Rush has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/383909 )
Change subject: openstack: pdns recursor module/profile/role
......................................................................
openstack: pdns recursor module/profile/role
* This deprecates the needed per host values
for labservices1002
* use 'secondary' for primary/secondary active/active
pairs and 'standby' for primary/standby active/standby
pairs
* couple recursor monitoring with recursor profile
Bug: T171494
Change-Id: I1055766185d5381a666bbd97976e80eb7a681837
---
M hieradata/codfw/profile/openstack/labtest/pdns.yaml
A hieradata/common/profile/openstack/base/pdns/labsdb.yaml
M hieradata/eqiad/profile/openstack/main/pdns.yaml
D hieradata/hosts/labservices1002.yaml
R hieradata/role/eqiad/wmcs/openstack/main/net_standby.yaml
R hieradata/role/eqiad/wmcs/openstack/main/services_primary.yaml
C hieradata/role/eqiad/wmcs/openstack/main/services_secondary.yaml
M modules/profile/manifests/openstack/base/pdns/auth/monitor/pdns_control.pp
M modules/profile/manifests/openstack/base/pdns/auth/service.pp
A modules/profile/manifests/openstack/base/pdns/recursor/monitor/rec_control.pp
A modules/profile/manifests/openstack/base/pdns/recursor/service.pp
A modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
M modules/role/manifests/wmcs/openstack/labtest/services.pp
R modules/role/manifests/wmcs/openstack/main/net_standby.pp
R modules/role/manifests/wmcs/openstack/main/services_primary.pp
C modules/role/manifests/wmcs/openstack/main/services_secondary.pp
16 files changed, 1,061 insertions(+), 27 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/09/383909/1
diff --git a/hieradata/codfw/profile/openstack/labtest/pdns.yaml
b/hieradata/codfw/profile/openstack/labtest/pdns.yaml
index 91206e6..1de72f5 100644
--- a/hieradata/codfw/profile/openstack/labtest/pdns.yaml
+++ b/hieradata/codfw/profile/openstack/labtest/pdns.yaml
@@ -1,3 +1,5 @@
+profile::openstack::labtest::pdns::tld: 'labtest'
+profile::openstack::labtest::pdns::private_reverse: '196.10.in-addr.arpa'
profile::openstack::labtest::pdns::host: 'labtest-ns0.wikimedia.org'
profile::openstack::labtest::pdns::host_secondary: 'labtest-ns0.wikimedia.org'
profile::openstack::labtest::pdns::recursor: 'labtest-recursor0.wikimedia.org'
diff --git a/hieradata/common/profile/openstack/base/pdns/labsdb.yaml
b/hieradata/common/profile/openstack/base/pdns/labsdb.yaml
new file mode 100644
index 0000000..c7377da
--- /dev/null
+++ b/hieradata/common/profile/openstack/base/pdns/labsdb.yaml
@@ -0,0 +1,897 @@
+# There are two old school replica servers (c1, c3 -- c2 is dead now). The
mapping of
+# "shards" (s1, etc.) and databases (enwiki, etc.) to these is
+# arbitrary in so much as all replicas have all the same data
+# and can be adjusted to depool a server or redistribute load.
+
+profile::openstack::base::pdns::labsdb::c1:
+ - bgwiki
+ - bgwiktionary
+ - c1
+ - commonswiki
+ - cswiki
+ - enwiki
+ - enwikiquote
+ - enwiktionary
+ - eowiki
+ - fiwiki
+ - idwiki
+ - itwiki
+ - nlwiki
+ - nowiki
+ - plwiki
+ - ptwiki
+ - s1
+ - s2
+ - s4
+ - svwiki
+ - thwiki
+ - trwiki
+ - zhwiki
+
