[MediaWiki-commits] [Gerrit] T136996 Including a .policy file to grant permission to send... - change (operations/puppet)

2016-06-19 Thread Nicko (Code Review) 
Nicko has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/295129

Change subject: T136996 Including a .policy file to grant permission to send 
logs to logstash
..

T136996 Including a .policy file to grant permission to send logs to logstash

Change-Id: I980a818c54b486988987d3d935ce8a649ec440f5
---
M modules/elasticsearch/manifests/init.pp
M modules/elasticsearch/templates/elasticsearch.erb
A modules/elasticsearch/templates/elasticsearch.policy.erb
3 files changed, 13 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/29/295129/1

diff --git a/modules/elasticsearch/manifests/init.pp 
b/modules/elasticsearch/manifests/init.pp
index 44d3306..7ed887f 100644
--- a/modules/elasticsearch/manifests/init.pp
+++ b/modules/elasticsearch/manifests/init.pp
@@ -148,6 +148,14 @@
 mode=> '0444',
 require => Package['elasticsearch'],
 }
+file { '/etc/elasticsearch/elasticsearch.policy':
+ensure  => file,
+owner   => 'root',
+group   => 'root',
+content => template("${module_name}/elasticsearch.policy.erb"),
+mode=> '0444',
+require => Package['elasticsearch'],
+}
 file { '/etc/default/elasticsearch':
 ensure  => file,
 owner   => 'root',
@@ -175,6 +183,7 @@
 Package['elasticsearch'],
 File['/etc/elasticsearch/elasticsearch.yml'],
 File['/etc/elasticsearch/logging.yml'],
+File['/etc/elasticsearch/elasticsearch.policy'],
 File['/etc/default/elasticsearch'],
 ],
 }
diff --git a/modules/elasticsearch/templates/elasticsearch.erb 
b/modules/elasticsearch/templates/elasticsearch.erb
index eaed6c2..8137dc1 100644
--- a/modules/elasticsearch/templates/elasticsearch.erb
+++ b/modules/elasticsearch/templates/elasticsearch.erb
@@ -37,4 +37,4 @@
 # Additional Java OPTS
 # Note: We've seen problems on some jessie hosts when this setting is
 # constructed by consecutive ES_JAVA_OPTS="${ES_JAVA_OPTS} ..." settings
-ES_JAVA_OPTS="-XX:HeapDumpPath=/var/lib/elasticsearch -XX:GCTimeLimit=70 
-XX:GCHeapFreeLimit=10"
+ES_JAVA_OPTS="-XX:HeapDumpPath=/var/lib/elasticsearch -XX:GCTimeLimit=70 
-XX:GCHeapFreeLimit=10 
-Djava.security.policy=file:///etc/elasticsearch/elasticsearch.policy"
diff --git a/modules/elasticsearch/templates/elasticsearch.policy.erb 
b/modules/elasticsearch/templates/elasticsearch.policy.erb
new file mode 100644
index 000..6e56a1e
--- /dev/null
+++ b/modules/elasticsearch/templates/elasticsearch.policy.erb
@@ -0,0 +1,3 @@
+grant codeBase "file:/usr/share/elasticsearch/logstash-gelf.jar" {
+  permission java.net.SocketPermission "localhost:0", "listen,resolve";
+};

-- 
To view, visit https://gerrit.wikimedia.org/r/295129
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I980a818c54b486988987d3d935ce8a649ec440f5
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Nicko 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] T137422 Include cassandra monitoring in all the ::cassandra ... - change (operations/puppet)

2016-06-19 Thread Nicko (Code Review) 
Nicko has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/295125

Change subject: T137422 Include cassandra monitoring in all the ::cassandra 
calls
..

T137422 Include cassandra monitoring in all the ::cassandra calls

Change-Id: I9177f9797bfb5a13696fa3ad2b9af5264def5513
---
M manifests/role/aqs.pp
M manifests/role/cassandra.pp
M modules/cassandra/manifests/instance.pp
M modules/role/manifests/maps/server.pp
4 files changed, 45 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/25/295125/1

diff --git a/manifests/role/aqs.pp b/manifests/role/aqs.pp
index 9531e3d..99c797b 100644
--- a/manifests/role/aqs.pp
+++ b/manifests/role/aqs.pp
@@ -21,6 +21,21 @@
 include ::cassandra::metrics
 include ::cassandra::logging
 
+$cassandra_instances = $::cassandra::instances
+
+if $cassandra_instances {
+$instance_names = keys($cassandra_instances)
+::cassandra::monitoring{ $instance_names: }
+} else {
+$default_instances = {
+'default' => {
+'listen_address' => $::cassandra::listen_address,
+}}
+::cassandra::monitoring{ 'default':
+instances => $default_instances,
+}
+}
+
 $cassandra_hosts = hiera('cassandra::seeds')
 $cassandra_hosts_ferm = join($cassandra_hosts, ' ')
 
diff --git a/manifests/role/cassandra.pp b/manifests/role/cassandra.pp
index d468ab4..07a6436 100644
--- a/manifests/role/cassandra.pp
+++ b/manifests/role/cassandra.pp
@@ -9,6 +9,21 @@
 class { '::cassandra::metrics': }
 class { '::cassandra::logging': }
 
+$cassandra_instances = $::cassandra::instances
+
+if $cassandra_instances {
+$instance_names = keys($cassandra_instances)
+::cassandra::monitoring{ $instance_names: }
+} else {
+$default_instances = {
+'default' => {
+'listen_address' => $::cassandra::listen_address,
+}}
+::cassandra::monitoring{ 'default':
+instances => $default_instances,
+}
+}
+
 # temporary collector, T78514
 diamond::collector { 'CassandraCollector':
 ensure => absent,
diff --git a/modules/cassandra/manifests/instance.pp 
b/modules/cassandra/manifests/instance.pp
index ec7b51b..a5454b6 100644
--- a/modules/cassandra/manifests/instance.pp
+++ b/modules/cassandra/manifests/instance.pp
@@ -227,6 +227,4 @@
 File["${config_directory}/cassandra-rackdc.properties"],
 ],
 }
-
-cassandra::monitoring { $instance_name: }
 }
diff --git a/modules/role/manifests/maps/server.pp 
b/modules/role/manifests/maps/server.pp
index 4c188ad..dddb184 100644
--- a/modules/role/manifests/maps/server.pp
+++ b/modules/role/manifests/maps/server.pp
@@ -8,6 +8,21 @@
 include ::kartotherian
 include ::tilerator
 
+$cassandra_instances = $::cassandra::instances
+
+if $cassandra_instances {
+$instance_names = keys($cassandra_instances)
+::cassandra::monitoring{ $instance_names: }
+} else {
+$default_instances = {
+'default' => {
+'listen_address' => $::cassandra::listen_address,
+}}
+::cassandra::monitoring{ 'default':
+instances => $default_instances,
+}
+}
+
 system::role { 'role::maps':
 description => 'A vector and raster map tile generation service',
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/295125
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9177f9797bfb5a13696fa3ad2b9af5264def5513
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Nicko 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] T137422 Refactor the default cassandra monitoring into a sep... - change (operations/puppet)

2016-06-19 Thread Nicko (Code Review) 
Nicko has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/295123

Change subject: T137422 Refactor the default cassandra monitoring into a 
separate class
..

T137422 Refactor the default cassandra monitoring into a separate class

Change-Id: I10ad530189eb907f033fc23b28136b6c9e3f76c6
---
M modules/cassandra/manifests/instance.pp
A modules/cassandra/manifests/monitoring.pp
M modules/role/manifests/maps/server.pp
3 files changed, 52 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/295123/1

diff --git a/modules/cassandra/manifests/instance.pp 
b/modules/cassandra/manifests/instance.pp
index 401014e..a5454b6 100644
--- a/modules/cassandra/manifests/instance.pp
+++ b/modules/cassandra/manifests/instance.pp
@@ -227,15 +227,4 @@
 File["${config_directory}/cassandra-rackdc.properties"],
 ],
 }
-
-nrpe::monitor_systemd_unit_state { $service_name:
-require => Service[$service_name],
-}
-
-# CQL query interface monitoring (T93886)
-monitoring::service { "${service_name}-cql":
-description   => "${service_name} CQL ${listen_address}:9042",
-check_command => "check_tcp_ip!${listen_address}!9042",
-contact_group => 'admins,team-services',
-}
 }
diff --git a/modules/cassandra/manifests/monitoring.pp 
b/modules/cassandra/manifests/monitoring.pp
new file mode 100644
index 000..c2eb07c
--- /dev/null
+++ b/modules/cassandra/manifests/monitoring.pp
@@ -0,0 +1,37 @@
+# == Define: cassandra::monitoring
+#
+# Configures monitoring for Cassandra
+#
+# === Usage
+# cassandra::monitoring { 'instance-name':
+# instances  => ...
+# contact_group  => ...
+# }
+define cassandra::monitoring (
+$instances = $::cassandra::instances,
+$contact_group = 'admins,team-services',
+) {
+$instance_name  = $title
+$this_instance  = $instances[$instance_name]
+$listen_address = $this_instance['listen_address']
+
+if ! has_key($instances, $instance_name) {
+fail("instance ${instance_name} not found in ${instances}")
+}
+
+$service_name = $instance_name ? {
+'default' => 'cassandra'
+default   => "cassandra-${instance_name}"
+}
+
+nrpe::monitor_systemd_unit_state { $service_name:
+require => Service[$service_name],
+}
+
+# CQL query interface monitoring (T93886)
+monitoring::service { "${service_name}-cql":
+description   => "${service_name} CQL ${listen_address}:9042",
+check_command => "check_tcp_ip!${listen_address}!9042",
+contact_group => $contact_group,
+}
+}
diff --git a/modules/role/manifests/maps/server.pp 
b/modules/role/manifests/maps/server.pp
index 4c188ad..dddb184 100644
--- a/modules/role/manifests/maps/server.pp
+++ b/modules/role/manifests/maps/server.pp
@@ -8,6 +8,21 @@
 include ::kartotherian
 include ::tilerator
 
+$cassandra_instances = $::cassandra::instances
+
+if $cassandra_instances {
+$instance_names = keys($cassandra_instances)
+::cassandra::monitoring{ $instance_names: }
+} else {
+$default_instances = {
+'default' => {
+'listen_address' => $::cassandra::listen_address,
+}}
+::cassandra::monitoring{ 'default':
+instances => $default_instances,
+}
+}
+
 system::role { 'role::maps':
 description => 'A vector and raster map tile generation service',
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/295123
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I10ad530189eb907f033fc23b28136b6c9e3f76c6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Nicko 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Modification of Rakefile - change (operations/puppet)

2016-04-09 Thread Nicko (Code Review) 
Nicko has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/282484

Change subject: Modification of Rakefile
..

Modification of Rakefile

Changing rake task executed by default plus adding
puppetlabs_spec_helper gem in the Gemfile, cleanup
improvement in teardown task

Bug:T78342
Change-Id: I7bf2fe24c063b686ad826082e735d09b0767670a
---
M Gemfile
M Gemfile.lock
M Rakefile
M modules/backup/Rakefile
M modules/bacula/Rakefile
M modules/base/Rakefile
M modules/git/Rakefile
M modules/install_server/Rakefile
M modules/mirrors/Rakefile
M modules/mysql/Rakefile
M modules/nrpe/Rakefile
M modules/osm/Rakefile
M modules/postgresql/Rakefile
M modules/rsync/Rakefile
M modules/servermon/Rakefile
M modules/service/Rakefile
M modules/squid3/Rakefile
M modules/stdlib/Rakefile
M modules/strongswan/Rakefile
M modules/wmflib/Rakefile
20 files changed, 43 insertions(+), 17 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/84/282484/1

diff --git a/Gemfile b/Gemfile
index 86513f6..a3bc8a8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,6 +2,7 @@
 
 gem 'puppet', '~> 3.4.3'
 gem 'rspec-puppet', '~> 2.3.2'
+gem 'puppetlabs_spec_helper'
 
 gem 'rake', '~> 10.4', '>= 10.4.2'
 gem 'rubocop', '~> 0.35.1', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 36d1336..4bab863 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -9,6 +9,9 @@
 hiera (1.3.4)
   json_pure
 json_pure (1.8.3)
+metaclass (0.0.4)
+mocha (1.1.0)
+  metaclass (~> 0.0.1)
 parser (2.2.3.0)
   ast (>= 1.1, < 3.0)
 powerpack (0.1.1)
@@ -16,6 +19,15 @@
   facter (~> 1.6)
   hiera (~> 1.0)
   rgen (~> 0.6.5)
+puppet-lint (1.1.0)
+puppet-syntax (2.1.0)
+  rake
+puppetlabs_spec_helper (1.1.1)
+  mocha
+  puppet-lint
+  puppet-syntax
+  rake
+  rspec-puppet
 rainbow (2.0.0)
 rake (10.4.2)
 rgen (0.6.6)
@@ -49,6 +61,7 @@
 
