BBlack has uploaded a new change for review. https://gerrit.wikimedia.org/r/275124
Change subject: varnishes: control applayer DC routing from hieradata ...................................................................... varnishes: control applayer DC routing from hieradata This is the commit that rids Traffic infrastructure of all remaining references to $::mw_primary. Note: this seems more-complicated than it has to be (i.e. why not make the backend selection explicit in hieradata instead of double-referencing with a 'route' attribute), but this direction gets closer to support for a magical 'route: split', which uses cache::route_table data to do active:active properly, even for future cache-only-DC pass-traffic directly to the applayer (once TLS is working!). Bug: T127484 Change-Id: Ia5f1d56a584a6c4ca89f0532c7fd2225a7b7a9f8 --- M hieradata/common/cache/maps.yaml M hieradata/common/cache/text.yaml M hieradata/common/cache/upload.yaml M modules/role/manifests/cache/maps.pp M modules/role/manifests/cache/text.pp M modules/role/manifests/cache/upload.pp 6 files changed, 20 insertions(+), 13 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/24/275124/1 diff --git a/hieradata/common/cache/maps.yaml b/hieradata/common/cache/maps.yaml index f1efe0e..fe335b5 100644 --- a/hieradata/common/cache/maps.yaml +++ b/hieradata/common/cache/maps.yaml @@ -4,5 +4,6 @@ - 'cp1044.eqiad.wmnet' apps: kartotherian: + route: 'codfw' backends: codfw: 'kartotherian.svc.codfw.wmnet' diff --git a/hieradata/common/cache/text.yaml b/hieradata/common/cache/text.yaml index 88d23ea..5530894 100644 --- a/hieradata/common/cache/text.yaml +++ b/hieradata/common/cache/text.yaml @@ -43,30 +43,38 @@ - 'cp4018.ulsfo.wmnet' apps: appservers: + route: 'eqiad' backends: eqiad: 'appservers.svc.eqiad.wmnet' codfw: 'appservers.svc.codfw.wmnet' appservers_debug: + route: 'eqiad' backends: eqiad: 'appservers-debug.svc.eqiad.wmnet' api: + route: 'eqiad' backends: eqiad: 'api.svc.eqiad.wmnet' codfw: 'api.svc.codfw.wmnet' rendering: + route: 'eqiad' backends: eqiad: 'rendering.svc.eqiad.wmnet' codfw: 'rendering.svc.codfw.wmnet' restbase: + route: 'eqiad' backends: eqiad: 'restbase.svc.eqiad.wmnet' codfw: 'restbase.svc.codfw.wmnet' cxserver: + route: 'eqiad' backends: eqiad: 'cxserver.svc.eqiad.wmnet' citoid: + route: 'eqiad' backends: eqiad: 'citoid.svc.eqiad.wmnet' security_audit: + route: 'eqiad' backends: eqiad: [] diff --git a/hieradata/common/cache/upload.yaml b/hieradata/common/cache/upload.yaml index d6d6a06..cb38cbe 100644 --- a/hieradata/common/cache/upload.yaml +++ b/hieradata/common/cache/upload.yaml @@ -48,6 +48,7 @@ - 'cp4015.ulsfo.wmnet' apps: swift: + route: 'eqiad' backends: eqiad: 'ms-fe.svc.eqiad.wmnet' codfw: 'ms-fe.svc.codfw.wmnet' diff --git a/modules/role/manifests/cache/maps.pp b/modules/role/manifests/cache/maps.pp index 5b0b6cd..81f2752 100644 --- a/modules/role/manifests/cache/maps.pp +++ b/modules/role/manifests/cache/maps.pp @@ -40,10 +40,7 @@ 'kartotherian' => { 'dynamic' => 'no', 'type' => 'random', - # XXX note explicit abnormal hack: service only exists in codfw, but eqiad is Tier-1 in general - # XXX this means traffic is moving x-dc without crypto! - # XXX this also means users mapped to codfw frontends bounce traffic [codfw->eqiad->codfw] on their way in! - 'backends' => $apps['kartotherian']['backends']['codfw'], + 'backends' => $apps['kartotherian']['backends'][$apps['kartotherian']['route']], 'be_opts' => { 'port' => 6533, 'connect_timeout' => '5s', diff --git a/modules/role/manifests/cache/text.pp b/modules/role/manifests/cache/text.pp index 6bd44de..46f4e45 100644 --- a/modules/role/manifests/cache/text.pp +++ b/modules/role/manifests/cache/text.pp @@ -50,49 +50,49 @@ 'appservers' => { 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['appservers']['backends'][$::mw_primary], + 'backends' => $apps['appservers']['backends'][$apps['appservers']['route']], 'be_opts' => $app_def_be_opts, }, 'api' => { 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['api']['backends'][$::mw_primary], + 'backends' => $apps['api']['backends'][$apps['api']['route']], 'be_opts' => $app_def_be_opts, }, 'rendering' => { 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['rendering']['backends'][$::mw_primary], + 'backends' => $apps['rendering']['backends'][$apps['rendering']['route']], 'be_opts' => $app_def_be_opts, }, 'security_audit' => { 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['security_audit']['backends'][$::mw_primary], + 'backends' => $apps['security_audit']['backends'][$apps['security_audit']['route']], 'be_opts' => $app_def_be_opts, }, 'appservers_debug' => { 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['appservers_debug']['backends'][$::mw_primary], + 'backends' => $apps['appservers_debug']['backends'][$apps['appservers_debug']['route']], 'be_opts' => merge($app_def_be_opts, { 'max_connections' => 20 }), }, 'restbase_backend' => { 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['restbase']['backends'][$::mw_primary], + 'backends' => $apps['restbase']['backends'][$apps['restbase']['route']], 'be_opts' => merge($app_def_be_opts, { 'port' => 7231, 'max_connections' => 5000 }), }, 'cxserver_backend' => { # LEGACY: should be removed eventually 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['cxserver']['backends'][$::mw_primary], + 'backends' => $apps['cxserver']['backends'][$apps['cxserver']['route']], 'be_opts' => merge($app_def_be_opts, { 'port' => 8080 }), }, 'citoid_backend' => { # LEGACY: should be removed eventually 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['citoid']['backends'][$::mw_primary], + 'backends' => $apps['citoid']['backends'][$apps['citoid']['route']], 'be_opts' => merge($app_def_be_opts, { 'port' => 1970 }), }, } diff --git a/modules/role/manifests/cache/upload.pp b/modules/role/manifests/cache/upload.pp index 9152917..4754811 100644 --- a/modules/role/manifests/cache/upload.pp +++ b/modules/role/manifests/cache/upload.pp @@ -40,7 +40,7 @@ 'swift' => { 'dynamic' => 'no', 'type' => 'random', - 'backends' => $apps['swift']['backends'][$::mw_primary], + 'backends' => $apps['swift']['backends'][$apps['swift']['route']], 'be_opts' => { 'port' => 80, 'connect_timeout' => '5s', -- To view, visit https://gerrit.wikimedia.org/r/275124 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia5f1d56a584a6c4ca89f0532c7fd2225a7b7a9f8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits