/var/run/hound isn't a directory, so this fails. It was supposed to
just be in /var/run.
Also, we don't want to run it every minute of 4am ...
Change-Id: I7298a0e18a63bf8331686bd4c44e3a12b9c77176
Move openstack_project::server into site.pp like other nodes, this was
the old way of provisioning servers.
Change-Id: If36ace9c377881e25d30e1f7f0184383b894ca17
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We no longer use this server or service, so we can delete it.
Change-Id: Iaad4ad9f0517dba86ea3ee78d08b0904f621c818
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
logstash uses the first of the discover_nodes as proxy, so we need to
rotate the list in order to be able to replace the first node without
impacting service.
Also replace the discover_node for the logstash-workers accordingly.
Change-Id: Ib6f6d19a766021f9f16fb3bc2de1d80df66f7671
Now that we have migrated to ubuntu-xenial, we can stop testing on
trusty. We can also clean out old cacti.o.o and cacti01.o.o firewall
rules from our base server.pp.
Change-Id: I84b96de40a79d8103cfce5ec121e13a7d01f729d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It seems there have been some changes to how javascript libraries are
installed in ubuntu xenial. Add an alias to /usr/share/javascript.
Change-Id: I1ea75cd5c9fddc04515414427f9f322d83f14ecb
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This converts the config for elasticsearch cluster client firewall rules
to use the new puppet-iptables iptables_allowed_hosts feature. This works
around an issue with netfilter-persistent starting before dns
resolution is working on boot.
Change-Id: I81b7598cb32d498b219ee00f0589e6bf0dc8c242
The npm mirror was removed with
Id539d336814cce2ce18898526e561b8b6977f62f. This change is "inspired"
by a proposed puppet-nodejs update in
Ia7966fb9578d0d79f3a7f9480e3a956555737dc8. Rather than fixing it up
for the new version, remove it (also, puppet is failing trying to
access /afs/.openstack.org/mirror/npm).
I believe the npmrc.erb file is actually a vestige of prior release
methods and is also no longer required.
Change-Id: I6fa48e4700779d2c90194f0129c770bf2d6d865f
As we upgrade cacti02.o.o to xenial, we need to allow it access to all
servers to collect stats. We can delete old firewall rules in a
follow patch.
Change-Id: I0bbd3e82fdf8644159dfe82b1dfc5478ef5095bb
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This converts the config for logstsah gearman client firewall rules to
use the new puppet-iptables iptables_allowed_hosts feature. This works
around an issue with netfilter-persistent starting before dns
resolution is working on boot.
Change-Id: I76c45d8edbfe9f5420884e0ef2fb62cff2cc2bc9
Because we are no longer running elasticsearch daemons on
logstash-workers to perform indexing (and instead use http to the
elasticsearch cluster data nodes) and because kibana also speaks the
http API and doesn't join the cluster from logstash.openstack.org we
don't need to allow the full mesh of connectivity over ports 9200 to
9400.
Remove these unneeded firewall rules as the next step is converting to
the new dns resolving firewall rule builder parameter in
puppet-iptables.
Change-Id: If79bab6dc0b510c5589b83c943458e8580eb8092
Seem there is a race on xenial where we try to populate /var/lib/cacti
before it is created.
Change-Id: I179e2e2d9d4f9df53aace172950af66aed92efad
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This allows us to more safely specify hosts by name in iptable
rules, as they will be resolved by puppet before being written
to disk.
Change-Id: Ie133ad8246d5907723a6d7cbf14644e0a10cc4e7
Depends-On: I7a0dfbab67bdba72c0a56acc611503795d2bc350
Right now the cacti package setups up the /usr/local/share/cacti
directories. So we need to make sure cacti is installed before we
start adding files into those directories.
Change-Id: I99bbf0a71e140380636419c4200d9f4662f5311e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This provides a script to resync the hound configuration for
codesearch.
It checks if the config needs updating, and if so, puts the new config
file in place, takes the reindex lock from
I9d28201bca75b624e07cbba14c870151094fc7ae and restarts the service,
waiting until it sees it is up.
puppet is currently disabled on this host because updates are tied to
project-config changes; since restarting takes the service down this
is obviously not great.
Change-Id: Iaebf50836607da447dcf1765ec01d0121537b0da
Depends-On: I9d28201bca75b624e07cbba14c870151094fc7ae
This is currently the last 1.x release that still support puppet 3, we
could make the jobs to puppet 4, but for now we just need a new enough
module for xenial support.
Also, seems puppetlabs-apache is only uesd by cacti.o.o.
Change-Id: I128a0d8d851311b77592d98ded5891d71dce2031
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We were using the list of elasticsearch clients to generate firewall
rules for both elasticsearch port ranges and gearman port ranges. We
really only need subsets of the super set in both cases so lets make two
distinct lists that we can add and remove servers from instead.
This means the two sets of nodes that can talk to elasticsaerch are the
logstash node for kibana and the logstash workers for indexing. Then
all zuul executors and logstash workers and subunit workers can talk to
logstash.o.o over port 4730 for gearman job submission and handling.
Change-Id: I95de1404dcc087f09f0fd4e4134e20673e8c0ae5
The server has been rebuilt on Ubuntu Xenial and is ready to go back
into service.
This reverts commit 664689e42729fdbc750ee74f481687cb4d9ee3f0.
Change-Id: I3e7a388fc01d99c5534ace678864dd5840f8e6d8
The current process to udpate cacti hosts is fairly chatty. It basically
goes in and just tries to update every host there and if they exist that
generates a bunch of output which is then emailed to infra roots. This
information is potentially useful for debugging so keep it around in
local cacti host logs. These logs will then be rotated with a week of
retention.
This should help make our inboxes happier.
Change-Id: Ib03ef7b22083a2a2454715bd5229313b19b84ae9