Rush has submitted this change and it was merged. Change subject: toollabs: refactor and establish norms ......................................................................
toollabs: refactor and establish norms No Op refactor for style and cruft. * New comments * Ditch static class headers * space between description and class declaration and class declaration and first line of stanza * Attribute ordering: user, group, mode * when using "require_package" don't have comments like "need this package". * remove empty useless class preamble that is not actually fleshed out * In simple cases (or where it makes sense): - motd - include(s) - package(s) - file - service - monitoring * trailing comma's on params (even if single param) Change-Id: Ib0c3b8299754d2b0c76642c4ee579bbb4a055d11 --- M modules/toollabs/manifests/admin_web_updater.pp M modules/toollabs/manifests/bastion.pp M modules/toollabs/manifests/bigbrother.pp M modules/toollabs/manifests/checker.pp M modules/toollabs/manifests/composer.pp M modules/toollabs/manifests/compute.pp M modules/toollabs/manifests/cronrunner.pp M modules/toollabs/manifests/dev_environ.pp M modules/toollabs/manifests/exec_environ.pp M modules/toollabs/manifests/hba.pp M modules/toollabs/manifests/hostgroups.pp M modules/toollabs/manifests/images.pp M modules/toollabs/manifests/infrastructure.pp M modules/toollabs/manifests/init.pp M modules/toollabs/manifests/kube2proxy.pp M modules/toollabs/manifests/kubebuilder.pp M modules/toollabs/manifests/legacy/fonts.pp M modules/toollabs/manifests/mailrelay.pp M modules/toollabs/manifests/maintain_kubeusers.pp M modules/toollabs/manifests/master.pp M modules/toollabs/manifests/monitoring/shinken.pp M modules/toollabs/manifests/node/all.pp M modules/toollabs/manifests/proxy.pp M modules/toollabs/manifests/puppetmaster.pp M modules/toollabs/manifests/queue/continuous.pp M modules/toollabs/manifests/queue/task.pp M modules/toollabs/manifests/queues.pp M modules/toollabs/manifests/redis.pp M modules/toollabs/manifests/services.pp M modules/toollabs/manifests/shadow.pp M modules/toollabs/manifests/static.pp M modules/toollabs/manifests/updatetools.pp 32 files changed, 124 insertions(+), 237 deletions(-) Approvals: Andrew Bogott: Looks good to me, but someone else must approve Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/toollabs/manifests/admin_web_updater.pp b/modules/toollabs/manifests/admin_web_updater.pp index 311a0b3..fe9b2af 100644 --- a/modules/toollabs/manifests/admin_web_updater.pp +++ b/modules/toollabs/manifests/admin_web_updater.pp @@ -1,8 +1,9 @@ -# Deploy and update root web. +# This is responsible for http://tools.wmflabs.org/ class toollabs::admin_web_updater( $active ) { if $active { + # Deploy and update root web. git::clone { 'labs/toollabs': ensure => latest, diff --git a/modules/toollabs/manifests/bastion.pp b/modules/toollabs/manifests/bastion.pp index e587786..e262a82 100644 --- a/modules/toollabs/manifests/bastion.pp +++ b/modules/toollabs/manifests/bastion.pp @@ -1,5 +1,3 @@ -# Class: toollabs::bastion -# # This role sets up an bastion/dev instance in the Tool Labs model. # # [*nproc] @@ -173,17 +171,17 @@ file {'/etc/security/limits.conf': ensure => file, - mode => '0444', owner => 'root', group => 'root', + mode => '0444', content => template('toollabs/limits.conf.erb'), } file { '/etc/ssh/ssh_config': ensure => file, - mode => '0444', owner => 'root', group => 'root', + mode => '0444', source => 'puppet:///modules/toollabs/submithost-ssh_config', } @@ -207,9 +205,9 @@ $cron_host = hiera('active_cronrunner') file { '/usr/local/bin/crontab': ensure => file, - mode => '0755', owner => 'root', group => 'root', + mode => '0755', content => template('toollabs/crontab.erb'), } @@ -228,5 +226,4 @@ mode => '0655', source => 'puppet:///modules/toollabs/exec-manage', } - } diff --git a/modules/toollabs/manifests/bigbrother.pp b/modules/toollabs/manifests/bigbrother.pp index 8f43784..c16e4e7 100644 --- a/modules/toollabs/manifests/bigbrother.pp +++ b/modules/toollabs/manifests/bigbrother.pp @@ -1,7 +1,5 @@ -# Set up a bigbrother service. class toollabs::bigbrother($active) { - # bigbrother needs this perl package require_package('libxml-simple-perl') file { '/usr/local/sbin/bigbrother': diff --git a/modules/toollabs/manifests/checker.pp b/modules/toollabs/manifests/checker.pp index 45ada30..7e63c61 100644 --- a/modules/toollabs/manifests/checker.pp +++ b/modules/toollabs/manifests/checker.pp @@ -1,12 +1,12 @@ -# = Class: toollabs::checker -# # Exposes a set of web endpoints that perform an explicit check for a # particular set of internal services, and response OK (200) or not (anything else) # Used for external monitoring / collection of availability metrics # # This runs as an ldap user, toolschecker, so it can touch NFS without causing # idmapd related issues. + class toollabs::checker inherits toollabs { + include gridengine::submit_host include toollabs::infrastructure @@ -64,6 +64,7 @@ mode => '0400', source => "/var/lib/puppet/ssl/certs/${::fqdn}.pem" } + file { '/var/lib/toolschecker/puppetcerts/key.pem': ensure => present, owner => "${::labsproject}.toolschecker", diff --git a/modules/toollabs/manifests/composer.pp b/modules/toollabs/manifests/composer.pp index 1dcce4d..7e44d28 100644 --- a/modules/toollabs/manifests/composer.pp +++ b/modules/toollabs/manifests/composer.pp @@ -1,12 +1,14 @@ # Install composer (https://getcomposer.org/) to # /usr/local/bin/composer and keep it updated. This class is based on # contint::composer + class toollabs::composer { + file { '/srv/composer': ensure => 'directory', - mode => '0755', owner => 'root', group => 'root', + mode => '0755', } git::clone { 'composer': diff --git a/modules/toollabs/manifests/compute.pp b/modules/toollabs/manifests/compute.pp index 9cba767..c88d7c3 100644 --- a/modules/toollabs/manifests/compute.pp +++ b/modules/toollabs/manifests/compute.pp @@ -1,20 +1,11 @@ -# Class: toollabs::compute -# # This role sets up a grid compute node in the Tool Labs model. # # On its own, this sets up a working node of the grid, but it is # useless without a more specific role from toollabs::node::* that # will add functionality and place it on queues or hostgroups. -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# + class toollabs::compute inherits toollabs { + include gridengine include toollabs::exec_environ include toollabs::hba diff --git a/modules/toollabs/manifests/cronrunner.pp b/modules/toollabs/manifests/cronrunner.pp index c06a20e..5864060 100644 --- a/modules/toollabs/manifests/cronrunner.pp +++ b/modules/toollabs/manifests/cronrunner.pp @@ -1,5 +1,10 @@ -# Set up a cronrunner. class toollabs::cronrunner { + + motd::script { 'submithost-banner': + ensure => present, + source => "puppet:///modules/toollabs/40-${::labsproject}-submithost-banner", + } + include gridengine::submit_host include toollabs include toollabs::hba @@ -18,11 +23,6 @@ owner => 'root', group => 'root', source => 'puppet:///modules/toollabs/submithost-ssh_config', - } - - motd::script { 'submithost-banner': - ensure => present, - source => "puppet:///modules/toollabs/40-${::labsproject}-submithost-banner", } file { '/usr/bin/jlocal': @@ -48,6 +48,7 @@ group => "${::labsproject}.admin", mode => '0770', } + file { "/data/project/.system/crontabs/${::fqdn}": ensure => directory, source => '/var/spool/cron/crontabs', diff --git a/modules/toollabs/manifests/dev_environ.pp b/modules/toollabs/manifests/dev_environ.pp index 8b3c785..deaf4b6 100644 --- a/modules/toollabs/manifests/dev_environ.pp +++ b/modules/toollabs/manifests/dev_environ.pp @@ -1,22 +1,12 @@ -# Class: toollabs::dev_environ -# # This class sets up a node as a dev environment for tool labs. # This is a "sub" role included by the actual tool labs roles and would # normally not be included directly in node definitions. # # Those are the dependencies for development tools and packages intended # for interactive use. -# -# Parameters: -# -# Actions: -# - Install tool dependencies -# -# Requires: -# -# Sample Usage: -# + class toollabs::dev_environ { + include toollabs::composer if os_version('ubuntu trusty') { @@ -123,6 +113,7 @@ group => 'root', mode => '0555', } + file { '/etc/pastebin.d/tools.conf': ensure => 'file', require => File['/etc/pastebin.d'], @@ -142,7 +133,4 @@ group => 'root', mode => '0555', } - - # TODO: deploy scripts - # TODO: packager } diff --git a/modules/toollabs/manifests/exec_environ.pp b/modules/toollabs/manifests/exec_environ.pp index 44f1f7e..c751394 100644 --- a/modules/toollabs/manifests/exec_environ.pp +++ b/modules/toollabs/manifests/exec_environ.pp @@ -1,21 +1,12 @@ -# Class: toollabs::exec_environ -# # This class sets up a node as an execution environment for tool labs. # This is a "sub" role included by the actual tool labs roles and would # normally not be included directly in node definitions. # # Actual runtime dependencies for tools live here. # -# Parameters: -# -# Actions: -# - Install tool dependencies -# -# Requires: -# -# Sample Usage: -# + class toollabs::exec_environ { + include locales::extended include identd include ::redis::client::python @@ -335,9 +326,9 @@ file { '/etc/mysql/conf.d/override.my.cnf': ensure => file, - mode => '0444', owner => 'root', group => 'root', + mode => '0444', source => 'puppet:///modules/toollabs/override.my.cnf', } @@ -420,7 +411,17 @@ } } + package { 'misctools': + ensure => latest, + } + file { '/usr/bin/sql': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/toollabs/sql', + } sysctl::parameters { 'tool labs': values => { @@ -428,18 +429,4 @@ 'vm.overcommit_ratio' => 95, }, } - - file { '/usr/bin/sql': - ensure => file, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/toollabs/sql', - } - - package { 'misctools': - ensure => latest, - } - - # TODO: quotas } diff --git a/modules/toollabs/manifests/hba.pp b/modules/toollabs/manifests/hba.pp index 99eb0e7..c40c8e9 100644 --- a/modules/toollabs/manifests/hba.pp +++ b/modules/toollabs/manifests/hba.pp @@ -1,15 +1,5 @@ -# Class: toollabs::hba -# -# This role sets up an instance to allow HBA from bastions -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# +# Establish the ability to do Host Based Auth from bastions to execs/webgrid + class toollabs::hba { file { '/usr/local/sbin/project-make-shosts': @@ -22,8 +12,8 @@ exec { 'make-shosts': command => '/usr/local/sbin/project-make-shosts >/etc/ssh/shosts.equiv~', - require => File['/usr/local/sbin/project-make-shosts'], onlyif => "/usr/bin/test -n \"\$(/usr/bin/find /data/project/.system/store -maxdepth 1 \\( -type d -or -type f -name submithost-\\* \\) -newer /etc/ssh/shosts.equiv~)\" -o ! -s /etc/ssh/shosts.equiv~", + require => File['/usr/local/sbin/project-make-shosts'], } file { '/etc/ssh/shosts.equiv': @@ -45,13 +35,12 @@ exec { 'make-access': command => '/usr/local/sbin/project-make-access >/etc/project.access', - require => File['/usr/local/sbin/project-make-access'], onlyif => "/usr/bin/test -n \"\$(/usr/bin/find /data/project/.system/store -maxdepth 1 \\( -type d -or -type f -name submithost-\\* \\) -newer /etc/project.access)\" -o ! -s /etc/project.access", + require => File['/usr/local/sbin/project-make-access'], } security::access::config { 'toollabs-hba': source => '/etc/project.access', require => Exec['make-access'], } - } diff --git a/modules/toollabs/manifests/hostgroups.pp b/modules/toollabs/manifests/hostgroups.pp index d5cece1..a907540 100644 --- a/modules/toollabs/manifests/hostgroups.pp +++ b/modules/toollabs/manifests/hostgroups.pp @@ -1,19 +1,10 @@ -# Class: toollabs::hostgroups -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# +# Manage hostgroup lists on NFS + class toollabs::hostgroups($groups = undef) { gridengine::join { "hostgroups-${::fqdn}": sourcedir => "${toollabs::collectors}/hostgroups", list => $groups, } - } diff --git a/modules/toollabs/manifests/images.pp b/modules/toollabs/manifests/images.pp index 16a0c02..d522da0 100644 --- a/modules/toollabs/manifests/images.pp +++ b/modules/toollabs/manifests/images.pp @@ -1,5 +1,7 @@ # Helper class to setup building toollabs related images + class toollabs::images { + require ::docker::engine class { '::docker::baseimages': diff --git a/modules/toollabs/manifests/infrastructure.pp b/modules/toollabs/manifests/infrastructure.pp index b408db5..dd67d58 100644 --- a/modules/toollabs/manifests/infrastructure.pp +++ b/modules/toollabs/manifests/infrastructure.pp @@ -1,17 +1,6 @@ -# Class: toollabs::infrastructure -# -# This role configures the instance as part of the infrastructure -# where endusers are not expected to log in. This class is not intended -# to be used directly, but is included from some other classes. -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# +# This prevents normal users who are not a member of tools.admin +# from authenticating via SSH. + class toollabs::infrastructure { motd::script { 'infrastructure-banner': @@ -24,5 +13,4 @@ security::access::config { 'labs-admin-only': content => "-:ALL EXCEPT (${::labsproject}.admin) root:ALL\n", } - } diff --git a/modules/toollabs/manifests/init.pp b/modules/toollabs/manifests/init.pp index bfba120..a590802 100644 --- a/modules/toollabs/manifests/init.pp +++ b/modules/toollabs/manifests/init.pp @@ -1,3 +1,5 @@ +# This establishes the basics for every SGE node + class toollabs ( $external_hostname = undef, $external_ip = undef, @@ -37,9 +39,9 @@ file { $sysdir: ensure => directory, + owner => 'root', group => "${::labsproject}.admin", mode => '2775', - owner => 'root', require => Exec['ensure-grid-is-on-NFS'], } @@ -86,9 +88,9 @@ file { '/etc/ssh/ssh_known_hosts': ensure => file, source => '/etc/ssh/ssh_known_hosts~', - mode => '0444', owner => 'root', group => 'root', + mode => '0444', require => Exec['make_known_hosts'], } @@ -103,9 +105,9 @@ file { '/root/.bashrc': ensure => file, source => 'puppet:///modules/toollabs/rootrc', - mode => '0750', owner => 'root', group => 'root', + mode => '0750', } # Trustworthy enough @@ -181,17 +183,17 @@ file { '/etc/cron.daily/logrotate': ensure => file, - mode => '0555', owner => 'root', group => 'root', + mode => '0555', source => 'puppet:///modules/toollabs/logrotate.crondaily', } file { '/usr/local/bin/log-command-invocation': ensure => present, - mode => '0555', owner => 'root', group => 'root', + mode => '0555', source => 'puppet:///modules/toollabs/log-command-invocation', } diff --git a/modules/toollabs/manifests/kube2proxy.pp b/modules/toollabs/manifests/kube2proxy.pp index b542e5b..47be08b 100644 --- a/modules/toollabs/manifests/kube2proxy.pp +++ b/modules/toollabs/manifests/kube2proxy.pp @@ -1,17 +1,11 @@ # Set up a kube2proxy service. + class toollabs::kube2proxy( $master_host, $kube_token='test', ) { - include k8s::users - file { '/usr/local/sbin/kube2proxy': - ensure => present, - owner => 'root', - group => 'root', - mode => '0555', - source => 'puppet:///modules/toollabs/kube2proxy.py', - } + include k8s::users $packages = [ 'python3-pip', @@ -20,6 +14,14 @@ 'python3-requests',] require_package($packages) + + file { '/usr/local/sbin/kube2proxy': + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/toollabs/kube2proxy.py', + } # Temporarily not run on non-active proxies # note that having redis based replication @@ -30,6 +32,7 @@ $::hostname => 'running', default => 'stopped' } + $service_params = {'ensure' => $should_run} $users = hiera('k8s_infrastructure_users') @@ -61,5 +64,4 @@ '/etc/kube2proxy.yaml' ], } - } diff --git a/modules/toollabs/manifests/kubebuilder.pp b/modules/toollabs/manifests/kubebuilder.pp index d3bd244..a3e2aa4 100644 --- a/modules/toollabs/manifests/kubebuilder.pp +++ b/modules/toollabs/manifests/kubebuilder.pp @@ -1,4 +1,5 @@ # Class to help building our own version of kubernetes + class toollabs::kubebuilder( $tag='v1.3.3wmf1', ) { @@ -23,12 +24,6 @@ mode => '0555' } - git::clone { 'operations/software/kubernetes': - ensure => present, - directory => '/srv/build/kubernetes', - require => File['/srv/build'], - } - file { '/usr/local/bin/build-kubernetes': content => template('toollabs/build-kubernetes.erb'), owner => 'root', @@ -42,4 +37,10 @@ group => 'root', mode => '0544', } + + git::clone { 'operations/software/kubernetes': + ensure => present, + directory => '/srv/build/kubernetes', + require => File['/srv/build'], + } } diff --git a/modules/toollabs/manifests/legacy/fonts.pp b/modules/toollabs/manifests/legacy/fonts.pp index 42c1e21..fccf90a 100644 --- a/modules/toollabs/manifests/legacy/fonts.pp +++ b/modules/toollabs/manifests/legacy/fonts.pp @@ -1,5 +1,3 @@ -# == Class: toollabs::legacy::fonts -# # Copy of mediawiki::packages::fonts when it still ran on Precise. # Won't get updated, is just for precise. # diff --git a/modules/toollabs/manifests/mailrelay.pp b/modules/toollabs/manifests/mailrelay.pp index c948021..290904c 100644 --- a/modules/toollabs/manifests/mailrelay.pp +++ b/modules/toollabs/manifests/mailrelay.pp @@ -1,23 +1,10 @@ -# Class: toollabs::mailrelay -# # This role sets up a mail relay in the Tool Labs model. -# -# Parameters: -# -# Actions: -# # Requires: # - Hiera: toollabs::is_mail_relay: true # - Hiera: toollabs::external_hostname set -# -# Sample Usage: -# + class toollabs::mailrelay inherits toollabs { - include gridengine::submit_host - include toollabs::infrastructure - - # Hiera sanity checks if !$toollabs::is_mail_relay { fail('Mail relay hosts must have toollabs::is_mail_relay set in Hiera') @@ -27,6 +14,9 @@ fail('Mail relay hosts must have an toollabs::external_hostname defined in Hiera') } + include gridengine::submit_host + include toollabs::infrastructure + class { 'exim4': queuerunner => 'combined', config => template('toollabs/mail-relay.exim4.conf.erb'), diff --git a/modules/toollabs/manifests/maintain_kubeusers.pp b/modules/toollabs/manifests/maintain_kubeusers.pp index 02e61d9..524285f 100644 --- a/modules/toollabs/manifests/maintain_kubeusers.pp +++ b/modules/toollabs/manifests/maintain_kubeusers.pp @@ -1,6 +1,7 @@ class toollabs::maintain_kubeusers( $k8s_master, ) { + # We need a newer version of python3-ldap3 than what is in Jessie # For the connection time out / server pool features apt::pin { [ diff --git a/modules/toollabs/manifests/master.pp b/modules/toollabs/manifests/master.pp index f228272..af90e59 100644 --- a/modules/toollabs/manifests/master.pp +++ b/modules/toollabs/manifests/master.pp @@ -1,16 +1,7 @@ -# Class: toollabs::master -# -# This role sets up the grid master in the Tool Labs model. -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# +# Establish the gridengine master role (one per cluster) + class toollabs::master inherits toollabs { + include gridengine::master include toollabs::infrastructure include toollabs::queue::continuous diff --git a/modules/toollabs/manifests/monitoring/shinken.pp b/modules/toollabs/manifests/monitoring/shinken.pp index 595ee0e..3133ad7 100644 --- a/modules/toollabs/manifests/monitoring/shinken.pp +++ b/modules/toollabs/manifests/monitoring/shinken.pp @@ -1,7 +1,7 @@ -# == Class: toollabs::monitoring::shinken -# # Sets up shinken alerts for toollabs + class toollabs::monitoring::shinken { + shinken::config { 'toollabs': source => 'puppet:///modules/toollabs/shinken.cfg', } diff --git a/modules/toollabs/manifests/node/all.pp b/modules/toollabs/manifests/node/all.pp index 92d85ba..fc69651 100644 --- a/modules/toollabs/manifests/node/all.pp +++ b/modules/toollabs/manifests/node/all.pp @@ -1,19 +1,10 @@ -# Class: toollabs::node::all -# # Base class for all compute nodes -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# + class toollabs::node::all( $swap_partition = true, $tmp_partition = true, ) { + include toollabs if $tmp_partition { diff --git a/modules/toollabs/manifests/proxy.pp b/modules/toollabs/manifests/proxy.pp index 55899c7..cd1701b 100644 --- a/modules/toollabs/manifests/proxy.pp +++ b/modules/toollabs/manifests/proxy.pp @@ -1,13 +1,14 @@ # A dynamic HTTP routing proxy, based on the dynamicproxy module. + class toollabs::proxy( $ssl_certificate_name = 'star.wmflabs.org', $ssl_install_certificate = true, $web_domain = 'tools.wmflabs.org', $proxies = ['tools-webproxy-01', 'tools-webproxy-02'], ) { + include toollabs::infrastructure include ::redis::client::python - include base::firewall if $ssl_install_certificate { @@ -112,5 +113,4 @@ logster_options => "-o statsd --statsd-host=labmon1001.eqiad.wmnet:8125 --metric-prefix=${graphite_metric_prefix}.", require => File['/usr/local/lib/python2.7/dist-packages/toolsweblogster.py'], } - } diff --git a/modules/toollabs/manifests/puppetmaster.pp b/modules/toollabs/manifests/puppetmaster.pp index 7c4dd1d..5ad7638 100644 --- a/modules/toollabs/manifests/puppetmaster.pp +++ b/modules/toollabs/manifests/puppetmaster.pp @@ -1,5 +1,7 @@ # Puppetmaster used in toollabs only for k8s nodes + class toollabs::puppetmaster { + class { '::puppet::self::master': server => $::fqdn, } diff --git a/modules/toollabs/manifests/queue/continuous.pp b/modules/toollabs/manifests/queue/continuous.pp index fbfce23..fb08f9a 100644 --- a/modules/toollabs/manifests/queue/continuous.pp +++ b/modules/toollabs/manifests/queue/continuous.pp @@ -1,6 +1,5 @@ -# Class: toollabs::queue::continuous -# -# +# manage continuous queue + class toollabs::queue::continuous { $hostlist = '@general' @@ -8,5 +7,4 @@ gridengine::queue { 'continuous': config => 'toollabs/gridengine/queue-continuous.erb', } - } diff --git a/modules/toollabs/manifests/queue/task.pp b/modules/toollabs/manifests/queue/task.pp index 67a0000..2e52aab 100644 --- a/modules/toollabs/manifests/queue/task.pp +++ b/modules/toollabs/manifests/queue/task.pp @@ -1,6 +1,5 @@ -# Class: toollabs::queue::task -# -# +# manage task queue + class toollabs::queue::task { $hostlist = '@general' @@ -8,5 +7,4 @@ gridengine::queue { 'task': config => 'toollabs/gridengine/queue-task.erb', } - } diff --git a/modules/toollabs/manifests/queues.pp b/modules/toollabs/manifests/queues.pp index 8fa7d1e..dcd23da 100644 --- a/modules/toollabs/manifests/queues.pp +++ b/modules/toollabs/manifests/queues.pp @@ -1,19 +1,10 @@ -# Class: toollabs::queues -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# +# Manage queues lists on NFS + class toollabs::queues($queues = undef) { gridengine::join { "queues-${::fqdn}": sourcedir => "${toollabs::collectors}/queues", list => $queues, } - } diff --git a/modules/toollabs/manifests/redis.pp b/modules/toollabs/manifests/redis.pp index 3db898b..731afa3 100644 --- a/modules/toollabs/manifests/redis.pp +++ b/modules/toollabs/manifests/redis.pp @@ -1,35 +1,30 @@ -# Class: toollabs::redis -# # This role sets up a redis node for use by tool-labs # Restricts usage of certain commands, to prevent # people from trampling on others' keys # Uses default amount of RAM (1G) specified by redis class -# -# Parameters: -# -# Actions: -# -# Requires: -# -# Sample Usage: -# + class toollabs::redis ( $maxmemory = '12GB', ) { + include toollabs::infrastructure include ::redis::client::python + include labs_lvm + + package { 'python-virtualenv': + ensure => latest, + } + + labs_lvm::volume { 'redis-disk': + mountat => '/srv', + size => '100%FREE', + } $active_redis = hiera('active_redis') if $active_redis != $::fqdn { $slaveof = "${active_redis} 6379" } else { $slaveof = undef - } - - include labs_lvm - labs_lvm::volume { 'redis-disk': - mountat => '/srv', - size => '100%FREE', } redis::instance { 6379: @@ -59,10 +54,6 @@ }, }, require => Labs_lvm::Volume['redis-disk'], - } - - package { 'python-virtualenv': - ensure => latest, } diamond::collector { 'Redis': diff --git a/modules/toollabs/manifests/services.pp b/modules/toollabs/manifests/services.pp index 5b098b3..b8214fb 100644 --- a/modules/toollabs/manifests/services.pp +++ b/modules/toollabs/manifests/services.pp @@ -1,4 +1,3 @@ -# = Class: toollabs::services # Provides various services based off tools manifests # # = Parameters @@ -6,6 +5,7 @@ # [*active*] # true if all the current set of services should run actively, # false if they should just be hot standby + class toollabs::services( $active = false, ) inherits toollabs { @@ -20,8 +20,12 @@ ensure => latest, } - diamond::collector { 'SGE': - source => 'puppet:///modules/toollabs/monitoring/sge.py', + file { '/usr/local/bin/webservice': + ensure => link, + owner => 'root', + group => 'root', + mode => '0555', + target => '/usr/bin/webservice', } service { 'webservicemonitor': @@ -29,11 +33,7 @@ subscribe => Package['tools-manifest'], } - file { '/usr/local/bin/webservice': - ensure => link, - owner => 'root', - group => 'root', - mode => '0555', - target => '/usr/bin/webservice', + diamond::collector { 'SGE': + source => 'puppet:///modules/toollabs/monitoring/sge.py', } } diff --git a/modules/toollabs/manifests/shadow.pp b/modules/toollabs/manifests/shadow.pp index 6e70588..dc5d99a 100644 --- a/modules/toollabs/manifests/shadow.pp +++ b/modules/toollabs/manifests/shadow.pp @@ -1,17 +1,10 @@ -# Class: toollabs::shadow -# # This role sets up a grid shadow master in the Tool Labs model. # -# Parameters: -# gridmaster => FQDN of the gridengine master -# -# Actions: -# -# Requires: -# -# Sample Usage: -# +# [*gridmaster*] +# FQDN of the gridengine master + class toollabs::shadow($gridmaster) inherits toollabs { + include toollabs::infrastructure class { 'gridengine::shadow_master': diff --git a/modules/toollabs/manifests/static.pp b/modules/toollabs/manifests/static.pp index 66b8124..543a833 100644 --- a/modules/toollabs/manifests/static.pp +++ b/modules/toollabs/manifests/static.pp @@ -1,12 +1,12 @@ -# = Class: toollabs::proxy -# # A static http server, serving static files from NFS # Also serves an up-to-date mirror of cdnjs + class toollabs::static( $web_domain = 'tools.wmflabs.org', $ssl_certificate_name = 'star.wmflabs.org', $ssl_settings = ssl_ciphersuite('nginx', 'compat'), ) { + include toollabs::infrastructure if $ssl_certificate_name != false { diff --git a/modules/toollabs/manifests/updatetools.pp b/modules/toollabs/manifests/updatetools.pp index 3b078cc..549d306 100644 --- a/modules/toollabs/manifests/updatetools.pp +++ b/modules/toollabs/manifests/updatetools.pp @@ -1,7 +1,9 @@ # Set up a service to update the tools and users tables. + class toollabs::updatetools( - $active + $active, ) { + require_package('python-mysqldb') file { '/usr/local/bin/updatetools': -- To view, visit https://gerrit.wikimedia.org/r/322127 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib0c3b8299754d2b0c76642c4ee579bbb4a055d11 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush <r...@wikimedia.org> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Merlijn van Deen <valhall...@arctus.nl> Gerrit-Reviewer: Rush <r...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits