::site}.wmflabs 6 1004 `uptime | awk '{
split(\$3,a,\":\"); print (a[1]*60+a[2])*60 }'`",
+ path => '/bin:/usr/bin',
+ require => Package['snmp'],
+ }
+ }
+ default: {
+ err('realm must be either "labs" or "production".')
+ }
+ }
+
+ file { '/etc/default/puppet':
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///modules/base/puppet/puppet.default',
+ }
+
+ file { '/etc/puppet/puppet.conf':
+ ensure => 'file',
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ notify => Exec['compile puppet.conf'],
+ }
+
+ file { '/etc/puppet/puppet.conf.d/':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0550',
+ }
+
+ file { '/etc/puppet/puppet.conf.d/10-main.conf':
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template('base/puppet.conf.d/10-main.conf.erb'),
+ notify => Exec['compile puppet.conf'],
+ }
+
+ if $::realm == 'labs' {
+ # Clear master certs if puppet.conf changed
+ exec { 'delete master certs':
+ path => '/usr/bin:/bin',
+ command => 'rm -f /var/lib/puppet/ssl/certs/ca.pem; rm -f
/var/lib/puppet/ssl/crl.pem; rm -f /root/allowcertdeletion',
+ onlyif => 'test -f /root/allowcertdeletion',
+ subscribe => File['/etc/puppet/puppet.conf.d/10-main.conf'],
+ refreshonly => true,
+ }
+ }
+
+ file { '/etc/init.d/puppet':
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///modules/base/puppet/puppet.init',
+ }
+
+ class { 'puppet_statsd':
+ statsd_host => 'statsd.eqiad.wmnet',
+ metric_format => 'puppet.<%= metric %>',
+ }
+
+ # Compile /etc/puppet/puppet.conf from individual files in
/etc/puppet/puppet.conf.d
+ exec { 'compile puppet.conf':
+ path => '/usr/bin:/bin',
+ command => "cat /etc/puppet/puppet.conf.d/??-*.conf >
/etc/puppet/puppet.conf",
+ refreshonly => true,
+ }
+
+ ## do not use puppet agent
+ service {'puppet':
+ ensure => stopped,
+ enable => false,
+ }
+
+ file { '/etc/cron.d/puppet':
+ require => File['/etc/default/puppet'],
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ content => template('base/puppet.cron.erb'),
+ }
+
+ file { '/etc/logrotate.d/puppet':
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ source => 'puppet:///modules/base/logrotate/puppet',
+ }
+
+ # Report the last puppet run in MOTD
+ if $::lsbdistid == 'Ubuntu' and versioncmp($::lsbdistrelease, '9.10') >= 0
{
+ file { '/etc/update-motd.d/97-last-puppet-run':
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///modules/base/puppet/97-last-puppet-run',
+ }
+ }
+}
+
diff --git a/modules/base/manifests/puppet/params.pp
b/modules/base/manifests/puppet/params.pp
new file mode 100644
index 0000000..11be0e3
--- /dev/null
+++ b/modules/base/manifests/puppet/params.pp
@@ -0,0 +1,9 @@
+class base::puppet::params {
+ ## run puppet by cron and
+ ## rotate puppet logs generated by cron
+ ## This is in mins. Do not set this to 0 or > 60
+ $interval = 20
+ $crontime = fqdn_rand(60)
+ # Calculate freshness interval in seconds (hence *60)
+ $freshnessinterval = $interval * 60 * 6
+}
--
To view, visit https://gerrit.wikimedia.org/r/142553
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I8a38b93328fb6925fbe2026b9757291904f5cb8c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