+profile::openstack::base::pdns::labsdb::c2:
+ - c2
+
+profile::openstack::base::pdns::labsdb::c3:
+ - aawiki
+ - aawikibooks
+ - aawiktionary
+ - abwiki
+ - abwiktionary
+ - acewiki
+ - advisorywiki
+ - adywiki
+ - afwiki
+ - afwikibooks
+ - afwikiquote
+ - afwiktionary
+ - akwiki
+ - akwikibooks
+ - akwiktionary
+ - alswiki
+ - alswikibooks
+ - alswikiquote
+ - alswiktionary
+ - amwiki
+ - amwikiquote
+ - amwiktionary
+ - angwiki
+ - angwikibooks
+ - angwikiquote
+ - angwikisource
+ - angwiktionary
+ - anwiki
+ - anwiktionary
+ - arcwiki
+ - arwiki
+ - arwikibooks
+ - arwikimedia
+ - arwikinews
+ - arwikiquote
+ - arwikisource
+ - arwikiversity
+ - arwiktionary
+ - arzwiki
+ - astwiki
+ - astwikibooks
+ - astwikiquote
+ - astwiktionary
+ - aswiki
+ - aswikibooks
+ - aswikisource
+ - aswiktionary
+ - atjwiki
+ - avwiki
+ - avwiktionary
+ - aywiki
+ - aywikibooks
+ - aywiktionary
+ - azbwiki
+ - azwiki
+ - azwikibooks
+ - azwikiquote
+ - azwikisource
+ - azwiktionary
+ - barwiki
+ - bat_smgwiki
+ - bawiki
+ - bawikibooks
+ - bclwiki
+ - bdwikimedia
+ - be_x_oldwiki
+ - betawikiversity
+ - bewiki
+ - bewikibooks
+ - bewikimedia
+ - bewikiquote
+ - bewikisource
+ - bewiktionary
+ - bgwikibooks
+ - bgwikinews
+ - bgwikiquote
+ - bgwikisource
+ - bhwiki
+ - bhwiktionary
+ - biwiki
+ - biwikibooks
+ - biwiktionary
+ - bjnwiki
+ - bmwiki
+ - bmwikibooks
+ - bmwikiquote
+ - bmwiktionary
+ - bnwiki
+ - bnwikibooks
+ - bnwikisource
+ - bnwiktionary
+ - bowiki
+ - bowikibooks
+ - bowiktionary
+ - bpywiki
+ - brwiki
+ - brwikimedia
+ - brwikiquote
+ - brwikisource
+ - brwiktionary
+ - bswiki
+ - bswikibooks
+ - bswikinews
+ - bswikiquote
+ - bswikisource
+ - bswiktionary
+ - bugwiki
+ - bxrwiki
+ - c3
+ - cawiki
+ - cawikibooks
+ - cawikimedia
+ - cawikinews
+ - cawikiquote
+ - cawikisource
+ - cawiktionary
+ - cbk_zamwiki
+ - cdowiki
+ - cebwiki
+ - centralauth
+ - cewiki
+ - chowiki
+ - chrwiki
+ - chrwiktionary
+ - chwiki
+ - chwikibooks
+ - chwiktionary
+ - chywiki
+ - ckbwiki
+ - cnwikimedia
+ - cowiki
+ - cowikibooks
+ - cowikimedia
+ - cowikiquote
+ - cowiktionary
+ - crhwiki
+ - crwiki
+ - crwikiquote
+ - crwiktionary
+ - csbwiki
+ - csbwiktionary
+ - cswikibooks
+ - cswikinews
+ - cswikiquote
+ - cswikisource
+ - cswikiversity
+ - cswiktionary
+ - cuwiki
+ - cvwiki
+ - cvwikibooks
+ - cywiki
+ - cywikibooks
+ - cywikiquote
+ - cywikisource
+ - cywiktionary
+ - dawiki
+ - dawikibooks
+ - dawikiquote
+ - dawikisource
+ - dawiktionary
+ - dewiki
+ - dewikibooks
+ - dewikinews
+ - dewikiquote
+ - dewikisource
+ - dewikiversity
+ - dewikivoyage
+ - dewiktionary
+ - diqwiki
+ - dkwikimedia
+ - donatewiki
+ - dsbwiki
+ - dtywiki
+ - dvwiki
+ - dvwiktionary
+ - dzwiki
+ - dzwiktionary
+ - eewiki
+ - elwiki
+ - elwikibooks
+ - elwikinews
+ - elwikiquote
+ - elwikisource
+ - elwikiversity
+ - elwikivoyage
+ - elwiktionary
+ - emlwiki
+ - enwikibooks
+ - enwikinews
+ - enwikisource
+ - enwikiversity
+ - enwikivoyage
+ - eowikibooks
+ - eowikinews
+ - eowikiquote
+ - eowikisource
+ - eowiktionary
+ - eswiki
+ - eswikibooks
+ - eswikinews
+ - eswikiquote
+ - eswikisource
+ - eswikiversity
+ - eswikivoyage
+ - eswiktionary
+ - etwiki
