[MediaWiki-commits] [Gerrit] operations/puppet[production]: Maps - cleanup postgres user creation

Tue, 11 Oct 2016 07:24:22 -0700 

Gehel has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315271

Change subject: Maps - cleanup postgres user creation
......................................................................

Maps - cleanup postgres user creation

Previous hiera configuration contained some duplication (the attributes of
replication users are all the same) and failed to expose higher level
abstraction. This change allow to just have a list of the postgresql slaves
and their IP address in hiera, and treat other parameters as our puppet
model, not as configuration.

Previous hiera structure:

  maps::postgres_slaves:
    replication@maps-test2002-v4:
      user: replication
      password: 123456
      cidr: 4.3.2.1/32
      pgversion: 9.4
      attrs: REPLICATION
      database: replication
    replication@maps-test2003-v4:
      user: replication
      password: 123456
      cidr: 4.3.2.2/32
      pgversion: 9.4
      attrs: REPLICATION
      database: replication

New hiera structure:

  maps::postgresql_replication_pass: 123456
  maps::postgresql_monitoring_pass: 654321
  maps::postgres_slaves:
    maps-test2002:
      ip_address: 4.3.2.1
    maps-test2003:
      ip_address: 4.3.2.2

The passwords need to stay in private repo, but most of the slave
configuration can now be moved in the standard hiera files.

The hiera configuration in private repo needs to be adapted before merging
this change.

Bug: T147194
Change-Id: I7fa7b5cc202dd17de007bb0f4e10ffefa7187c1b
---
M hieradata/role/codfw/maps/master.yaml
M hieradata/role/eqiad/maps/master.yaml
M modules/role/manifests/maps/master.pp
M modules/role/manifests/maps/slave.pp
4 files changed, 46 insertions(+), 43 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/71/315271/1

diff --git a/hieradata/role/codfw/maps/master.yaml 
b/hieradata/role/codfw/maps/master.yaml
index 5f1a3d4..35be006 100644
--- a/hieradata/role/codfw/maps/master.yaml
+++ b/hieradata/role/codfw/maps/master.yaml
@@ -1,17 +1,13 @@
-# Defined in the private repo
-#maps::postgres_slaves:
-#  replication@maps-test2002-v4:
-#    user: replication
-#    password: justapass
-#    cidr: 10.192.0.129
-#    pgversion: 9.4
-#  replication@maps-test2003-v4:
-#    user: replication
-#    password: justapass
-#    cidr: 10.192.16.34
-#    pgversion: 9.4
-#  replication@maps-test2004-v4:
-#    user: replication
-#    password: justapass
-#    cidr: 10.192.16.35
-#    pgversion: 9.4
+maps::postgres_slaves:
+  maps-test2002:
+    ip_address: 10.192.0.129
+  maps-test2003:
+    ip_address: 10.192.16.34
+  maps-test2004:
+    ip_address: 10.192.16.35
+  maps2002:
+    ip_address: 10.192.16.179
+  maps2003:
+    ip_address: 10.192.32.146
+  maps2004:
+    ip_address: 10.192.48.57
diff --git a/hieradata/role/eqiad/maps/master.yaml 
b/hieradata/role/eqiad/maps/master.yaml
index 4f9e59c..494f044 100644
--- a/hieradata/role/eqiad/maps/master.yaml
+++ b/hieradata/role/eqiad/maps/master.yaml
@@ -5,28 +5,13 @@
 #maps::postgresql_kartotherian_pass: some_password
 #maps::postgresql_osmimporter_pass: some_password
 #maps::postgresql_osmupdater_pass: some_password
-#maps::postgres_slaves:
-#  replication@maps1002-v4:
-#    user: replication
-#    password: some_password
-#    cidr: 10.64.16.42
-#    pgversion: 9.4
-#    attrs: REPLICATION
-#    database: replication
-#  replication@maps1003-v4:
-#    user: replication
-#    password: some_password
-#    cidr: 10.64.32.117
-#    pgversion: 9.4
-#    attrs: REPLICATION
-#    database: replication
-#  replication@maps1004-v4:
-#    user: replication
-#    password: some_password
-#    cidr: 10.64.48.154
-#    pgversion: 9.4
-#    attrs: REPLICATION
-#    database: replication
 #maps::cassandra_tilerator_pass: some_password
 #maps::cassandra_tileratorui_pass: some_password
 #maps::cassandra_kartotherian_pass: some_password
+maps::postgres_slaves:
+  maps1002:
+    ip_address: 10.64.16.42
+  maps1003:
+    ip_address: 10.64.32.117
+  maps1004:
+    ip_address: 10.64.48.154
diff --git a/modules/role/manifests/maps/master.pp 
b/modules/role/manifests/maps/master.pp
index 902f83e..c7c290b 100644
--- a/modules/role/manifests/maps/master.pp
+++ b/modules/role/manifests/maps/master.pp
@@ -23,6 +23,9 @@
     $tileratorui_pass = hiera('maps::postgresql_tileratorui_pass')
     $osmimporter_pass = hiera('maps::postgresql_osmimporter_pass')
     $osmupdater_pass = hiera('maps::postgresql_osmupdater_pass')
+    $replication_pass = hiera('maps::postgresql_replication_pass')
+    $monitoring_pass = hiera('maps::postgresql_monitoring_pass')
+    $pg_version = hiera('postgresql::master::pgversion')
 
     # Users
     postgresql::user { 'kartotherian':
@@ -87,10 +90,29 @@
         source => 'puppet:///modules/role/maps/osm-initial-import',
     }
 
-    # PostgreSQL Replication
+    # PostgreSQL Replication / Monitoring
+    # This inner define should probably be replaced by iterator once we 
activate future parser
+    define postgresql_slave_users($ip_address) {
+        ::postgresql::user { "replication@${title}":
+            user      => 'replication',
+            password  => $replication_pass,
+            cidr      => "${ip_address}/32",
+            pgversion => $pg_version,
+            attrs     => 'REPLICATION',
+            database  => 'replication',
+        }
+        ::postgresql::user { "icinga@${title}":
+            user      => 'icinga',
+            password  => $monitoring_pass,
+            cidr      => "${ip_address}/32",
+            pgversion => $pg_version,
+            database  => 'all',
+        }
+    }
+
     $postgres_slaves = hiera('maps::postgres_slaves', undef)
     if $postgres_slaves {
-        create_resources(postgresql::user, $postgres_slaves)
+        create_resources(icinga_user, $postgres_slaves)
     }
 
     sudo::user { 'tilerator-notification':
diff --git a/modules/role/manifests/maps/slave.pp 
b/modules/role/manifests/maps/slave.pp
index bdf6dfa..c63176b 100644
--- a/modules/role/manifests/maps/slave.pp
+++ b/modules/role/manifests/maps/slave.pp
@@ -9,11 +9,11 @@
     }
     $master = hiera('postgresql::slave::master_server')
 
-    $pg_password = hiera('postgresql::slave::replication_pass')
+    $monitoring_pass = hiera('postgresql::slave::monitoring_pass')
     $critical = 1800
     $warning = 300
     $command = "/usr/lib/nagios/plugins/check_postgres_replication_lag.py \
--U replication -P ${pg_password} -m ${master} -D template1 -C ${critical} -W 
${warning}"
+-U icinga -P ${monitoring_pass} -m ${master} -D template1 -C ${critical} -W 
${warning}"
     nrpe::monitor_service { 'postgres-rep-lag':
         description  => 'Postgres Replication Lag',
         nrpe_command => $command,

-- 
To view, visit https://gerrit.wikimedia.org/r/315271
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7fa7b5cc202dd17de007bb0f4e10ffefa7187c1b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Gehel <gleder...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to