All users were logged out of Bugzilla on October 13th, 2018

apply network::aws in the network class, if the host is in AWS

RESOLVED FIXED

Status

RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: dustin, Assigned: dustin)

Tracking

Details

Attachments

(3 attachments, 1 obsolete attachment)

This will save a good bit of noise in the node definitions.
We could probably get rid of this class, actually:
 * add puppet.$domain and repos.$domain to every domain in aws
 * add $domain to 'search' in /etc/resolv.conf

However, I'll just move it for now.
Created attachment 8367383 [details] [diff] [review]
bug938629.patch
Attachment #8367383 - Flags: review?(rail)
Comment on attachment 8367383 [details] [diff] [review]
bug938629.patch

Review of attachment 8367383 [details] [diff] [review]:
-----------------------------------------------------------------

::: modules/network/manifests/init.pp
@@ +58,5 @@
>          }
>      }
> +
> +    # enable network:aws on moco AWS nodes
> +    if $::config::org == 'moco' and $virtual == 'xenhvm' {

I'm not quite sure what is the best way to figure out whether we are in AWS or not... Using xen may introduce some issues in the future if we decide to use other cloud providers (or in-house!). Also, some of VMS report "xenhvm" ad some only "xen" depending on the virtualization type (HVM vs PV I think). Can you use something like

if $::config::org == 'moco' and $virtual =~ /^xen/ { ...
Attachment #8367383 - Flags: review?(rail) → review+
Actually, I'll just block this on upgrading and getting the proper AWS facts working again.
Blocks: 946872
No longer blocks: 946872
Depends on: 946872
It occurs to me that this is probably causing uneven load among the AWS puppet masters.  Consider that when a puppet master is down or overloaded, nodes fall back to other puppetmasters.  When they do so, they point their 'puppet' alias to that new master, and will prefer it until *it* breaks.

We should probably just remove this altogether..
Created attachment 8393698 [details] [diff] [review]
bug938629.patch

Once this is in place, we can remove the hosts manually from a few instances, and if nothing fails, add a temporary ensure => absent to make them disappear everywhere.
Attachment #8367383 - Attachment is obsolete: true
Attachment #8393698 - Flags: review?(rail)
Attachment #8393698 - Flags: review?(rail) → review+
Attachment #8393698 - Flags: checked-in+
This seems to have prompted bug 938629, where mock configs are using an unqualified 'repos' to access the yum repositories:

config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=

# repos

[centos6]
name=centos6
baseurl=http://repos/repos/yum/mirrors/centos/6/latest/os/i386
failovermethod=priority

[centos6-updates]
name=updates
baseurl=http://repos/repos/yum/mirrors/centos/6/latest/updates/i386
failovermethod=priority

[releng-centos6-i386]
name=releng-centos6-i386
baseurl=http://repos/repos/yum/releng/public/CentOS/6/i386

[releng-centos6-noarch]
name=releng-centos6-noarch
baseurl=http://repos/repos/yum/releng/public/CentOS/6/noarch
"""

Rather than revert this change, I think we should create the relevant DNS CNAMEs like we do for onsite VLANs, and also configure /etc/resolv.conf to contain a proper search path:

[root@b-linux64-ix-0001.build.releng.scl3.mozilla.com ~]# cat /etc/resolv.conf 
; generated by /sbin/dhclient-script
search build.releng.scl3.mozilla.com. releng.scl3.mozilla.com. scl3.mozilla.com. mozilla.com. mozilla.org. mozilla.net.
nameserver 10.26.75.40
nameserver 10.26.75.41

but

[root@bld-linux64-spot-398.build.releng.usw2.mozilla.com ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 10.26.75.40
nameserver 10.26.75.41
I have added the necessary CNAMEs to all of the AWS subdomains.
Created attachment 8394869 [details] [diff] [review]
bug938629-p1.patch

This will fight with dhclient a little bit, but it should work.  With this change, 'repos' and 'puppet' will continue to resolve, even when they're not in /etc/hosts.
Attachment #8394869 - Flags: review?(rail)
Attachment #8394869 - Flags: review?(rail) → review+
Attachment #8394869 - Flags: checked-in+
Seems successful - I'll get a patch up to ensure 'puppet' and 'repos' aren't in /etc/hosts in a day or two.
The CNAMEs I added weren't in DNS, as I hadn't checked the "private" box.  I did that now, and it's propagated.

[root@tst-linux32-spot-309.test.releng.usw2.mozilla.com ~]# host repos
repos.test.releng.usw2.mozilla.com is an alias for releng-puppet1.srv.releng.usw2.mozilla.com.
releng-puppet1.srv.releng.usw2.mozilla.com has address 10.132.48.212
[root@tst-linux32-spot-309.test.releng.usw2.mozilla.com ~]# host puppet
puppet.test.releng.usw2.mozilla.com is an alias for releng-puppet1.srv.releng.usw2.mozilla.com.
releng-puppet1.srv.releng.usw2.mozilla.com has address 10.132.48.212
Comment on attachment 8410504 [details] [diff] [review]
bug938629-p2.patch

Review of attachment 8410504 [details] [diff] [review]:
-----------------------------------------------------------------

woot!
Comment on attachment 8410504 [details] [diff] [review]
bug938629-p2.patch

I mean r+!
Attachment #8410504 - Flags: review?(rail) → review+
Comment on attachment 8410504 [details] [diff] [review]
bug938629-p2.patch

merged to prod
Attachment #8410504 - Flags: checked-in+
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.