+ - etwikibooks
+ - etwikimedia
+ - etwikiquote
+ - etwikisource
+ - etwiktionary
+ - euwiki
+ - euwikibooks
+ - euwikiquote
+ - euwiktionary
+ - extwiki
+ - fawiki
+ - fawikibooks
+ - fawikinews
+ - fawikiquote
+ - fawikisource
+ - fawikivoyage
+ - fawiktionary
+ - ffwiki
+ - fiu_vrowiki
+ - fiwikibooks
+ - fiwikimedia
+ - fiwikinews
+ - fiwikiquote
+ - fiwikisource
+ - fiwikiversity
+ - fiwikivoyage
+ - fiwiktionary
+ - fjwiki
+ - fjwiktionary
+ - foundationwiki
+ - fowiki
+ - fowikisource
+ - fowiktionary
+ - frpwiki
+ - frrwiki
+ - frwiki
+ - frwikibooks
+ - frwikinews
+ - frwikiquote
+ - frwikisource
+ - frwikiversity
+ - frwikivoyage
+ - frwiktionary
+ - furwiki
+ - fywiki
+ - fywikibooks
+ - fywiktionary
+ - gagwiki
+ - ganwiki
+ - gawiki
+ - gawikibooks
+ - gawikiquote
+ - gawiktionary
+ - gdwiki
+ - gdwiktionary
+ - glkwiki
+ - glwiki
+ - glwikibooks
+ - glwikiquote
+ - glwikisource
+ - glwiktionary
+ - gnwiki
+ - gnwikibooks
+ - gnwiktionary
+ - gomwiki
+ - gotwiki
+ - gotwikibooks
+ - guwiki
+ - guwikibooks
+ - guwikiquote
+ - guwikisource
+ - guwiktionary
+ - gvwiki
+ - gvwiktionary
+ - hakwiki
+ - hawiki
+ - hawiktionary
+ - hawwiki
+ - hewiki
+ - hewikibooks
+ - hewikinews
+ - hewikiquote
+ - hewikisource
+ - hewikivoyage
+ - hewiktionary
+ - hifwiki
+ - hiwiki
+ - hiwikibooks
+ - hiwikiquote
+ - hiwikiversity
+ - hiwikivoyage
+ - hiwiktionary
+ - howiki
+ - hrwiki
+ - hrwikibooks
+ - hrwikiquote
+ - hrwikisource
+ - hrwiktionary
+ - hsbwiki
+ - hsbwiktionary
+ - htwiki
+ - htwikisource
+ - huwiki
+ - huwikibooks
+ - huwikinews
+ - huwikiquote
+ - huwikisource
+ - huwiktionary
+ - hywiki
+ - hywikibooks
+ - hywikiquote
+ - hywikisource
+ - hywiktionary
+ - hzwiki
+ - iawiki
+ - iawikibooks
+ - iawiktionary
+ - idwikibooks
+ - idwikiquote
+ - idwikisource
+ - idwiktionary
+ - iewiki
+ - iewikibooks
+ - iewiktionary
+ - igwiki
+ - iiwiki
+ - ikwiki
+ - ikwiktionary
+ - ilowiki
+ - incubatorwiki
+ - iowiki
+ - iowiktionary
+ - iswiki
+ - iswikibooks
+ - iswikiquote
+ - iswikisource
+ - iswiktionary
+ - itwikibooks
+ - itwikinews
+ - itwikiquote
+ - itwikisource
+ - itwikiversity
+ - itwikivoyage
+ - itwiktionary
+ - iuwiki
+ - iuwiktionary
+ - jamwiki
+ - jawiki
+ - jawikibooks
+ - jawikinews
+ - jawikiquote
+ - jawikisource
+ - jawikiversity
+ - jawiktionary
+ - jbowiki
+ - jbowiktionary
+ - jvwiki
+ - jvwiktionary
+ - kaawiki
+ - kabwiki
+ - kawiki
+ - kawikibooks
+ - kawikiquote
+ - kawiktionary
+ - kbdwiki
+ - kgwiki
+ - kiwiki
+ - kjwiki
+ - kkwiki
+ - kkwikibooks
+ - kkwikiquote
+ - kkwiktionary
+ - klwiki
+ - klwiktionary
+ - kmwiki
+ - kmwikibooks
+ - kmwiktionary
+ - knwiki
+ - knwikibooks
+ - knwikiquote
+ - knwikisource
+ - knwiktionary
+ - koiwiki
+ - kowiki
+ - kowikibooks
+ - kowikinews
+ - kowikiquote
+ - kowikisource
+ - kowikiversity
+ - kowiktionary
+ - krcwiki
+ - krwiki
+ - krwikiquote
+ - kshwiki
+ - kswiki
+ - kswikibooks
+ - kswikiquote
+ - kswiktionary
+ - kuwiki
+ - kuwikibooks
+ - kuwikiquote
+ - kuwiktionary
+ - kvwiki
+ - kwwiki
+ - kwwikiquote
+ - kwwiktionary
+ - kywiki
+ - kywikibooks
+ - kywikiquote
+ - kywiktionary
+ - ladwiki
+ - lawiki
+ - lawikibooks
+ - lawikiquote
+ - lawikisource
+ - lawiktionary
+ - lbewiki
+ - lbwiki
+ - lbwikibooks
+ - lbwikiquote
+ - lbwiktionary
+ - lezwiki
+ - lgwiki
+ - lijwiki
+ - liwiki
+ - liwikibooks
+ - liwikiquote
+ - liwikisource
+ - liwiktionary
+ - lmowiki
+ - lnwiki
+ - lnwikibooks
+ - lnwiktionary
+ - loginwiki
+ - lowiki
+ - lowiktionary
+ - lrcwiki
+ - ltgwiki
+ - ltwiki
+ - ltwikibooks
+ - ltwikiquote
+ - ltwikisource
+ - ltwiktionary
+ - lvwiki
+ - lvwikibooks
+ - lvwiktionary
+ - maiwiki
+ - map_bmswiki
+ - mdfwiki
+ - mediawikiwiki
+ - metawiki
+ - mgwiki
+ - mgwikibooks
+ - mgwiktionary
+ - mhrwiki
+ - mhwiki
+ - mhwiktionary
+ - minwiki
+ - miwiki
+ - miwikibooks
+ - miwiktionary
+ - mkwiki
+ - mkwikibooks
+ - mkwikimedia
+ - mkwikisource
+ - mkwiktionary
+ - mlwiki
+ - mlwikibooks
+ - mlwikiquote
+ - mlwikisource
+ - mlwiktionary
+ - mnwiki
+ - mnwikibooks
+ - mnwiktionary
+ - mowiki
+ - mowiktionary
+ - mrjwiki
+ - mrwiki
+ - mrwikibooks
+ - mrwikiquote
+ - mrwikisource
+ - mrwiktionary
+ - mswiki
+ - mswikibooks
+ - mswiktionary
+ - mtwiki
+ - mtwiktionary
+ - muswiki
+ - mwlwiki
+ - mxwikimedia
+ - myvwiki
+ - mywiki
+ - mywikibooks
+ - mywiktionary
+ - mznwiki
+ - nahwiki
+ - nahwikibooks
+ - nahwiktionary
+ - napwiki
+ - nawiki
+ - nawikibooks
+ - nawikiquote
+ - nawiktionary
+ - nds_nlwiki
+ - ndswiki
+ - ndswikibooks
+ - ndswikiquote
+ - ndswiktionary
+ - newiki
+ - newikibooks
+ - newiktionary
+ - newwiki
+ - ngwiki
+ - nlwikibooks
+ - nlwikimedia
+ - nlwikinews
+ - nlwikiquote
+ - nlwikisource
+ - nlwikivoyage
+ - nlwiktionary
+ - nnwiki
+ - nnwikiquote
+ - nnwiktionary
+ - nostalgiawiki
+ - novwiki
+ - nowikibooks
+ - nowikimedia
+ - nowikinews
+ - nowikiquote
+ - nowikisource
+ - nowiktionary
+ - nrmwiki
+ - nsowiki
+ - nvwiki
+ - nycwikimedia
+ - nywiki
+ - nzwikimedia
+ - ocwiki
+ - ocwikibooks
+ - ocwiktionary
+ - olowiki
+ - omwiki
+ - omwiktionary
+ - orwiki
+ - orwikisource
+ - orwiktionary
+ - oswiki
+ - outreachwiki
+ - pa_uswikimedia
+ - pagwiki
+ - pamwiki
+ - papwiki
+ - pawiki
+ - pawikibooks
+ - pawikisource
+ - pawiktionary
+ - pcdwiki
+ - pdcwiki
+ - pflwiki
+ - pihwiki
+ - piwiki
+ - piwiktionary
+ - plwikibooks
+ - plwikimedia
+ - plwikinews
+ - plwikiquote
+ - plwikisource
+ - plwikivoyage
+ - plwiktionary
+ - pmswiki
+ - pnbwiki
+ - pnbwiktionary
+ - pntwiki
+ - pswiki
+ - pswikibooks
+ - pswiktionary
+ - ptwikibooks
+ - ptwikimedia
+ - ptwikinews
+ - ptwikiquote
+ - ptwikisource
+ - ptwikiversity
+ - ptwikivoyage
+ - ptwiktionary
+ - qualitywiki
+ - quwiki
+ - quwikibooks
+ - quwikiquote
+ - quwiktionary
+ - rmwiki
+ - rmwikibooks
+ - rmwiktionary
+ - rmywiki
+ - rnwiki
+ - rnwiktionary
+ - roa_rupwiki
+ - roa_rupwiktionary
+ - roa_tarawiki
+ - rowiki
+ - rowikibooks
+ - rowikinews
+ - rowikiquote
+ - rowikisource
+ - rowikivoyage
+ - rowiktionary
+ - rswikimedia
+ - ruewiki
+ - ruwiki
+ - ruwikibooks
+ - ruwikimedia
+ - ruwikinews
+ - ruwikiquote
+ - ruwikisource
+ - ruwikiversity
+ - ruwikivoyage
+ - ruwiktionary
+ - rwwiki
+ - rwwiktionary
+ - s3
+ - s5
+ - s6
+ - s7
+ - sahwiki
+ - sahwikisource
+ - sawiki
+ - sawikibooks
+ - sawikiquote
+ - sawikisource
+ - sawiktionary
+ - scnwiki
+ - scnwiktionary
+ - scowiki
+ - scwiki
+ - scwiktionary
+ - sdwiki
+ - sdwikinews
+ - sdwiktionary
+ - sewiki
+ - sewikibooks
+ - sewikimedia
+ - sgwiki
+ - sgwiktionary
+ - shwiki
+ - shwiktionary
+ - simplewiki
+ - simplewikibooks
+ - simplewikiquote
+ - simplewiktionary
+ - siwiki
+ - siwikibooks
+ - siwiktionary
+ - skwiki
+ - skwikibooks
+ - skwikiquote
+ - skwikisource
+ - skwiktionary
+ - slwiki
+ - slwikibooks
+ - slwikiquote
+ - slwikisource
+ - slwikiversity
+ - slwiktionary
+ - smwiki
+ - smwiktionary
+ - snwiki
+ - snwiktionary
+ - sourceswiki
+ - sowiki
+ - sowiktionary
+ - specieswiki
+ - sqwiki
+ - sqwikibooks
+ - sqwikinews
+ - sqwikiquote
+ - sqwiktionary
+ - srnwiki
+ - srwiki
+ - srwikibooks
+ - srwikinews
+ - srwikiquote
+ - srwikisource
+ - srwiktionary
+ - sswiki
+ - sswiktionary
+ - stqwiki
+ - strategywiki
+ - stwiki
+ - stwiktionary
+ - suwiki
+ - suwikibooks
+ - suwikiquote
+ - suwiktionary
+ - svwikibooks
+ - svwikinews
+ - svwikiquote
+ - svwikisource
+ - svwikiversity
+ - svwikivoyage
+ - svwiktionary
+ - swwiki
+ - swwikibooks
+ - swwiktionary
+ - szlwiki
+ - tawiki
+ - tawikibooks
+ - tawikinews
+ - tawikiquote
+ - tawikisource
+ - tawiktionary
+ - tcywiki
+ - tenwiki
+ - test2wiki
+ - testwiki
+ - testwikidatawiki
+ - tetwiki
+ - tewiki
+ - tewikibooks
+ - tewikiquote
+ - tewikisource
+ - tewiktionary
+ - tgwiki
+ - tgwikibooks
+ - tgwiktionary
+ - thwikibooks
+ - thwikinews
+ - thwikiquote
+ - thwikisource
+ - thwiktionary
+ - tiwiki
+ - tiwiktionary
+ - tkwiki
+ - tkwikibooks
+ - tkwikiquote
+ - tkwiktionary
+ - tlwiki
+ - tlwikibooks
+ - tlwiktionary
+ - tnwiki
+ - tnwiktionary
+ - towiki
+ - towiktionary
+ - tpiwiki
+ - tpiwiktionary
+ - trwikibooks
+ - trwikimedia
+ - trwikinews
+ - trwikiquote
+ - trwikisource
+ - trwiktionary
+ - tswiki
+ - tswiktionary
+ - ttwiki
+ - ttwikibooks
+ - ttwikiquote
+ - ttwiktionary
+ - tumwiki
+ - twwiki
+ - twwiktionary
+ - tyvwiki
+ - tywiki
+ - uawikimedia
+ - udmwiki
+ - ugwiki
+ - ugwikibooks
+ - ugwikiquote
+ - ugwiktionary
+ - ukwiki
+ - ukwikibooks
+ - ukwikimedia
+ - ukwikinews
+ - ukwikiquote
+ - ukwikisource
+ - ukwikivoyage
+ - ukwiktionary
+ - urwiki
+ - urwikibooks
+ - urwikiquote
+ - urwiktionary
+ - usabilitywiki
+ - uzwiki
+ - uzwikibooks
+ - uzwikiquote
+ - uzwiktionary
+ - vecwiki
+ - vecwikisource
+ - vecwiktionary
+ - vepwiki
+ - vewiki
+ - vewikimedia
+ - viwiki
+ - viwikibooks
+ - viwikiquote
+ - viwikisource
+ - viwikivoyage
+ - viwiktionary
+ - vlswiki
+ - votewiki
+ - vowiki
+ - vowikibooks
+ - vowikiquote
+ - vowiktionary
+ - warwiki
+ - wawiki
+ - wawikibooks
+ - wawiktionary
+ - wbwikimedia
+ - wikidatawiki
+ - wikimania2005wiki
+ - wikimania2006wiki
+ - wikimania2007wiki
+ - wikimania2008wiki
+ - wikimania2009wiki
+ - wikimania2010wiki
+ - wikimania2011wiki
+ - wikimania2012wiki
+ - wikimania2013wiki
+ - wikimania2014wiki
+ - wikimania2015wiki
+ - wikimania2016wiki
+ - wikimania2017wiki
+ - wikimania2018wiki
+ - wowiki
+ - wowikiquote
+ - wowiktionary
+ - wuuwiki
+ - xalwiki
+ - xhwiki
+ - xhwikibooks
+ - xhwiktionary
+ - xmfwiki
+ - yiwiki
+ - yiwikisource
+ - yiwiktionary
+ - yowiki
+ - yowikibooks
+ - yowiktionary
+ - zawiki
+ - zawikibooks
+ - zawikiquote
+ - zawiktionary
+ - zeawiki
+ - zh_classicalwiki
+ - zh_min_nanwiki
+ - zh_min_nanwikibooks
+ - zh_min_nanwikiquote
+ - zh_min_nanwikisource
+ - zh_min_nanwiktionary
+ - zh_yuewiki
+ - zhwikibooks
+ - zhwikinews
+ - zhwikiquote
+ - zhwikisource
+ - zhwikivoyage
+ - zhwiktionary
+ - zuwiki
+ - zuwikibooks
+ - zuwiktionary
diff --git a/hieradata/eqiad/profile/openstack/main/pdns.yaml
b/hieradata/eqiad/profile/openstack/main/pdns.yaml
index ab73ff2..040957e 100644
--- a/hieradata/eqiad/profile/openstack/main/pdns.yaml
+++ b/hieradata/eqiad/profile/openstack/main/pdns.yaml
@@ -1,3 +1,5 @@
+profile::openstack::main::pdns::tld: 'wmflabs'
+profile::openstack::main::pdns::private_reverse: '68.10.in-addr.arpa'
profile::openstack::main::pdns::host: 'labs-ns0.wikimedia.org'
profile::openstack::main::pdns::host_secondary: 'labs-ns1.wikimedia.org'
profile::openstack::main::pdns::recursor: 'labs-recursor0.wikimedia.org'
diff --git a/hieradata/hosts/labservices1002.yaml
b/hieradata/hosts/labservices1002.yaml
deleted file mode 100644
index 898054e..0000000
--- a/hieradata/hosts/labservices1002.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-labsdnsconfig:
- host: 'labs-ns1.wikimedia.org'
- host_secondary: 'labs-ns0.wikimedia.org'
- recursor: 'labs-recursor1.wikimedia.org'
- recursor_secondary: 'labs-recursor0.wikimedia.org'
diff --git a/hieradata/role/eqiad/wmcs/openstack/main/net_secondary.yaml
b/hieradata/role/eqiad/wmcs/openstack/main/net_standby.yaml
similarity index 100%
rename from hieradata/role/eqiad/wmcs/openstack/main/net_secondary.yaml
rename to hieradata/role/eqiad/wmcs/openstack/main/net_standby.yaml
diff --git a/hieradata/role/eqiad/wmcs/openstack/main/services.yaml
b/hieradata/role/eqiad/wmcs/openstack/main/services_primary.yaml
similarity index 100%
rename from hieradata/role/eqiad/wmcs/openstack/main/services.yaml
rename to hieradata/role/eqiad/wmcs/openstack/main/services_primary.yaml
diff --git a/hieradata/role/eqiad/wmcs/openstack/main/services.yaml
b/hieradata/role/eqiad/wmcs/openstack/main/services_secondary.yaml
similarity index 100%
copy from hieradata/role/eqiad/wmcs/openstack/main/services.yaml
copy to hieradata/role/eqiad/wmcs/openstack/main/services_secondary.yaml
diff --git
a/modules/profile/manifests/openstack/base/pdns/auth/monitor/pdns_control.pp
b/modules/profile/manifests/openstack/base/pdns/auth/monitor/pdns_control.pp
index 50ff498..9a56c54 100644
--- a/modules/profile/manifests/openstack/base/pdns/auth/monitor/pdns_control.pp
+++ b/modules/profile/manifests/openstack/base/pdns/auth/monitor/pdns_control.pp
@@ -16,22 +16,4 @@
},
require => Sudo::User['diamond_sudo_for_pdns'],
}
-
- # TODO: move to recursor profile
- sudo::user { 'diamond_sudo_for_pdns_recursor':
- user => 'diamond',
- privileges => ['ALL=(root) NOPASSWD: /usr/bin/rec_control get-all'],
- }
-
- # For the recursor
- diamond::collector { 'PowerDNSRecursor':
- source => 'puppet:///modules/diamond/collector/powerdns_recursor.py',
- settings => {
- # lint:ignore:quoted_booleans
- # This is jammed straight into a config file, needs quoting.
- use_sudo => 'true',
- # lint:endignore
- },
- require => Sudo::User['diamond_sudo_for_pdns_recursor'],
- }
}
diff --git a/modules/profile/manifests/openstack/base/pdns/auth/service.pp
b/modules/profile/manifests/openstack/base/pdns/auth/service.pp
index 5941d9a..926fe4c 100644
--- a/modules/profile/manifests/openstack/base/pdns/auth/service.pp
+++ b/modules/profile/manifests/openstack/base/pdns/auth/service.pp
@@ -5,9 +5,11 @@
$db_pass = hiera('profile::openstack::base::pdns::db_pass'),
) {
+ # dns_auth_ipaddress => $facts['ipaddress'],
+ # dns_auth_query_address => $facts['ipaddress'],
class { '::pdns_server':
- dns_auth_ipaddress => $facts['ipaddress'],
- dns_auth_query_address => $facts['ipaddress'],
+ dns_auth_ipaddress => $::ipaddress,
+ dns_auth_query_address => $::ipaddress,
dns_auth_soa_name => $host,
pdns_db_host => $db_host,
pdns_db_password => $db_pass,
diff --git
a/modules/profile/manifests/openstack/base/pdns/recursor/monitor/rec_control.pp
b/modules/profile/manifests/openstack/base/pdns/recursor/monitor/rec_control.pp
new file mode 100644
index 0000000..73fb9db
--- /dev/null
+++
b/modules/profile/manifests/openstack/base/pdns/recursor/monitor/rec_control.pp
@@ -0,0 +1,21 @@
+class profile::openstack::base::pdns::recursor::monitor::rec_control {
+
+ ::dnsrecursor::monitor { $pdns_recursor_ip: }
+
+ sudo::user { 'diamond_sudo_for_pdns_recursor':
+ user => 'diamond',
+ privileges => ['ALL=(root) NOPASSWD: /usr/bin/rec_control get-all'],
+ }
+
+ # For the recursor
+ diamond::collector { 'PowerDNSRecursor':
+ source => 'puppet:///modules/diamond/collector/powerdns_recursor.py',
+ settings => {
+ # lint:ignore:quoted_booleans
+ # This is jammed straight into a config file, needs quoting.
+ use_sudo => 'true',
+ # lint:endignore
+ },
+ require => Sudo::User['diamond_sudo_for_pdns_recursor'],
+ }
+}
diff --git a/modules/profile/manifests/openstack/base/pdns/recursor/service.pp
b/modules/profile/manifests/openstack/base/pdns/recursor/service.pp
new file mode 100644
index 0000000..a80ef42
--- /dev/null
+++ b/modules/profile/manifests/openstack/base/pdns/recursor/service.pp
@@ -0,0 +1,114 @@
+# Class: profile::openstack::pdns::recursor::service
+#
+# Instances can't communicate directly with other instances
+# via floating IP, but they often want to do DNS lookups for the
+# public IP of other instances (e.g. beta.wmflabs.org).
+#
+# This recursor does two useful things:
+#
+# - It maintains a mapping between floating and private IPs
+# for select instances. Anytime the upstream DNS server returns
+# a public IP in that mapping, we return the corresponding private
+# IP instead.
+#
+# - It relays requests for *.wmflabs to the auth server that knows
+# about such things (defined as $labs_forward)
+#
+# Other than that it should act like any other WMF recursor.
+#
+
+class profile::openstack::base::pdns::recursor::service(
+ $nova_controller = hiera('profile::openstack::base::nova_controller'),
+ $observer_user = hiera('profile::openstack::base::observer_user'),
+ $observer_password = hiera('profile::openstack::base::observer_password'),
+ $observer_project = hiera('profile::openstack::base::observer_project'),
+ $pdns_host = hiera('profile::openstack::base::pdns::host'),
+ $pdns_recursor = hiera('profile::openstack::base::pdns::recursor'),
+ $tld = hiera('profile::openstack::base::pdns::tld'),
+ $private_reverse =
hiera('profile::openstack::base::pdns::private_reverse'),
+ $c1_dbs = hiera('profile::openstack::base::pdns::labsdb::c1'),
+ $c2_dbs = hiera('profile::openstack::base::pdns::labsdb::c2'),
+ $c3_dbs = hiera('profile::openstack::base::pdns::labsdb::c3'),
+ ) {
+
+ include ::network::constants
+ $all_networks = $::network::constants::all_networks
+
+ $pdns_host_ip = ipresolve($pdns_host,4)
+ $pdns_recursor_ip = ipresolve($pdns_recursor,4)
+
+ interface::alias { $title:
+ ipv4 => $pdns_recursor_ip,
+ }
+
+ # We need to alias some public IPs to their corresponding private IPs.
+ $alias_file = '/etc/powerdns/labs-ip-alias.lua'
+ $metal_resolver = '/etc/powerdns/metaldns.lua'
+ $lua_hooks = [$alias_file, $metal_resolver]
+
+ file { '/var/zones':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0444'
+ }
+
+ file { '/var/zones/labsdb':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ notify => Service['pdns-recursor'],
+ content => template('role/labs/dns/db_aliases.erb'),
+ require => File['/var/zones']
+ }
+
+ class { '::dnsrecursor':
+ listen_addresses => $pdns_recursor_ip,
+ allow_from => $all_networks,
+ additional_forward_zones => "${tld}=${pdns_host_ip},
${private_reverse}=${pdns_host_ip}",
+ auth_zones => 'labsdb=/var/zones/labsdb',
+ lua_hooks => $lua_hooks,
+ max_negative_ttl => 900,
+ max_tcp_per_client => 10,
+ max_cache_entries => 3000000,
+ client_tcp_timeout => 1,
+ }
+
+ class { '::dnsrecursor::labsaliaser':
+ username => $observer_user,
+ password => $observer_password,
+ nova_api_url => "http://${nova_controller}:35357/v3";,
+ alias_file => $alias_file,
+ observer_project_name => $observer_project,
+ }
+
+ class { '::dnsrecursor::metalresolver':
+ metal_resolver => $metal_resolver,
+ tld => $tld
+ }
+
+ ferm::service { 'recursor_udp_dns_rec':
+ proto => 'udp',
+ port => '53',
+ }
+
+ ferm::service { 'recursor_tcp_dns_rec':
+ proto => 'tcp',
+ port => '53',
+ }
+
+ ferm::rule { 'recursor_skip_dns_conntrack-out':
+ desc => 'Skip DNS outgoing connection tracking',
+ table => 'raw',
+ chain => 'OUTPUT',
+ rule => 'proto udp sport 53 NOTRACK;',
+ }
+
+ ferm::rule { 'recursor_skip_dns_conntrack-in':
+ desc => 'Skip DNS incoming connection tracking',
+ table => 'raw',
+ chain => 'PREROUTING',
+ rule => 'proto udp dport 53 NOTRACK;',
+ }
+}
diff --git
a/modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
b/modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
new file mode 100644
index 0000000..53967e5
--- /dev/null
+++ b/modules/profile/manifests/openstack/labtest/pdns/recursor/service.pp
@@ -0,0 +1,18 @@
+class profile::openstack::labtest::pdns::recursor::service(
+ $nova_controller = hiera('profile::openstack::labtest::nova_controller'),
+ $observer_password =
hiera('profile::openstack::labtest::observer_password'),
+ $pdns_host = hiera('profile::openstack::labtest::pdns::host'),
+ $pdns_recursor = hiera('profile::openstack::labtest::pdns::recursor'),
+ $tld = hiera('profile::openstack::labtest::pdns::tld'),
+ $private_reverse =
hiera('profile::openstack::labtest::pdns::private_reverse'),
+ ) {
+
+ class {'::profile::openstack::base::pdns::recursor::service':
+ nova_controller => $nova_controller,
+ observer_password => $observer_password,
+ pdns_host => $pdns_host,
+ pdns_recursor => $pdns_recursor,
+ tld => $tld,
+ private_reverse => $private_reverse,
+ }
+}
diff --git a/modules/role/manifests/wmcs/openstack/labtest/services.pp
b/modules/role/manifests/wmcs/openstack/labtest/services.pp
index 1282eab..9027bdd 100644
--- a/modules/role/manifests/wmcs/openstack/labtest/services.pp
+++ b/modules/role/manifests/wmcs/openstack/labtest/services.pp
@@ -2,5 +2,6 @@
include ::profile::openstack::labtest::cloudrepo
include ::profile::openstack::labtest::pdns::auth::db
include ::profile::openstack::labtest::pdns::auth::service
+ include ::profile::openstack::labtest::pdns::recursor::service
include ::profile::openstack::labtest::designate::service
}
diff --git a/modules/role/manifests/wmcs/openstack/main/net_secondary.pp
b/modules/role/manifests/wmcs/openstack/main/net_standby.pp
similarity index 100%
rename from modules/role/manifests/wmcs/openstack/main/net_secondary.pp
rename to modules/role/manifests/wmcs/openstack/main/net_standby.pp
diff --git a/modules/role/manifests/wmcs/openstack/main/services.pp
b/modules/role/manifests/wmcs/openstack/main/services_primary.pp
similarity index 80%
rename from modules/role/manifests/wmcs/openstack/main/services.pp
rename to modules/role/manifests/wmcs/openstack/main/services_primary.pp
index 69807ff..aecc5ec 100644
--- a/modules/role/manifests/wmcs/openstack/main/services.pp
+++ b/modules/role/manifests/wmcs/openstack/main/services_primary.pp
@@ -1,4 +1,4 @@
-class role::wmcs::openstack::main::services {
+class role::wmcs::openstack::main::services_primary {
include ::profile::openstack::main::cloudrepo
include ::profile::openstack::main::pdns::auth::db
include ::profile::openstack::main::pdns::auth::service
diff --git a/modules/role/manifests/wmcs/openstack/main/services.pp
b/modules/role/manifests/wmcs/openstack/main/services_secondary.pp
similarity index 79%
copy from modules/role/manifests/wmcs/openstack/main/services.pp
copy to modules/role/manifests/wmcs/openstack/main/services_secondary.pp
index 69807ff..90817e4 100644
--- a/modules/role/manifests/wmcs/openstack/main/services.pp
+++ b/modules/role/manifests/wmcs/openstack/main/services_secondary.pp
@@ -1,4 +1,4 @@
-class role::wmcs::openstack::main::services {
+class role::wmcs::openstack::main::services_secondary {
include ::profile::openstack::main::cloudrepo
include ::profile::openstack::main::pdns::auth::db
include ::profile::openstack::main::pdns::auth::service
--
To view, visit https://gerrit.wikimedia.org/r/383909
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1055766185d5381a666bbd97976e80eb7a681837
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
