Volans has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/339183 )
Change subject: Cumin: authorize also cumin masters IPv6 addresses ...................................................................... Cumin: authorize also cumin masters IPv6 addresses - convert neodymium and sarin IPv6 config to use the mapped IPv6 - update the network constants - use the updated network constants to authorize Cumin masters in the targets - removed obsolete hiera config Bug: T158753 Change-Id: Ia66f1ea8117c0acabdebd62042d01f8e3b3acee0 --- M hieradata/common.yaml M manifests/site.pp M modules/network/manifests/constants.pp M modules/profile/manifests/cumin/target.pp 4 files changed, 15 insertions(+), 15 deletions(-) Approvals: jenkins-bot: Verified Volans: Looks good to me, approved diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 8f2f595..b3583c9 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -456,10 +456,6 @@ install_server: install1002.wikimedia.org install_server_failover: install2002.wikimedia.org -cumin_masters: - - neodymium.eqiad.wmnet - - sarin.codfw.wmnet - # Etcd client global configuration etcd_client_srv_domain: "%{::site}.wmnet" etcd_host: '' diff --git a/manifests/site.pp b/manifests/site.pp index d5f4020..9907a41 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -2259,6 +2259,10 @@ node 'neodymium.eqiad.wmnet' { role(deployment::salt_masters, debdeploy::master, ipmi::mgmt, access_new_install, mgmt::drac_ilo, cluster::management) + + interface::add_ip6_mapped { 'main': + interface => 'eth0', + } } node 'nescio.wikimedia.org' { @@ -2536,6 +2540,10 @@ # cluster management (salt master, cumin master) node 'sarin.codfw.wmnet' { role(cluster::management) + + interface::add_ip6_mapped { 'main': + interface => 'eth0', + } } # Services 'A' diff --git a/modules/network/manifests/constants.pp b/modules/network/manifests/constants.pp index a55464c..2a49889 100644 --- a/modules/network/manifests/constants.pp +++ b/modules/network/manifests/constants.pp @@ -69,10 +69,10 @@ '2620:0:860:101:10:192:0:27', # puppetmaster2001.codfw.wmnet ], 'cumin_masters' => [ - '10.64.32.20', # neodymium.eqiad.wmnet - '2620:0:861:103:92b1:1cff:fe2d:798c', # neodymium.eqiad.wmnet - '10.192.0.140', # sarin.eqiad.wmnet - '2620:0:860:101:92b1:1cff:fe2d:8540', # sarin.eqiad.wmnet + '10.64.32.20', # neodymium.eqiad.wmnet + '2620:0:861:103:10:64:32:20', # neodymium.eqiad.wmnet + '10.192.0.140', # sarin.codfw.wmnet + '2620:0:860:101:10:192:0:140', # sarin.codfw.wmnet ], }, 'labs' => { diff --git a/modules/profile/manifests/cumin/target.pp b/modules/profile/manifests/cumin/target.pp index 6e97a47..a93c4ea 100644 --- a/modules/profile/manifests/cumin/target.pp +++ b/modules/profile/manifests/cumin/target.pp @@ -1,11 +1,7 @@ -class profile::cumin::target( - $cumin_masters = hiera('cumin_masters'), -) { - validate_array($cumin_masters) +class profile::cumin::target() { + require ::network::constants - # FIXME: require new Puppet parser - $ssh_authorized_sources = inline_template( - "<%= @cumin_masters.map{|m| scope.function_ipresolve([m])}.join(',') %>") + $ssh_authorized_sources = join($::network::constants::special_hosts[$::realm]['cumin_masters'], ',') $cumin_master_pub_key = secret('keyholder/cumin_master.pub') ssh::userkey { 'root-cumin': -- To view, visit https://gerrit.wikimedia.org/r/339183 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ia66f1ea8117c0acabdebd62042d01f8e3b3acee0 Gerrit-PatchSet: 5 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Volans <rcocci...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: Volans <rcocci...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits