[MediaWiki-commits] [Gerrit] [WIP] Labs DNS: Stop hardcoding instance IPs in Puppet - change (operations/puppet)

Fri, 02 Oct 2015 16:51:45 -0700 

Alex Monk has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/243357

Change subject: [WIP] Labs DNS: Stop hardcoding instance IPs in Puppet
......................................................................

[WIP] Labs DNS: Stop hardcoding instance IPs in Puppet

TODO:
* Don't restart DNS server every time Puppet runs.
* Change the script to be a simple file and separate pass/host config to a 
template.
* Make sure python and python-novaclient are installed on the labs DNS hosts.

Change-Id: I260f219cb477270f5f5b5f59d35c1f1abc7cd930
---
M manifests/role/labsdns.pp
M modules/dnsrecursor/manifests/init.pp
D modules/dnsrecursor/templates/ip-alias.lua.erb
A templates/labsdns/ip-alias-dump.py.erb
4 files changed, 52 insertions(+), 97 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/57/243357/1

diff --git a/manifests/role/labsdns.pp b/manifests/role/labsdns.pp
index 968779d..af067c7 100644
--- a/manifests/role/labsdns.pp
+++ b/manifests/role/labsdns.pp
@@ -68,27 +68,21 @@
     system::role { 'role::labsdnsrecursor': description => 'Recursive DNS 
server for Labs instances' }
 
     #  We need to alias some public IPs to their corresponding private IPs.
-    #   FIXME:  these should be automatically synced rather than hard-coded.
-    $nova_floating_ip_aliases = {
-        # eqiad
-        'deployment-cache-text04'   => {public_ip  => '208.80.155.135',
-                                        private_ip => '10.68.18.103' },
-        'deployment-cache-upload04' => {public_ip  => '208.80.155.136',
-                                        private_ip => '10.68.18.109' },
-        'deployment-stream'         => {public_ip  => '208.80.155.138',
-                                        private_ip => '10.68.17.106' },
-        'deployment-cache-mobile04' => {public_ip  => '208.80.155.139',
-                                        private_ip => '10.68.18.110' },
-        'relic'                     => {public_ip  => '208.80.155.197',
-                                        private_ip => '10.68.16.162' },
-        'tools-webproxy'            => {public_ip  => '208.80.155.131',
-                                        private_ip => '10.68.21.81' },
-        'udplog'                    => {public_ip  => '208.80.155.191',
-                                        private_ip => '10.68.16.58' },
+    $wikitech_nova_ldap_user_pass = 
$passwords::openstack::nova::nova_ldap_user_pass
+    $nova_controller_hostname = hiera('labs_nova_controller')
+    file { '/usr/local/bin/ip-alias-dump.py':
+        ensure  => present,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0551',
+        content => template('labsdns/ip-alias-dump.py.erb')
+    }
 
-        # A wide variety of hosts are reachable via a public web proxy.
-        'labs_shared_proxy' => {public_ip  => '208.80.155.156',
-                                private_ip => '10.68.16.65'},
+    exec { '/usr/local/bin/ip-alias-dump.py':
+        user    => 'root',
+        group   => 'root',
+        notify  => Service['pdns-recursor'],
+        require => File['/usr/local/bin/ip-alias-dump.py']
     }
 
     $listen_addresses = $::realm ? {
@@ -101,7 +95,6 @@
     class { ::dnsrecursor:
             listen_addresses         => $listen_addresses,
             allow_from               => $network::constants::all_networks,
-            ip_aliases               => $nova_floating_ip_aliases,
             additional_forward_zones => "wmflabs=${labs_auth_dns}, 
68.10.in-addr.arpa=${labs_auth_dns}",
             auth_zones               => "labsdb=/var/zones/labsdb"
     }
diff --git a/modules/dnsrecursor/manifests/init.pp 
b/modules/dnsrecursor/manifests/init.pp
index 56257fe..3987e57 100644
--- a/modules/dnsrecursor/manifests/init.pp
+++ b/modules/dnsrecursor/manifests/init.pp
@@ -8,7 +8,6 @@
 class dnsrecursor(
     $listen_addresses         = [$::ipaddress],
     $allow_from               = [],
-    $ip_aliases               = undef,
     $additional_forward_zones = "",
     $auth_zones               = undef
 ) {
@@ -24,23 +23,6 @@
     }
 
     include network::constants
-
-    $alias_script='/etc/powerdns/ip-alias.lua'
-    if $ip_aliases {
-        file { $alias_script:
-            ensure  => present,
-            require => Package['pdns-recursor'],
-            owner   => 'root',
-            group   => 'root',
-            mode    => '0444',
-            notify  => Service['pdns-recursor'],
-            content => template('dnsrecursor/ip-alias.lua.erb'),
-        }
-    } else {
-        file { $alias_script:
-            ensure  => absent,
-        }
-    }
 
     file { '/etc/powerdns/recursor.conf':
         ensure  => 'present',
diff --git a/modules/dnsrecursor/templates/ip-alias.lua.erb 
b/modules/dnsrecursor/templates/ip-alias.lua.erb
deleted file mode 100644
index 3feab9e..0000000
--- a/modules/dnsrecursor/templates/ip-alias.lua.erb
+++ /dev/null
@@ -1,58 +0,0 @@
--- This script comes from puppet: 
modules/dnsrecursor/templates/ip-alias.lua.erb.
--- It hooks the 'postresolve' hook in the pdns recursor and maps public labs 
IPs
---  to the corresponding internal private IPs.
---
--- If you're looking at the generated file, bear in mind that the upcoming 
table
---  was generated via puppet and .erb.  If you're looking at the raw .erb
---  script, here's what's happening:
---
--- From puppet we're getting a fancy data structure like this:
---    {
---        'deployment-cache-text04'   => {public_ip  => '208.80.155.135',
---                                        private_ip => '10.68.18.103' },
---        'deployment-cache-upload04' => {public_ip  => '208.80.155.136',
---                                        private_ip => '10.68.18.109' },
---    }
--- The following .erb magic pulls that apart and reconstructs it into a
---  lua table with entries like:
---       aliastable['deployment-cache-text04']['public_ip'] = '208.80.155.135'
---       aliastable['deployment-cache-text04']['private_ip'] = '10.68.18.103'
---       aliastable['deployment-cache-upload04']['public_ip'] = 
'208.80.155.136'
---       aliastable['deployment-cache-upload04']['private_ip'] = '10.68.18.109'
---
---  In both cases the actual instance name is unused, but it's nice to have 
around
---   for debugging purposes.
-
-aliastable = {}
-
-<% @ip_aliases.sort.each do |pair| -%>
-<%= "aliastable[\"#{pair[0]}\"] = {}\n" -%>
-<% pair[1].each do |address| -%>
-<%= "aliastable[\"#{pair[0]}\"][\"#{address[0]}\"] = \"#{address[1]}\"\n" -%>
-<% end -%>
-<% end -%>
-
---  Flatten our table into a simple mapping with entries like this:
---    aliasmapping['208.80.155.135'] = '10.68.18.103'
---    aliasmapping['208.80.155.136'] = '10.68.17.51'
-aliasmapping = {}
-for name,entries in pairs(aliastable) do
-    aliasmapping[entries["public_ip"]] = entries["private_ip"]
-end
-
-
--- Finally, apply that mapping to any matches that are thrown
---  our way.
-function postresolve ( remoteip, domain, qtype, records, origrcode )
-    -- print ("postresolve called for: ", remoteip, getlocaladdress(), domain, 
qtype, origrcode)
-
-    for key,val in ipairs(records)
-    do
-            if (aliasmapping[val.content] and val.qtype == pdns.A)
-            then
-                    val.content = aliasmapping[val.content]
-                    setvariable()
-            end
-    end
-    return origrcode, records
-end
diff --git a/templates/labsdns/ip-alias-dump.py.erb 
b/templates/labsdns/ip-alias-dump.py.erb
new file mode 100644
index 0000000..9f3b532
--- /dev/null
+++ b/templates/labsdns/ip-alias-dump.py.erb
@@ -0,0 +1,38 @@
+username = 'novaadmin'
+password = '<%= @wikitech_nova_ldap_user_pass %>'
+projects = ['project-proxy', 'deployment-prep', 'tools', 'toolserver-legacy']
+# TODO: When we have a v3 Nova API, get a list of projects dynamically instead 
of hardcoding them here.
+
+from novaclient import client as novaclient
+import json
+out = []
+for project in projects:
+       client = novaclient.Client("1.1", username, password, project, 
'http://<%= @nova_controller_hostname %>:35357/v2.0')
+
+       for server in client.servers.list():
+               serverAddresses = {}
+               for address in server.addresses['public']:
+                       if address['OS-EXT-IPS:type'] == 'floating':
+                               serverAddresses['public_ip'] = 
str(address['addr'])
+                       elif address['OS-EXT-IPS:type'] == 'fixed':
+                               serverAddresses['private_ip'] = 
str(address['addr'])
+               if 'public_ip' in serverAddresses:
+                       out.append((str(server.name), 
serverAddresses['public_ip'], serverAddresses['private_ip']))
+
+with open('/etc/powerdns/ip-alias.lua', 'w') as f:
+       f.write("aliasmapping = {}\n")
+       for name, public, private in out:
+               f.write("aliasmapping[\"" + public + "\"] = \"" + private + "\" 
# " + name + "\n")
+       f.write("""
+function postresolve ( remoteip, domain, qtype, records, origrcode )
+    for key,val in ipairs(records)
+    do
+            if (aliasmapping[val.content] and val.qtype == pdns.A)
+            then
+                    val.content = aliasmapping[val.content]
+                    setvariable()
+            end
+    end
+    return origrcode, records
+end
+""")

-- 
To view, visit https://gerrit.wikimedia.org/r/243357
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I260f219cb477270f5f5b5f59d35c1f1abc7cd930
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alex Monk <kren...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to