Jcrespo has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398450 )
Change subject: [WIP] Update mariadb::proxy to the latest style and path locations ...................................................................... [WIP] Update mariadb::proxy to the latest style and path locations Create profile::mariadb::proxy{,::master,::replicas}, for the base, master failover and replica load balancing roles. Replica class is unused, so probably untested and doesn't work. Make socker and pid configurable, default to /run location, but it can now be overriden by host by host migration from /tmp to /run. The patch is missing the several hiera keys for the individual or role-based pointing to servers. Bug: T148507 Change-Id: I71a888b516866ab22174565b00c426fafe55a7d9 --- M manifests/site.pp M modules/haproxy/manifests/init.pp R modules/haproxy/templates/check_haproxy.erb A modules/profile/manifests/mariadb/proxy.pp A modules/profile/manifests/mariadb/proxy/master.pp A modules/profile/manifests/mariadb/proxy/replicas.pp R modules/profile/templates/mariadb/proxy/db-master-stretch.cfg.erb R modules/profile/templates/mariadb/proxy/db-master.cfg.erb R modules/profile/templates/mariadb/proxy/db-replicas.cfg.erb R modules/profile/templates/mariadb/proxy/db.cfg.erb M modules/role/manifests/mariadb/proxy.pp M modules/role/manifests/mariadb/proxy/master.pp A modules/role/manifests/mariadb/proxy/replicas.pp D modules/role/manifests/mariadb/proxy/slaves.pp 14 files changed, 86 insertions(+), 138 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/50/398450/1 diff --git a/manifests/site.pp b/manifests/site.pp index 718a2ea..81d21bf 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -626,77 +626,13 @@ } # Proxies for misc databases -node /^dbproxy100(1|6)\.eqiad\.wmnet$/ { - class { '::role::mariadb::proxy::master': - shard => 'm1', - primary_name => 'db1016', - primary_addr => '10.64.0.20', - secondary_name => 'db1001', - secondary_addr => '10.64.0.5', - } -} - -node /^dbproxy100(2|7)\.eqiad\.wmnet$/ { - class { '::role::mariadb::proxy::master': - shard => 'm2', - primary_name => 'db1020', - primary_addr => '10.64.16.9', - secondary_name => 'db2011', - secondary_addr => '10.192.0.14', - } -} - -node /^dbproxy100(3|8)\.eqiad\.wmnet$/ { - class { '::role::mariadb::proxy::master': - shard => 'm3', - primary_name => 'db1043', - primary_addr => '10.64.16.32', - secondary_name => 'db1059', - secondary_addr => '10.64.32.29', - } -} - -# stretch haproxies (1.7) require the port number -node /^dbproxy100(4|9)\.eqiad\.wmnet$/ { - class { '::role::mariadb::proxy::master': - shard => 'm4', - primary_name => 'db1107', - primary_addr => '10.64.0.214:3306', - secondary_name => 'db1108', - secondary_addr => '10.64.32.71:3306', - } -} - -node 'dbproxy1005.eqiad.wmnet' { - role(mariadb::ferm_wmcs) - class { '::role::mariadb::proxy::master': - shard => 'm5', - primary_name => 'db1009', - primary_addr => '10.64.0.13', - secondary_name => 'db2030', - secondary_addr => '10.192.16.18', - } +node /^dbproxy10(01|02|03|04|05|06|07|08|09)\.eqiad\.wmnet$/ { + role(mariadb::proxy) } # labsdb proxies (controling replica service dbs) -node 'dbproxy1010.eqiad.wmnet' { - class { '::role::mariadb::proxy::master': - shard => 'labsdb', - primary_name => 'labsdb1009', - primary_addr => '10.64.4.14', - secondary_name => 'labsdb1010', - secondary_addr => '10.64.37.23', - } -} - -node 'dbproxy1011.eqiad.wmnet' { - class { '::role::mariadb::proxy::master': - shard => 'labsdb', - primary_name => 'labsdb1011', - primary_addr => '10.64.37.24', - secondary_name => 'labsdb1010', - secondary_addr => '10.64.37.23', - } +node 'dbproxy101[01].eqiad.wmnet' { + role(mariadb::proxy) } node /^dbmonitor[12]001\.wikimedia\.org$/ { diff --git a/modules/haproxy/manifests/init.pp b/modules/haproxy/manifests/init.pp index 74c9e53..c70bd00 100644 --- a/modules/haproxy/manifests/init.pp +++ b/modules/haproxy/manifests/init.pp @@ -2,6 +2,8 @@ class haproxy( $template = 'haproxy/haproxy.cfg.erb', + $socket = '/run/haproxy/haproxy.sock', + $pid = '/run/haproxy/haproxy.pid', ) { package { [ @@ -27,10 +29,10 @@ } file { '/usr/lib/nagios/plugins/check_haproxy': - owner => 'root', - group => 'root', - mode => '0755', - source => 'puppet:///modules/haproxy/check_haproxy', + owner => 'root', + group => 'root', + mode => '0755', + content => template('modules/haproxy/check_haproxy'), } if os_version('debian >= jessie') { diff --git a/modules/haproxy/files/check_haproxy b/modules/haproxy/templates/check_haproxy.erb similarity index 96% rename from modules/haproxy/files/check_haproxy rename to modules/haproxy/templates/check_haproxy.erb index c501703..f4a2ac5 100755 --- a/modules/haproxy/files/check_haproxy +++ b/modules/haproxy/templates/check_haproxy.erb @@ -9,7 +9,7 @@ UNKN="UNKNOWN" EUNKN=3 -socket="/tmp/haproxy.socket" +socket="<%= @socket %>" check="check_alive" for var in "$@"; do @@ -70,4 +70,4 @@ echo "${CRIT} unkown check ${check} " -exit $ECRIT \ No newline at end of file +exit $ECRIT diff --git a/modules/profile/manifests/mariadb/proxy.pp b/modules/profile/manifests/mariadb/proxy.pp new file mode 100644 index 0000000..8a5cc2d --- /dev/null +++ b/modules/profile/manifests/mariadb/proxy.pp @@ -0,0 +1,21 @@ +# base profile to have a manually-managed haproxy installation, pointing to +# to nowere by default. Check ::profile::mariadb::proxy::{master,replica} for +# it to do something useful (failover or load balancing) +class ::profile::mariadb::proxy ( + $pid = hiera('::profile::mariadb::proxy::pid', '/run/haproxy/haproxy.pid'), + $socket = hiera('::profile::mariadb::proxy::pid', '/run/haproxy/haproxy.sock'), + ){ + + class { 'haproxy': + template => 'profile/mariadb/proxy/db.cfg.erb', + pid => $pid, + socket => $socket, + } + + package { [ + 'mysql-client', + 'percona-toolkit', + ]: + ensure => present, + } +} diff --git a/modules/profile/manifests/mariadb/proxy/master.pp b/modules/profile/manifests/mariadb/proxy/master.pp new file mode 100644 index 0000000..6f11db9 --- /dev/null +++ b/modules/profile/manifests/mariadb/proxy/master.pp @@ -0,0 +1,26 @@ +# proxy in with 2 hosts, active-passive (with failover) scenario +class profile::mariadb::proxy::master ( + $primary_name = hiera(::profile::mariadb::proxy::master::primary_name), + $primary_addr = hiera(::profile::mariadb::proxy::master::primary_addr), + $secondary_name = hiera(::profile::mariadb::proxy::master::secondary_name), + $secondary_addr = hiera(::profile::mariadb::proxy::master::seconady_addr), + ) { + # patch until all haproxies have been upgraded to 1.7 + if os_version('debian >= stretch') { + $master_template = 'db-master-stretch.cfg' + } else { + $master_template = 'db-master.cfg' + } + + file { '/etc/haproxy/conf.d/db-master.cfg': + owner => 'haproxy', + group => 'haproxy', + mode => '0440', + content => template("profile/mariadb/proxy/${master_template}.erb"), + } + + nrpe::monitor_service { 'haproxy_failover': + description => 'haproxy failover', + nrpe_command => '/usr/lib/nagios/plugins/check_haproxy --check=failover', + } +} diff --git a/modules/profile/manifests/mariadb/proxy/replicas.pp b/modules/profile/manifests/mariadb/proxy/replicas.pp new file mode 100644 index 0000000..8223c82 --- /dev/null +++ b/modules/profile/manifests/mariadb/proxy/replicas.pp @@ -0,0 +1,11 @@ +# load balancing between several replica dbs +class profile::mariadb::proxy::replicas( + $servers = hiera('::profile::mariadb::proxy::replicas::servers'), + ) { + + file { '/etc/haproxy/conf.d/db-replicas.cfg': + owner => 'root', + group => 'root', + mode => '0444', + content => template('profile/mariadb/proxy/db-replicas.cfg.erb'), + } diff --git a/modules/role/templates/haproxy/db-master-stretch.cfg.erb b/modules/profile/templates/mariadb/proxy/db-master-stretch.cfg.erb similarity index 100% rename from modules/role/templates/haproxy/db-master-stretch.cfg.erb rename to modules/profile/templates/mariadb/proxy/db-master-stretch.cfg.erb diff --git a/modules/role/templates/haproxy/db-master.cfg.erb b/modules/profile/templates/mariadb/proxy/db-master.cfg.erb similarity index 100% rename from modules/role/templates/haproxy/db-master.cfg.erb rename to modules/profile/templates/mariadb/proxy/db-master.cfg.erb diff --git a/modules/role/templates/haproxy/db-slaves.cfg.erb b/modules/profile/templates/mariadb/proxy/db-replicas.cfg.erb similarity index 100% rename from modules/role/templates/haproxy/db-slaves.cfg.erb rename to modules/profile/templates/mariadb/proxy/db-replicas.cfg.erb diff --git a/modules/role/templates/haproxy/db.cfg.erb b/modules/profile/templates/mariadb/proxy/db.cfg.erb similarity index 82% rename from modules/role/templates/haproxy/db.cfg.erb rename to modules/profile/templates/mariadb/proxy/db.cfg.erb index f83899e..a94cf68 100644 --- a/modules/role/templates/haproxy/db.cfg.erb +++ b/modules/profile/templates/mariadb/proxy/db.cfg.erb @@ -1,11 +1,11 @@ # Note: This file is managed by puppet. global - pidfile /var/run/haproxy.pid + pidfile <%= @pid %> daemon user haproxy group haproxy - stats socket /tmp/haproxy.socket mode 666 level user + stats socket <%= @socket %> mode 666 level user defaults #log global diff --git a/modules/role/manifests/mariadb/proxy.pp b/modules/role/manifests/mariadb/proxy.pp index b23a7b8..4ff76c1 100644 --- a/modules/role/manifests/mariadb/proxy.pp +++ b/modules/role/manifests/mariadb/proxy.pp @@ -1,23 +1,10 @@ # generic config for a database proxy using haproxy -class role::mariadb::proxy( - $shard - ) { - - system::role { 'mariadb::proxy': - description => "DB Proxy ${shard}", - } - +class role::mariadb::proxy { include ::standard - package { [ - 'mysql-client', - 'percona-toolkit', - ]: - ensure => present, + system::role { 'mariadb::proxy': + description => "DB Proxy", } - class { 'haproxy': - template => 'role/haproxy/db.cfg.erb', - } + include ::profile::haproxy } - diff --git a/modules/role/manifests/mariadb/proxy/master.pp b/modules/role/manifests/mariadb/proxy/master.pp index 003d96c..f249f9e 100644 --- a/modules/role/manifests/mariadb/proxy/master.pp +++ b/modules/role/manifests/mariadb/proxy/master.pp @@ -1,33 +1,8 @@ # db master failover with a proxy -class role::mariadb::proxy::master( - $shard, - $primary_name, - $primary_addr, - $secondary_name, - $secondary_addr, - ) { +class role::mariadb::proxy::master { include role::mariadb::ferm - - class { 'role::mariadb::proxy': - shard => $shard, - } - if os_version('debian >= stretch') { - $master_template = 'db-master-stretch.cfg' - } else { - $master_template = 'db-master.cfg' - } - - file { '/etc/haproxy/conf.d/db-master.cfg': - owner => 'root', - group => 'root', - mode => '0444', - content => template("role/haproxy/${master_template}.erb"), - } - - nrpe::monitor_service { 'haproxy_failover': - description => 'haproxy failover', - nrpe_command => '/usr/lib/nagios/plugins/check_haproxy --check=failover', - } + include ::profile::mariadb::proxy + include ::profile::mariadb::proxy::master } diff --git a/modules/role/manifests/mariadb/proxy/replicas.pp b/modules/role/manifests/mariadb/proxy/replicas.pp new file mode 100644 index 0000000..c6fd1eb --- /dev/null +++ b/modules/role/manifests/mariadb/proxy/replicas.pp @@ -0,0 +1,7 @@ +# db replicas load balancing with a proxy +class role::mariadb::proxy::replicas { + + include role::mariadb::ferm + include ::profile::mariadb::proxy + include ::profile::mariadb::proxy::replicas +} diff --git a/modules/role/manifests/mariadb/proxy/slaves.pp b/modules/role/manifests/mariadb/proxy/slaves.pp deleted file mode 100644 index a3f67ff..0000000 --- a/modules/role/manifests/mariadb/proxy/slaves.pp +++ /dev/null @@ -1,17 +0,0 @@ -# database read-only load balancing proxy -class role::mariadb::proxy::slaves( - $shard, - $servers, - ) { - - class { 'role::mariadb::proxy': - shard => $shard, - } - - file { '/etc/haproxy/conf.d/db-slaves.cfg': - owner => 'root', - group => 'root', - mode => '0444', - content => template('role/haproxy/db-slaves.cfg.erb'), - } -} -- To view, visit https://gerrit.wikimedia.org/r/398450 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I71a888b516866ab22174565b00c426fafe55a7d9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Jcrespo <jcre...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits