[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: Use LDAP servers in HA manner for maintain-kubeusers

[Yuvipanda (Code Review)]

Yuvipanda has submitted this change and it was merged.

Change subject: tools: Use LDAP servers in HA manner for maintain-kubeusers
......................................................................


tools: Use LDAP servers in HA manner for maintain-kubeusers

Bug: T142394
Change-Id: I813efa7903c9a438edc59dfaab88c6beee8df751
---
M modules/toollabs/files/maintain-kubeusers
M modules/toollabs/manifests/maintain_kubeusers.pp
2 files changed, 21 insertions(+), 2 deletions(-)

Approvals:
  Yuvipanda: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/toollabs/files/maintain-kubeusers 
b/modules/toollabs/files/maintain-kubeusers
index af62ebb..4cdd83f 100755
--- a/modules/toollabs/files/maintain-kubeusers
+++ b/modules/toollabs/files/maintain-kubeusers
@@ -317,8 +317,12 @@
 
     while True:
         logging.info('starting a run')
+        servers = ldap3.ServerPool([
+            ldap3.Server(s, connect_timeout=1)
+            for s in ldapconfig['servers']
+        ], ldap3.POOLING_STRATEGY_ROUND_ROBIN, active=True, exhaust=True)
         with ldap3.Connection(
-            [ldap3.Server(s) for s in ldapconfig['servers']],
+            servers,
             read_only=True,
             user=ldapconfig['user'],
             auto_bind=True,
diff --git a/modules/toollabs/manifests/maintain_kubeusers.pp 
b/modules/toollabs/manifests/maintain_kubeusers.pp
index 2c58047..02e61d9 100644
--- a/modules/toollabs/manifests/maintain_kubeusers.pp
+++ b/modules/toollabs/manifests/maintain_kubeusers.pp
@@ -1,6 +1,21 @@
 class toollabs::maintain_kubeusers(
     $k8s_master,
 ) {
+    # We need a newer version of python3-ldap3 than what is in Jessie
+    # For the connection time out / server pool features
+    apt::pin { [
+        'python3-ldap3',
+        'python3-pyasn1',
+    ]:
+        pin      => 'release a=jessie-backports',
+        priority => '1001',
+        before   => Package['python3-ldap3'],
+    }
+
+    package { 'python3-ldap3':
+        ensure => present,
+    }
+
     file { '/usr/local/bin/maintain-kubeusers':
         source => 'puppet:///modules/toollabs/maintain-kubeusers',
         owner  => 'root',
@@ -12,4 +27,4 @@
         ensure  => present,
         systemd => True,
     }
-}
\ No newline at end of file
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/303607
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I813efa7903c9a438edc59dfaab88c6beee8df751
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: Coren <m...@uberbox.org>
Gerrit-Reviewer: Merlijn van Deen <valhall...@arctus.nl>
Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits