[MediaWiki-commits] [Gerrit] operations/puppet[production]: Cumin: authorize also cumin masters IPv6 addresses

Fri, 24 Feb 2017 00:20:37 -0800 

Volans has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/339183 )

Change subject: Cumin: authorize also cumin masters IPv6 addresses
......................................................................


Cumin: authorize also cumin masters IPv6 addresses

- convert neodymium and sarin IPv6 config to use the mapped IPv6
- update the network constants
- use the updated network constants to authorize Cumin masters in the
  targets
- removed obsolete hiera config

Bug: T158753
Change-Id: Ia66f1ea8117c0acabdebd62042d01f8e3b3acee0
---
M hieradata/common.yaml
M manifests/site.pp
M modules/network/manifests/constants.pp
M modules/profile/manifests/cumin/target.pp
4 files changed, 15 insertions(+), 15 deletions(-)

Approvals:
  jenkins-bot: Verified
  Volans: Looks good to me, approved



diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 8f2f595..b3583c9 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -456,10 +456,6 @@
 install_server: install1002.wikimedia.org
 install_server_failover: install2002.wikimedia.org
 
-cumin_masters:
-  - neodymium.eqiad.wmnet
-  - sarin.codfw.wmnet
-
 # Etcd client global configuration
 etcd_client_srv_domain: "%{::site}.wmnet"
 etcd_host: ''
diff --git a/manifests/site.pp b/manifests/site.pp
index d5f4020..9907a41 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2259,6 +2259,10 @@
 node 'neodymium.eqiad.wmnet' {
     role(deployment::salt_masters, debdeploy::master, ipmi::mgmt,
       access_new_install, mgmt::drac_ilo, cluster::management)
+
+    interface::add_ip6_mapped { 'main':
+      interface => 'eth0',
+    }
 }
 
 node 'nescio.wikimedia.org' {
@@ -2536,6 +2540,10 @@
 # cluster management (salt master, cumin master)
 node 'sarin.codfw.wmnet' {
     role(cluster::management)
+
+    interface::add_ip6_mapped { 'main':
+      interface => 'eth0',
+    }
 }
 
 # Services 'A'
diff --git a/modules/network/manifests/constants.pp 
b/modules/network/manifests/constants.pp
index a55464c..2a49889 100644
--- a/modules/network/manifests/constants.pp
+++ b/modules/network/manifests/constants.pp
@@ -69,10 +69,10 @@
                     '2620:0:860:101:10:192:0:27', # 
puppetmaster2001.codfw.wmnet
                 ],
             'cumin_masters' => [
-                    '10.64.32.20',                        # 
neodymium.eqiad.wmnet
-                    '2620:0:861:103:92b1:1cff:fe2d:798c', # 
neodymium.eqiad.wmnet
-                    '10.192.0.140',                       # sarin.eqiad.wmnet
-                    '2620:0:860:101:92b1:1cff:fe2d:8540', # sarin.eqiad.wmnet
+                    '10.64.32.20',                 # neodymium.eqiad.wmnet
+                    '2620:0:861:103:10:64:32:20',  # neodymium.eqiad.wmnet
+                    '10.192.0.140',                # sarin.codfw.wmnet
+                    '2620:0:860:101:10:192:0:140', # sarin.codfw.wmnet
                 ],
             },
         'labs' => {
diff --git a/modules/profile/manifests/cumin/target.pp 
b/modules/profile/manifests/cumin/target.pp
index 6e97a47..a93c4ea 100644
--- a/modules/profile/manifests/cumin/target.pp
+++ b/modules/profile/manifests/cumin/target.pp
@@ -1,11 +1,7 @@
-class profile::cumin::target(
-    $cumin_masters = hiera('cumin_masters'),
-) {
-    validate_array($cumin_masters)
+class profile::cumin::target() {
+    require ::network::constants
 
-    # FIXME: require new Puppet parser
-    $ssh_authorized_sources = inline_template(
-        "<%= @cumin_masters.map{|m| scope.function_ipresolve([m])}.join(',') 
%>")
+    $ssh_authorized_sources = 
join($::network::constants::special_hosts[$::realm]['cumin_masters'], ',')
     $cumin_master_pub_key = secret('keyholder/cumin_master.pub')
 
     ssh::userkey { 'root-cumin':

-- 
To view, visit https://gerrit.wikimedia.org/r/339183
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ia66f1ea8117c0acabdebd62042d01f8e3b3acee0
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Volans <rcocci...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Volans <rcocci...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to