Gehel has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/342248 )
Change subject: elasticsearch - move role::elasticsearch::common to a profile ...................................................................... elasticsearch - move role::elasticsearch::common to a profile Trying to apply the principles defined in T147718 to the elasticsearch role. Bug: T147718 Change-Id: If8a5f9827e2780f0cff53b1ad6cf6de5e3ccf43b --- M hieradata/role/common/elasticsearch/relforge.yaml A modules/profile/manifests/elasticsearch/common.pp M modules/role/manifests/elasticsearch/cirrus.pp D modules/role/manifests/elasticsearch/common.pp M modules/role/manifests/elasticsearch/relforge.pp 5 files changed, 136 insertions(+), 105 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/48/342248/1 diff --git a/hieradata/role/common/elasticsearch/relforge.yaml b/hieradata/role/common/elasticsearch/relforge.yaml index f2138f7..1faac4e 100644 --- a/hieradata/role/common/elasticsearch/relforge.yaml +++ b/hieradata/role/common/elasticsearch/relforge.yaml @@ -10,6 +10,8 @@ elasticsearch::recover_after_nodes: 1 elasticsearch::recover_after_time: '1m' +elasticsearch::ferm_srange: '$LABS_NETWORKS' + # T130329 profile::base::check_disk_options: -w 18% -c 15% -l -e -A -i "/srv/sd[a-b][1-3]" --exclude-type=tracefs diff --git a/modules/profile/manifests/elasticsearch/common.pp b/modules/profile/manifests/elasticsearch/common.pp new file mode 100644 index 0000000..3797b76 --- /dev/null +++ b/modules/profile/manifests/elasticsearch/common.pp @@ -0,0 +1,131 @@ +# +# This class configures elasticsearch +# +# == Parameters: +# [*ferm_srange*] +# The network range that should be allowed access to elasticsearch. This +# needs to be customized for elasticsearch clusters serving non production +# traffic. The relforge cluster is an example. +# Default: $DOMAIN_NETWORKS +# +# For documentation of other parameters, see the elasticsearch class. +# +class profile::elasticsearch::common ( + $has_lvs = hiera('has_lvs', true), + $ferm_srange = hiera('elasticsearch::ferm_srange', '$DOMAIN_NETWORKS'), + $rack = hiera('elasticsearch::rack', undef), + $row = hiera('elasticsearch::row', undef), + $cluster_name = hiera('elasticsearch::cluster_name', undef), + $bulk_thread_pool_executors = hiera('elasticsearch::bulk_thread_pool_executors', 6), + $elastic_nodes = hiera('elasticsearch::cluster_hosts'), + $unicast_hosts = hiera('elasticsearch::unicast_hosts', []), + $version = hiera('elasticsearch::version', 5), + $minimum_master_nodes = hiera('elasticsearch::minimum_master_nodes', 1), + $certificate_name = hiera('elasticsearch::https::certificate_name', $::fqdn), + $recover_after_time = hiera('elasticsearch::recover_after_time', '1s'), + $recover_after_nodes = hiera('elasticsearch::recover_after_nodes', 1), + $heap_memory = hiera('elasticsearch::heap_memory', '2G'), + $expected_nodes = hiera('elasticsearch::expected_nodes', 1), + $master_eligible = hiera('elasticsearch::master_eligible', false), + $graylog_hosts = hiera('elasticsearch::graylog_hosts', undef), + $auto_create_index = hiera('elasticsearch::auto_create_index', false), +) { + + if ($::realm == 'production' and $rack == undef) { + fail("Don't know rack for ${::hostname} and rack awareness should be turned on") + } + + if ($::realm == 'labs' and $cluster_name == undef) { + $msg = '\$::elasticsearch::cluster_name must be set to something unique to the labs project.' + $msg2 = 'You can set it in the hiera config of the project' + fail("${msg}\n${msg2}") + } + + if $has_lvs { + class { '::lvs::realserver': } + } + class { '::standard': } + + ferm::service { 'elastic-http': + proto => 'tcp', + port => '9200', + notrack => true, + srange => $ferm_srange, + } + + $elastic_nodes_ferm = join($elastic_nodes, ' ') + + ferm::service { 'elastic-inter-node': + proto => 'tcp', + port => '9300', + notrack => true, + srange => "@resolve((${elastic_nodes_ferm}))", + } + + system::role { 'role::elasticsearch::server': + ensure => 'present', + description => 'elasticsearch server', + } + + package { 'elasticsearch/plugins': + provider => 'trebuchet', + } + # Elasticsearch 5 doesn't allow setting the plugin path, we need + # to symlink it into place. The directory already exists as part of the + # debian package, so we need to force the creation of the symlink. + $plugins_dir = '/srv/deployment/elasticsearch/plugins' + file { '/usr/share/elasticsearch/plugins': + ensure => 'link', + target => $plugins_dir, + force => true, + require => Package['elasticsearch/plugins'], + } + + # Install + class { '::elasticsearch': + require => [ + Package['elasticsearch/plugins'], + File['/usr/share/elasticsearch/plugins'], + ], + # Production elasticsearch needs these plugins to be loaded in order + # to work properly. This will keep elasticsearch from starting + # if these plugins are not available. + plugins_mandatory => [ + 'experimental-highlighter', + 'extra', + 'analysis-icu', + ], + plugins_dir => $plugins_dir, + # Let apifeatureusage create their indices + auto_create_index => '+apifeatureusage-*,-*', + # Production can get a lot of use out of the filter cache. + filter_cache_size => '20%', + bulk_thread_pool_executors => $bulk_thread_pool_executors, + bulk_thread_pool_capacity => 1000, + rack => $rack, + row => $row, + cluster_name => $cluster_name, + unicast_hosts => $unicast_hosts, + version => $version, + minimum_master_nodes => $minimum_master_nodes, + recover_after_time => $recover_after_time, + recover_after_nodes => $recover_after_nodes, + heap_memory => $heap_memory, + expected_nodes => $expected_nodes, + master_eligible => $master_eligible, + graylog_hosts => $graylog_hosts, + auto_create_index => $auto_create_index, + } + + if $::standard::has_ganglia { + class { '::elasticsearch::ganglia': } + } + + class { '::elasticsearch::https': + ferm_srange => $ferm_srange, + certificate_name => $certificate_name, + } + class { '::elasticsearch::monitor::diamond': } + class { '::elasticsearch::log::hot_threads': } + +} diff --git a/modules/role/manifests/elasticsearch/cirrus.pp b/modules/role/manifests/elasticsearch/cirrus.pp index 8c7f604..aa09e18 100644 --- a/modules/role/manifests/elasticsearch/cirrus.pp +++ b/modules/role/manifests/elasticsearch/cirrus.pp @@ -4,7 +4,5 @@ # # filtertags: labs-project-deployment-prep labs-project-search labs-project-math class role::elasticsearch::cirrus { - - include ::role::elasticsearch::common - + include ::profile::elasticsearch::common } diff --git a/modules/role/manifests/elasticsearch/common.pp b/modules/role/manifests/elasticsearch/common.pp deleted file mode 100644 index f3455e2..0000000 --- a/modules/role/manifests/elasticsearch/common.pp +++ /dev/null @@ -1,99 +0,0 @@ -# -# This class configures elasticsearch -# -# == Parameters: -# [*ferm_srange*] -# The network range that should be allowed access to elasticsearch. This -# needs to be customized for elasticsearch clusters serving non production -# traffic. The relforge cluster is an example. -# Default: $DOMAIN_NETWORKS -# -class role::elasticsearch::common( - $ferm_srange = '$DOMAIN_NETWORKS', -) { - - if ($::realm == 'production' and hiera('elasticsearch::rack', undef) == undef) { - fail("Don't know rack for ${::hostname} and rack awareness should be turned on") - } - - if ($::realm == 'labs' and hiera('elasticsearch::cluster_name', undef) == undef) { - $msg = '\$::elasticsearch::cluster_name must be set to something unique to the labs project.' - $msg2 = 'You can set it in the hiera config of the project' - fail("${msg}\n${msg2}") - } - - if hiera('has_lvs', true) { - include ::lvs::realserver - } - - ferm::service { 'elastic-http': - proto => 'tcp', - port => '9200', - notrack => true, - srange => $ferm_srange, - } - - $elastic_nodes = hiera('elasticsearch::cluster_hosts') - $elastic_nodes_ferm = join($elastic_nodes, ' ') - - ferm::service { 'elastic-inter-node': - proto => 'tcp', - port => '9300', - notrack => true, - srange => "@resolve((${elastic_nodes_ferm}))", - } - - system::role { 'role::elasticsearch::server': - ensure => 'present', - description => 'elasticsearch server', - } - - package { 'elasticsearch/plugins': - provider => 'trebuchet', - } - # Elasticsearch 5 doesn't allow setting the plugin path, we need - # to symlink it into place. The directory already exists as part of the - # debian package, so we need to force the creation of the symlink. - $plugins_dir = '/srv/deployment/elasticsearch/plugins' - file { '/usr/share/elasticsearch/plugins': - ensure => 'link', - target => $plugins_dir, - force => true, - require => Package['elasticsearch/plugins'], - } - - # Install - class { '::elasticsearch': - require => [ - Package['elasticsearch/plugins'], - File['/usr/share/elasticsearch/plugins'], - ], - # Production elasticsearch needs these plugins to be loaded in order - # to work properly. This will keep elasticsearch from starting - # if these plugins are not available. - plugins_mandatory => [ - 'experimental-highlighter', - 'extra', - 'analysis-icu', - ], - plugins_dir => $plugins_dir, - # Let apifeatureusage create their indices - auto_create_index => '+apifeatureusage-*,-*', - # Production can get a lot of use out of the filter cache. - filter_cache_size => '20%', - bulk_thread_pool_executors => hiera('elasticsearch::bulk_thread_pool_executors', 6), - bulk_thread_pool_capacity => 1000, - } - - include ::standard - if $::standard::has_ganglia { - include ::elasticsearch::ganglia - } - - class { '::elasticsearch::https': - ferm_srange => $ferm_srange, - } - include elasticsearch::monitor::diamond - include ::elasticsearch::log::hot_threads - -} diff --git a/modules/role/manifests/elasticsearch/relforge.pp b/modules/role/manifests/elasticsearch/relforge.pp index 73df471..6a41325 100644 --- a/modules/role/manifests/elasticsearch/relforge.pp +++ b/modules/role/manifests/elasticsearch/relforge.pp @@ -4,9 +4,8 @@ # class role::elasticsearch::relforge { - class { '::role::elasticsearch::common': - ferm_srange => '$LABS_NETWORKS', - } + include ::profile::elasticsearch::common + include ::elasticsearch::nagios::check # the relforge cluster is serving labs, it should never be connected from -- To view, visit https://gerrit.wikimedia.org/r/342248 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If8a5f9827e2780f0cff53b1ad6cf6de5e3ccf43b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Gehel <guillaume.leder...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits