BBlack has uploaded a new change for review.
https://gerrit.wikimedia.org/r/230246
Change subject: Add cache_maps and related LVS config, using cp104[34]
......................................................................
Add cache_maps and related LVS config, using cp104[34]
Bug: T105076
Change-Id: If05c07a32e89c8c5ec73716281cf4526943f5b7e
---
M conftool-data/nodes/eqiad.yaml
M conftool-data/services/cache.yaml
M hieradata/common.yaml
A hieradata/common/cache/ipsec/maps.yaml
A hieradata/common/cache/maps.yaml
M hieradata/common/lvs/configuration.yaml
M hieradata/labs.yaml
M manifests/role/cache.pp
M manifests/site.pp
M modules/role/manifests/cache/configuration.pp
A modules/role/manifests/cache/maps.pp
M modules/role/manifests/lvs/balancer.pp
M modules/varnish/templates/vcl/wikimedia.vcl.erb
A templates/varnish/maps-backend.inc.vcl.web
A templates/varnish/maps-frontend.inc.vcl.erb
15 files changed, 244 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/46/230246/1
diff --git a/conftool-data/nodes/eqiad.yaml b/conftool-data/nodes/eqiad.yaml
index 78bf1ee..3d45f13 100644
--- a/conftool-data/nodes/eqiad.yaml
+++ b/conftool-data/nodes/eqiad.yaml
@@ -259,6 +259,9 @@
cp1073.eqiad.wmnet: [varnish-fe, varnish-be, nginx]
cp1074.eqiad.wmnet: [varnish-fe, varnish-be, nginx]
cp1099.eqiad.wmnet: [varnish-fe, varnish-be, nginx]
+cache_maps:
+ cp1043.eqiad.wmnet: [varnish-fe, varnish-be, nginx]
+ cp1044.eqiad.wmnet: [varnish-fe, varnish-be, nginx]
pdf:
ocg1001.eqiad.wmnet: [ocg]
ocg1002.eqiad.wmnet: [ocg]
diff --git a/conftool-data/services/cache.yaml
b/conftool-data/services/cache.yaml
index ad62f5e..70381f0 100644
--- a/conftool-data/services/cache.yaml
+++ b/conftool-data/services/cache.yaml
@@ -101,6 +101,28 @@
- eqiad
- esams
- ulsfo
+cache_maps:
+ varnish-fe:
+ port: 80
+ default_values:
+ "pooled": "no"
+ "weight": 1
+ datacenters:
+ - eqiad
+ varnish-be:
+ port: 3128
+ default_values:
+ "pooled": "no"
+ "weight": 100
+ datacenters:
+ - eqiad
+ nginx:
+ port: 443
+ default_values:
+ "pooled": "no"
+ "weight": 1
+ datacenters:
+ - eqiad
cache_misc:
varnish-fe:
port: 80
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 8702339..d818b9c 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -215,6 +215,11 @@
id: 50
sites:
codfw: []
+ cache_maps:
+ name: "Maps caches"
+ id: 51
+ sites:
+ eqiad: []
zookeeper_hosts:
conf1001.eqiad.wmnet: '1101'
conf1002.eqiad.wmnet: '1102'
diff --git a/hieradata/common/cache/ipsec/maps.yaml
b/hieradata/common/cache/ipsec/maps.yaml
new file mode 100644
index 0000000..deafd12
--- /dev/null
+++ b/hieradata/common/cache/ipsec/maps.yaml
@@ -0,0 +1,4 @@
+nodes:
+ eqiad:
+ - 'cp1043.eqiad.wmnet'
+ - 'cp1044.eqiad.wmnet'
diff --git a/hieradata/common/cache/maps.yaml b/hieradata/common/cache/maps.yaml
new file mode 100644
index 0000000..deafd12
--- /dev/null
+++ b/hieradata/common/cache/maps.yaml
@@ -0,0 +1,4 @@
+nodes:
+ eqiad:
+ - 'cp1043.eqiad.wmnet'
+ - 'cp1044.eqiad.wmnet'
diff --git a/hieradata/common/lvs/configuration.yaml
b/hieradata/common/lvs/configuration.yaml
index f554a2e..8835878 100644
--- a/hieradata/common/lvs/configuration.yaml
+++ b/hieradata/common/lvs/configuration.yaml
@@ -25,6 +25,10 @@
ulsfo:
uploadlb: 198.35.26.112
uploadlb6: 2620:0:863:ed1a::2:b
+ maps: &maps
+ eqiad:
+ mapslb: 208.80.154.244
+ mapslb6: 2620:0:861:ed1a::2:d
apaches: &apaches
eqiad: 10.2.2.1
codfw: 10.2.1.1
@@ -60,8 +64,6 @@
esams:
dns_rec: 91.198.174.216
dns_rec6: 2620:0:862:ed1a::3:fe
- osm: &osm
- eqiad: 208.80.154.244
misc_web: &misc_web
eqiad:
misc_weblb: 208.80.154.241
@@ -196,6 +198,46 @@
conftool:
cluster: cache_upload