 DEPENDENCIES
   puppet (~> 3.4.3)
+  puppetlabs_spec_helper
   rake (~> 10.4, >= 10.4.2)
   rspec-puppet (~> 2.3.2)
   rubocop (~> 0.35.1)
diff --git a/Rakefile b/Rakefile
index 79615e6..f224c55 100644
--- a/Rakefile
+++ b/Rakefile
@@ -201,7 +201,7 @@
 system("touch #{site_file_name}") unless File.exists?(site_file_name)
 
 puts "Invoking tests on module #{module_name}"
-system('rake spec_standalone')
+system('rake spec')
 end
 end
 
diff --git a/modules/backup/Rakefile b/modules/backup/Rakefile
index d9226a8..e94f2c5 100644
--- a/modules/backup/Rakefile
+++ b/modules/backup/Rakefile
@@ -23,7 +23,7 @@
 task :teardown do
   symlinks.each { |x| FileUtils.rm(x[0], :force => true) }
   FileUtils.rmdir('spec/fixtures/modules/%s' % modulename)
-  FileUtils.rmdir('spec/fixtures/modules')
+  FileUtils.rm('spec/fixtures/modules')
 end
 
 RSpec::Core::RakeTask.new(:realspec) do |t|
diff --git a/modules/bacula/Rakefile b/modules/bacula/Rakefile
index d9226a8..e94f2c5 100644
--- a/modules/bacula/Rakefile
+++ b/modules/bacula/Rakefile
@@ -23,7 +23,7 @@
 task :teardown do
   symlinks.each { |x| FileUtils.rm(x[0], :force => true) }
   FileUtils.rmdir('spec/fixtures/modules/%s' % modulename)
-  FileUtils.rmdir('spec/fixtures/modules')
+  FileUtils.rm('spec/fixtures/modules')
 end
 
 RSpec::Core::RakeTask.new(:realspec) do |t|
diff --git a/modules/base/Rakefile b/modules/base/Rakefile
index 165b532..5f44960 100644
--- a/modules/base/Rakefile
+++ b/modules/base/Rakefile
@@ -33,7 +33,7 @@
   extra_modules.each do |x|
   FileUtils.rm('spec/fixtures/modules/%s' % x, :force => true)
   end
-  FileUtils.rmdir('spec/fixtures/modules')
+  FileUtils.rm('spec/fixtures/modules')
 end
 
 RSpec::Core::RakeTask.new(:realspec) do |t|
diff --git a/modules/git/Rakefile b/modules/git/Rakefile
index cd3d379..221d85b 100644
--- a/modules/git/Rakefile
+++ b/modules/git/Rakefile
@@ -1 +1,4 @@
 require 'puppetlabs_spec_helper/rake_tasks'
+
+task :spec => :spec_standalone do
+end
diff --git a/modules/install_server/Rakefile b/modules/install_server/Rakefile
index 0542f30..1c930d9 100644
--- a/modules/install_server/Rakefile
+++ b/modules/install_server/Rakefile
@@ -33,7 +33,7 @@
   extra_modules.each do |x|
   FileUtils.rm('spec/fixtures/modules/%s' % x, :force => true)
   end
-  FileUtils.rmdir('spec/fixtures/modules')
+  FileUtils.rm('spec/fixtures/modules')
 end
 
 RSpec::Core::RakeTask.new(:realspec) do |t|
diff --git a/modules/mirrors/Rakefile b/modules/mirrors/Rakefile
index 0542f30..1c930d9 100644
--- a/modules/mirrors/Rakefile
+++ b/modules/mirrors/Rakefile
@@ -33,7 +33,7 @@
   extra_modules.each do |x|
   FileUtils.rm('spec/fixtures/modules/%s' % x, :force => true)
   end
-  FileUtils.rmdir('spec/fixtures/modules')
+  FileUtils.rm('spec/fixtures/modules')
 end
 
 RSpec::Core::RakeTask.new(:realspec) do |t|
diff --git a/modules/mysql/Rakefile b/modules/mysql/Rakefile
index cd3d379..221d85b 100644
---

[MediaWiki-commits] [Gerrit] T78342 excluding spec folders in .gitignore file - change (operations/puppet)

2016-04-09 Thread Nicko (Code Review) 
Nicko has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/282461

Change subject: T78342 excluding spec folders in .gitignore file
..

T78342 excluding spec folders in .gitignore file

Change-Id: I77858ee660772b92dfeef70f042975445b0d1bb9
---
M .gitignore
1 file changed, 4 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/61/282461/1

diff --git a/.gitignore b/.gitignore
index 99f1aa3..3c15ab5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,4 +27,7 @@
 
 # Jetbrain's IDEA editor settings
 /.idea
-/*.iml
\ No newline at end of file
+/*.iml
+
+# Rake generated folders
+spec/

-- 
To view, visit https://gerrit.wikimedia.org/r/282461
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I77858ee660772b92dfeef70f042975445b0d1bb9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Nicko 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits