Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/296375
Change subject: Introduce $::networks::constants::networks
......................................................................
Introduce $::networks::constants::networks
Add the generically named $networks variable, as a puppet variable
containing all the network subnets of a realm. The variable evaluates
differently depending on the execution realm and the idea is to contain
the set of networks that are important to realm. This should allow to
use the variable interchangeably on all realms and should be useful to
keep puppet role classes concise.
Change-Id: Icf4ddd9c3e0ea1c055be5c0b505f736e74e24532
---
M modules/base/templates/firewall/defs.erb
M modules/network/manifests/constants.pp
2 files changed, 9 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/75/296375/1
diff --git a/modules/base/templates/firewall/defs.erb
b/modules/base/templates/firewall/defs.erb
index 98d7687..22796d8 100644
--- a/modules/base/templates/firewall/defs.erb
+++ b/modules/base/templates/firewall/defs.erb
@@ -1,5 +1,6 @@
<%-
external_networks = scope.lookupvar('network::constants::external_networks')
+networks = scope.lookupvar('network::constants::networks')
all_networks = scope.lookupvar('network::constants::all_networks')
all_network_subnets =
scope.lookupvar('network::constants::all_network_subnets')
special_hosts = scope.lookupvar('network::constants::special_hosts')
@@ -9,9 +10,12 @@
-%>
@def $INTERNAL = (10.0.0.0/8 2620:0:860:100::/56 2620:0:861:100::/56
2620:0:862:100::/56 2620:0:863:100::/56);
+# $NETWORKS is meant to be a realm dependent set of all networks of a realm.
+@def $NETWORKS = (<%- networks.each do |net| -%><%= net %> <% end -%>);
@def $EXTERNAL_NETWORKS = (<%- external_networks.each do |external_net| -%><%=
external_net %> <% end -%>);
@def $ALL_NETWORKS = (<%- all_networks.each do |net| -%><%= net %> <% end -%>);
+# $PRODUCTION_NETWORKS is meant to be a set of all production networks
@def $PRODUCTION_NETWORKS = (<%- production_networks.each do |net| -%><%= net
%> <% end -%>);
@def $ANALYTICS_NETWORKS = (<%- analytics_networks.each do |net| -%><%= net %>
<% end -%>);
diff --git a/modules/network/manifests/constants.pp
b/modules/network/manifests/constants.pp
index 66bbdc9..bbecba8 100644
--- a/modules/network/manifests/constants.pp
+++ b/modules/network/manifests/constants.pp
@@ -22,6 +22,11 @@
$all_networks = flatten([$external_networks, '10.0.0.0/8'])
$all_networks_lo = flatten([$all_networks, '127.0.0.0/8', '::1/128'])
+ # $networks is meant to be a set of all networks belonging to realm.
+ # TODO: Figure out a way this can be per-project networks in labs in the
+ # future
+ $networks = slice_network_constants($::realm)
+ # $production_networks will always contain just the production networks
$production_networks = slice_network_constants('production')
$special_hosts = {
--
To view, visit https://gerrit.wikimedia.org/r/296375
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Icf4ddd9c3e0ea1c055be5c0b505f736e74e24532
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