service: nginx
+ maps:
+ description: "Maps service maps.%{::site}.wikimedia.org"
+ class: high-traffic2
+ sites:
+ - eqiad
+ ip: *maps
+ bgp: 'yes'
+ depool-threshold: ".5"
+ monitors:
+ IdleConnection:
+ timeout-clean-reconnect: 3
+ max-delay: 300
+ conftool:
+ cluster: cache_maps
+ service: varnish-fe
+ icinga:
+ uri: maps.wikimedia.org!/_info
+ sites:
+ eqiad:
+ hostname: maps-lb.eqiad.wikimedia.org
+ maps-https:
+ description: "Maps service maps.%{::site}.wikimedia.org"
+ class: high-traffic2
+ sites:
+ - eqiad
+ ip: *maps
+ port: 443
+ scheduler: sh
+ bgp: 'no'
+ depool-threshold: ".5"
+ monitors:
+ ProxyFetch:
+ url:
+ - https://maps.wikimedia.org/_info
+ IdleConnection:
+ timeout-clean-reconnect: 3
+ max-delay: 300
+ conftool:
+ cluster: cache_maps
+ service: nginx
mobile:
description: MediaWiki based mobile site
class: high-traffic1
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index 7811796..ca9326b 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -29,6 +29,9 @@
cache::parsoid::nodes:
eqiad:
- '127.0.0.1'
+cache::maps::nodes:
+ eqiad:
+ - '127.0.0.1'
role::cache::base::purge_host_only_upload_re: '^upload\.beta\.wmflabs\.org$'
role::cache::base::purge_host_not_upload_re: '^(?!upload\.beta\.wmflabs\.org)'
role::cache::2layer::storage_parts:
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index bb02cf5..b5b7895 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -15,5 +15,6 @@
@monitoring::group { 'cache_parsoid_eqiad': description => 'Parsoid caches
eqiad' }
@monitoring::group { 'cache_parsoid_codfw': description => 'Parsoid caches
codfw' }
@monitoring::group { 'cache_misc_eqiad': description => 'Misc caches eqiad' }
+@monitoring::group { 'cache_maps_eqiad': description => 'Maps caches eqiad' }
# If you're looking for something that used to be here, check
modules/role/manifests/cache/...
diff --git a/manifests/site.pp b/manifests/site.pp
index 9181bb8..a3bc805 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -395,8 +395,7 @@
node /^cp104[34]\.eqiad\.wmnet$/ {
interface::add_ip6_mapped { 'main': }
- include standard
- # formerly eqiad misc-cluster
+ role cache::maps
}
node 'cp1045.eqiad.wmnet', 'cp1058.eqiad.wmnet' {
diff --git a/modules/role/manifests/cache/configuration.pp
b/modules/role/manifests/cache/configuration.pp
index 5bb562a..f1896c6 100644
--- a/modules/role/manifests/cache/configuration.pp
+++ b/modules/role/manifests/cache/configuration.pp
@@ -27,6 +27,7 @@
},
'swift' => $lvs::configuration::service_ips['swift'],
'security_audit' => { 'eqiad' => [] }, # no audit backend for prod
at this time
+ 'kartotherian' => $lvs::configuration::service_ips['kartotherian'],
},
'labs' => {
'appservers' => {
diff --git a/modules/role/manifests/cache/maps.pp
b/modules/role/manifests/cache/maps.pp
new file mode 100644
index 0000000..89ae217
--- /dev/null
+++ b/modules/role/manifests/cache/maps.pp
@@ -0,0 +1,105 @@
+class role::cache::maps() {
+ system::role { 'role::cache::maps':
+ description => 'maps Varnish cache server',
+ }
+
+ class { 'varnish::htcppurger': varnish_instances => [ '127.0.0.1:80',
'127.0.0.1:3128' ] }
+
+ include role::cache::2layer
+
+ class { 'lvs::realserver':
+ realserver_ips => $lvs::configuration::service_ips['maps'][$::site],
+ }
+
+ $maps_nodes = hiera('cache::maps::nodes')
+ $site_maps_nodes = $maps_nodes[$::site]
+
+ $memory_storage_size = 12
+
+ include role::cache::ssl::unified
+
+ $varnish_be_directors = {
+ 'one' => {
+ 'backend' => {
+ 'dynamic' => 'no',
+ 'type' => 'random',
+ # XXX note explicit abnormal hack: cache only exists in eqiad,
service only exists in codfw...
+ 'backends' =>
$role::cache::configuration::backends[$::realm]['kartotherian']['codfw'],
+ },
+ },
+ # XXX maps has no tier-2, yet
+ }
+
+ if $::role::cache::configuration::has_ganglia {
+ include varnish::monitoring::ganglia::vhtcpd
+ }
+
+ $cluster_options = {
+ 'do_gzip' => true,
+ 'https_redirects' => true,
+ }
+
+ varnish::instance { 'maps-backend':
+ name => '',
+ vcl => 'maps-backend',
+ port => 3128,
+ admin_port => 6083,
+ runtime_parameters => ['default_ttl=86400'],
+ storage => $::role::cache::2layer::persistent_storage_args,
+ directors => $varnish_be_directors[$::site_tier],
+ vcl_config => {
+ 'cache4xx' => '1m',
+ 'layer' => 'backend',
+ },
+ backend_options =>
array_concat($::role::cache::2layer::backend_scaled_weights, [
+ {
+ 'backend_match' => '^cp[0-9]+\.eqiad.wmnet$',
+ 'port' => 3128,
+ 'probe' => 'varnish',
+ },
+ {
+ 'port' => 4000,
+ 'connect_timeout' => '5s',
+ 'first_byte_timeout' => '35s',
+ 'between_bytes_timeout' => '4s',
+ 'max_connections' => 1000,
+ 'probe' => 'maps',
+ },
+ ]),
+ cluster_options => $cluster_options,
+ }
+
+ varnish::instance { 'maps-frontend':
+ name => 'frontend',
+ vcl => 'maps-frontend',
+ port => 80,
+ admin_port => 6082,
+ runtime_parameters => ['default_ttl=86400'],
+ storage => "-s malloc,${memory_storage_size}G",
+ directors => {
+ 'backend' => {
+ 'dynamic' => 'yes',
+ 'type' => 'chash',
+ 'backends' => $site_maps_nodes,
+ },
+ },
+ vcl_config => {
+ 'retry503' => 1,
+ 'cache4xx' => '1m',
+ 'layer' => 'frontend',
+ },
+ backend_options =>
array_concat($::role::cache::2layer::backend_scaled_weights, [
+ {
+ 'port' => 3128,
+ 'connect_timeout' => '5s',
+ 'first_byte_timeout' => '35s',
+ 'between_bytes_timeout' => '2s',
+ 'max_connections' => 100000,
+ 'probe' => 'varnish',
+ },
+ ]),
+ cluster_options => $cluster_options,
+ }
+
+ include role::cache::logging
+}
diff --git a/modules/role/manifests/lvs/balancer.pp
b/modules/role/manifests/lvs/balancer.pp
index ddedad3..23dfb7b 100644
--- a/modules/role/manifests/lvs/balancer.pp
+++ b/modules/role/manifests/lvs/balancer.pp
@@ -18,8 +18,8 @@
],
/^(lvs100[25])$/ => [
$sip['upload'][$::site],
+ $sip['maps'][$::site],
$sip['dns_rec'][$::site],
- $sip['osm'][$::site],
$sip['misc_web'][$::site],
$sip['parsoidcache'][$::site],
$sip['stream'][$::site],
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index edd6ed6..2b44bcd 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -82,6 +82,14 @@
.threshold = 3;
}
+probe maps {
+ .url = "/_info";
+ .interval = 5s;
+ .timeout = 1s;
+ .window = 5;
+ .threshold = 3;
+}
+
# Backends
# List of Puppet generated backends
diff --git a/templates/varnish/maps-backend.inc.vcl.web
b/templates/varnish/maps-backend.inc.vcl.web
new file mode 100644
index 0000000..cc7532d
--- /dev/null
+++ b/templates/varnish/maps-backend.inc.vcl.web
@@ -0,0 +1,21 @@
+// Varnish VCL include file for maps backends
+
+include "errorpage.inc.vcl";
+
+sub vcl_recv {
+ call vcl_recv_purge;
+ return (lookup);
+}
+
+sub vcl_fetch {
+ // Cap TTL to 1 day for now (purging still hasn't been sorted out...)
+ if (beresp.ttl > 1d) {
+ set beresp.ttl = 1d;
+ }
+ return (deliver);
+}
+
+sub vcl_error {
+ call errorpage;
+ return (deliver);
+}
diff --git a/templates/varnish/maps-frontend.inc.vcl.erb
b/templates/varnish/maps-frontend.inc.vcl.erb
new file mode 100644
index 0000000..58463f4
--- /dev/null
+++ b/templates/varnish/maps-frontend.inc.vcl.erb
@@ -0,0 +1,21 @@
+// Varnish VCL include file for upload frontends
+
+include "errorpage.inc.vcl";
+
+sub vcl_recv {
+ call vcl_recv_purge;
+ return (lookup);
+}
+
+sub vcl_fetch {
+ // Cap TTL to 1 day for now (purging still hasn't been sorted out...)
+ if (beresp.ttl > 1d) {
+ set beresp.ttl = 1d;
+ }
+ return (deliver);
+}
+
+sub vcl_error {
+ call errorpage;
+ return (deliver);
+}
--
To view, visit https://gerrit.wikimedia.org/r/230246
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If05c07a32e89c8c5ec73716281cf4526943f5b7e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
