Dzahn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/333676 )
Change subject: aptrepo: setup rsync between 2 APT servers
......................................................................
aptrepo: setup rsync between 2 APT servers
So far we just have a single APT repo, apt.wikimedia.org
points to carbon.
But we want to retire carbon and replace it fully with 2 servers,
one per each DC, install1001 and install2001.
As a first step one of them will be the "live" server
that DNS points to and the other one will be warm stand-by.
To ensure it is "warm" we setup rsyncd to keep /srv/wikimedia
with the actual package data in sync between the 2 servers.
For this we put rsyncd on the target, the one that is NOT live,
and add a firewall hole to allow connections from the source,
the live server, which pushes data to the failover server.
Decide which server is which with a simple switch in Hiera.
Bug: T84380
Bug: T132757
Change-Id: Idd9c51f93b8cb46a7f00fa44f9061ff5a8e133cb
---
M hieradata/common.yaml
A modules/aptrepo/manifests/rsync.pp
M modules/role/manifests/aptrepo/wikimedia.pp
3 files changed, 30 insertions(+), 0 deletions(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index a5a7925..f950a80 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -452,3 +452,4 @@
id: 2003
deployment_server: tin.eqiad.wmnet
+install_server: install1001.wikimedia.org
diff --git a/modules/aptrepo/manifests/rsync.pp
b/modules/aptrepo/manifests/rsync.pp
new file mode 100644
index 0000000..56aad73
--- /dev/null
+++ b/modules/aptrepo/manifests/rsync.pp
@@ -0,0 +1,28 @@
+# sets up rsync of APT repos between 2 servers
+# activates rsync for push from the primary to secondary
+class aptrepo::rsync {
+
+ $primary_server = hiera('install_server', 'install1001.wikimedia.org')
+
+ # only activate rsync/firewall hole on the server that is NOT active
+ if $::fqdn != $primary_server {
+ $ensure = 'present'
+ include rsync::server
+ } else {
+ $ensure = 'absent'
+ }
+
+ ferm::service { 'aptrepo-rsync':
+ ensure => $aptrepo::rsync::ensure,
+ proto => 'tcp',
+ port => '873',
+ srange => "@resolve(${primary_server})/32",
+ }
+
+ rsync::server::module { 'aptrepo-basedir':
+ ensure => $aptrepo::rsync::ensure,
+ path => $aptrepo::basedir,
+ read_only => 'no',
+ hosts_allow => "@resolve(${primary_server})",
+ }
+}
diff --git a/modules/role/manifests/aptrepo/wikimedia.pp
b/modules/role/manifests/aptrepo/wikimedia.pp
index 73f401d..b5a78fd 100644
--- a/modules/role/manifests/aptrepo/wikimedia.pp
+++ b/modules/role/manifests/aptrepo/wikimedia.pp
@@ -22,4 +22,5 @@
include role::backup::host
backup::set { 'srv-wikimedia': }
+ include aptrepo::rsync
}
--
To view, visit https://gerrit.wikimedia.org/r/333676
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idd9c51f93b8cb46a7f00fa44f9061ff5a8e133cb
Gerrit-PatchSet: 15
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
