Gehel has uploaded a new change for review. https://gerrit.wikimedia.org/r/315271
Change subject: Maps - cleanup postgres user creation ...................................................................... Maps - cleanup postgres user creation Previous hiera configuration contained some duplication (the attributes of replication users are all the same) and failed to expose higher level abstraction. This change allow to just have a list of the postgresql slaves and their IP address in hiera, and treat other parameters as our puppet model, not as configuration. Previous hiera structure: maps::postgres_slaves: replication@maps-test2002-v4: user: replication password: 123456 cidr: 4.3.2.1/32 pgversion: 9.4 attrs: REPLICATION database: replication replication@maps-test2003-v4: user: replication password: 123456 cidr: 4.3.2.2/32 pgversion: 9.4 attrs: REPLICATION database: replication New hiera structure: maps::postgresql_replication_pass: 123456 maps::postgresql_monitoring_pass: 654321 maps::postgres_slaves: maps-test2002: ip_address: 4.3.2.1 maps-test2003: ip_address: 4.3.2.2 The passwords need to stay in private repo, but most of the slave configuration can now be moved in the standard hiera files. The hiera configuration in private repo needs to be adapted before merging this change. Bug: T147194 Change-Id: I7fa7b5cc202dd17de007bb0f4e10ffefa7187c1b --- M hieradata/role/codfw/maps/master.yaml M hieradata/role/eqiad/maps/master.yaml M modules/role/manifests/maps/master.pp M modules/role/manifests/maps/slave.pp 4 files changed, 46 insertions(+), 43 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/71/315271/1 diff --git a/hieradata/role/codfw/maps/master.yaml b/hieradata/role/codfw/maps/master.yaml index 5f1a3d4..35be006 100644 --- a/hieradata/role/codfw/maps/master.yaml +++ b/hieradata/role/codfw/maps/master.yaml @@ -1,17 +1,13 @@ -# Defined in the private repo -#maps::postgres_slaves: -# replication@maps-test2002-v4: -# user: replication -# password: justapass -# cidr: 10.192.0.129 -# pgversion: 9.4 -# replication@maps-test2003-v4: -# user: replication -# password: justapass -# cidr: 10.192.16.34 -# pgversion: 9.4 -# replication@maps-test2004-v4: -# user: replication -# password: justapass -# cidr: 10.192.16.35 -# pgversion: 9.4 +maps::postgres_slaves: + maps-test2002: + ip_address: 10.192.0.129 + maps-test2003: + ip_address: 10.192.16.34 + maps-test2004: + ip_address: 10.192.16.35 + maps2002: + ip_address: 10.192.16.179 + maps2003: + ip_address: 10.192.32.146 + maps2004: + ip_address: 10.192.48.57 diff --git a/hieradata/role/eqiad/maps/master.yaml b/hieradata/role/eqiad/maps/master.yaml index 4f9e59c..494f044 100644 --- a/hieradata/role/eqiad/maps/master.yaml +++ b/hieradata/role/eqiad/maps/master.yaml @@ -5,28 +5,13 @@ #maps::postgresql_kartotherian_pass: some_password #maps::postgresql_osmimporter_pass: some_password #maps::postgresql_osmupdater_pass: some_password -#maps::postgres_slaves: -# replication@maps1002-v4: -# user: replication -# password: some_password -# cidr: 10.64.16.42 -# pgversion: 9.4 -# attrs: REPLICATION -# database: replication -# replication@maps1003-v4: -# user: replication -# password: some_password -# cidr: 10.64.32.117 -# pgversion: 9.4 -# attrs: REPLICATION -# database: replication -# replication@maps1004-v4: -# user: replication -# password: some_password -# cidr: 10.64.48.154 -# pgversion: 9.4 -# attrs: REPLICATION -# database: replication #maps::cassandra_tilerator_pass: some_password #maps::cassandra_tileratorui_pass: some_password #maps::cassandra_kartotherian_pass: some_password +maps::postgres_slaves: + maps1002: + ip_address: 10.64.16.42 + maps1003: + ip_address: 10.64.32.117 + maps1004: + ip_address: 10.64.48.154 diff --git a/modules/role/manifests/maps/master.pp b/modules/role/manifests/maps/master.pp index 902f83e..c7c290b 100644 --- a/modules/role/manifests/maps/master.pp +++ b/modules/role/manifests/maps/master.pp @@ -23,6 +23,9 @@ $tileratorui_pass = hiera('maps::postgresql_tileratorui_pass') $osmimporter_pass = hiera('maps::postgresql_osmimporter_pass') $osmupdater_pass = hiera('maps::postgresql_osmupdater_pass') + $replication_pass = hiera('maps::postgresql_replication_pass') + $monitoring_pass = hiera('maps::postgresql_monitoring_pass') + $pg_version = hiera('postgresql::master::pgversion') # Users postgresql::user { 'kartotherian': @@ -87,10 +90,29 @@ source => 'puppet:///modules/role/maps/osm-initial-import', } - # PostgreSQL Replication + # PostgreSQL Replication / Monitoring + # This inner define should probably be replaced by iterator once we activate future parser + define postgresql_slave_users($ip_address) { + ::postgresql::user { "replication@${title}": + user => 'replication', + password => $replication_pass, + cidr => "${ip_address}/32", + pgversion => $pg_version, + attrs => 'REPLICATION', + database => 'replication', + } + ::postgresql::user { "icinga@${title}": + user => 'icinga', + password => $monitoring_pass, + cidr => "${ip_address}/32", + pgversion => $pg_version, + database => 'all', + } + } + $postgres_slaves = hiera('maps::postgres_slaves', undef) if $postgres_slaves { - create_resources(postgresql::user, $postgres_slaves) + create_resources(icinga_user, $postgres_slaves) } sudo::user { 'tilerator-notification': diff --git a/modules/role/manifests/maps/slave.pp b/modules/role/manifests/maps/slave.pp index bdf6dfa..c63176b 100644 --- a/modules/role/manifests/maps/slave.pp +++ b/modules/role/manifests/maps/slave.pp @@ -9,11 +9,11 @@ } $master = hiera('postgresql::slave::master_server') - $pg_password = hiera('postgresql::slave::replication_pass') + $monitoring_pass = hiera('postgresql::slave::monitoring_pass') $critical = 1800 $warning = 300 $command = "/usr/lib/nagios/plugins/check_postgres_replication_lag.py \ --U replication -P ${pg_password} -m ${master} -D template1 -C ${critical} -W ${warning}" +-U icinga -P ${monitoring_pass} -m ${master} -D template1 -C ${critical} -W ${warning}" nrpe::monitor_service { 'postgres-rep-lag': description => 'Postgres Replication Lag', nrpe_command => $command, -- To view, visit https://gerrit.wikimedia.org/r/315271 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7fa7b5cc202dd17de007bb0f4e10ffefa7187c1b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Gehel <gleder...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits