Page MenuHomePhabricator
Paste P32410

Beta Cluster puppetmaster state on 2022-08-16
ActivePublic

Authored by ori on Aug 16 2022, 10:54 PM.
Tags
None
Referenced Files
F35464212: Beta Cluster puppetmaster state on 2022-08-16
Aug 16 2022, 10:54 PM
Subscribers
None
root@deployment-puppetmaster04:/var/lib/git/operations/puppet(production *+%|MERGING u+11-279)# git status
On branch production
Your branch and 'origin/production' have diverged,
and have 11 and 279 different commits each, respectively.
(use "git pull" to merge the remote branch into yours)
You have unmerged paths.
(fix conflicts and run "git commit")
(use "git merge --abort" to abort the merge)
Changes to be committed:
modified: .gitignore
modified: conftool-data/dbconfig-instance/instances.yaml
modified: conftool-data/node/eqiad.yaml
modified: hieradata/cloud.yaml
modified: hieradata/cloud/codfw1dev.yaml
modified: hieradata/cloud/eqiad1.yaml
modified: hieradata/cloud/eqiad1/cloudinfra/common.yaml
modified: hieradata/cloud/eqiad1/project-proxy/common.yaml
modified: hieradata/cloud/eqiad1/quarry/common.yaml
modified: hieradata/cloud/eqiad1/tools/common.yaml
modified: hieradata/codfw/profile/ceph.yaml
modified: hieradata/codfw/profile/ceph/auth/load_all.yaml
modified: hieradata/codfw/profile/ceph/mon.yaml
modified: hieradata/codfw/profile/ceph/osd.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/barbican.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/cinder.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/cloudgw.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/designate.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/glance.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/heat.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/horizon.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/keystone.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/magnum.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/networktests.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/neutron.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/nova.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/pdns.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/placement.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/puppetmaster/encapi.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/trove.yaml
modified: hieradata/codfw/profile/openstack/codfw1dev/wikitech.yaml
modified: hieradata/common.yaml
modified: hieradata/common/profile/alertmanager/api.yaml
modified: hieradata/common/profile/base/firewall.yaml
modified: hieradata/common/profile/dumps.yaml
modified: hieradata/common/profile/kubernetes/deployment_server.yaml
modified: hieradata/common/profile/netbox.yaml
modified: hieradata/common/profile/netbox/db.yaml
modified: hieradata/common/profile/openstack/codfw1dev.yaml
modified: hieradata/common/profile/openstack/eqiad1.yaml
modified: hieradata/common/profile/openstack/eqiad1/galera.yaml
modified: hieradata/common/puppetmaster.yaml
modified: hieradata/common/scap/dsh.yaml
modified: hieradata/common/service.yaml
modified: hieradata/eqiad/profile/ceph.yaml
modified: hieradata/eqiad/profile/ceph/auth/load_all.yaml
modified: hieradata/eqiad/profile/ceph/mon.yaml
modified: hieradata/eqiad/profile/ceph/osd.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/cinder.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/cloudgw.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/cumin.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/designate.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/glance.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/horizon.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/keystone.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/networktests.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/neutron.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/nova.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/pdns.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/placement.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/trove.yaml
modified: hieradata/eqiad/profile/openstack/eqiad1/wikitech.yaml
modified: hieradata/hosts/cloudbackup1001-dev.yaml
modified: hieradata/hosts/cloudbackup1002-dev.yaml
deleted: hieradata/hosts/cloudcontrol1003.yaml
deleted: hieradata/hosts/cloudcontrol1004.yaml
modified: hieradata/hosts/cloudcontrol1005.yaml
modified: hieradata/hosts/cloudcontrol1006.yaml
modified: hieradata/hosts/cloudcontrol1007.yaml
modified: hieradata/hosts/cloudcontrol2003-dev.yaml
modified: hieradata/hosts/cloudcontrol2004-dev.yaml
new file: hieradata/hosts/cloudcontrol2005-dev.yaml
new file: hieradata/hosts/cp1089.yaml
new file: hieradata/hosts/cp1090.yaml
modified: hieradata/hosts/cp2027.yaml
new file: hieradata/hosts/cp3064.yaml
new file: hieradata/hosts/cp3065.yaml
modified: hieradata/hosts/db1100.yaml
modified: hieradata/hosts/db1115.yaml
modified: hieradata/hosts/db1118.yaml
modified: hieradata/hosts/db1122.yaml
modified: hieradata/hosts/db1124.yaml
modified: hieradata/hosts/db1125.yaml
modified: hieradata/hosts/db1130.yaml
modified: hieradata/hosts/db1133.yaml
modified: hieradata/hosts/db1162.yaml
modified: hieradata/hosts/db1163.yaml
modified: hieradata/hosts/db1169.yaml
deleted: hieradata/hosts/db2079.yaml
deleted: hieradata/hosts/db2089.yaml
modified: hieradata/hosts/db2095.yaml
modified: hieradata/hosts/db2099.yaml
modified: hieradata/hosts/db2102.yaml
modified: hieradata/hosts/db2114.yaml
modified: hieradata/hosts/db2115.yaml
modified: hieradata/hosts/db2116.yaml
modified: hieradata/hosts/db2118.yaml
modified: hieradata/hosts/db2119.yaml
modified: hieradata/hosts/db2127.yaml
modified: hieradata/hosts/db2135.yaml
modified: hieradata/hosts/db2143.yaml
modified: hieradata/hosts/db2165.yaml
modified: hieradata/hosts/db2166.yaml
modified: hieradata/hosts/db2167.yaml
modified: hieradata/hosts/db2168.yaml
modified: hieradata/hosts/db2177.yaml
deleted: hieradata/hosts/dborch1001.yaml
modified: hieradata/hosts/dbproxy2002.yaml
modified: hieradata/hosts/dbproxy2003.yaml
modified: hieradata/hosts/es2022.yaml
modified: hieradata/hosts/es2023.yaml
modified: hieradata/hosts/gitlab1003.yaml
modified: hieradata/hosts/gitlab2002.yaml
modified: hieradata/hosts/pc2012.yaml
modified: hieradata/hosts/phab1001.yaml
modified: hieradata/hosts/phab2001.yaml
modified: hieradata/hosts/restbase1016.yaml
new file: hieradata/hosts/sretest1002.yaml
modified: hieradata/regex.yaml
modified: hieradata/role/codfw/lvs/balancer.yaml
modified: hieradata/role/codfw/wmcs/openstack/eqiad1/backups.yaml
modified: hieradata/role/common/acme_chief.yaml
modified: hieradata/role/common/alerting_host.yaml
modified: hieradata/role/common/analytics_cluster/airflow/platform_eng.yaml
new file: hieradata/role/common/analytics_cluster/airflow/platform_eng_legacy.yaml
modified: hieradata/role/common/aqs.yaml
modified: hieradata/role/common/aqs_next.yaml
modified: hieradata/role/common/deployment_server/kubernetes.yaml
new file: hieradata/role/common/etcd/v3/dse_k8s_etcd.yaml
modified: hieradata/role/common/gerrit.yaml
modified: hieradata/role/common/gerrit/migration.yaml
modified: hieradata/role/common/gitlab.yaml
modified: hieradata/role/common/mariadb/core_test.yaml
modified: hieradata/role/common/netbox/database.yaml
modified: hieradata/role/common/pki/multirootca.yaml
modified: hieradata/role/common/pki/root.yaml
modified: hieradata/role/common/restbase/production.yaml
modified: hieradata/role/common/sretest.yaml
modified: hieradata/role/common/wdqs/public.yaml
modified: hieradata/role/eqiad/elasticsearch/cirrus.yaml
modified: hieradata/role/eqiad/wmcs/openstack/codfw1dev/backups.yaml
modified: hieradata/role/eqiad/wmcs/openstack/eqiad1/labweb.yaml
modified: manifests/site.pp
modified: modules/admin/data/data.yaml
modified: modules/alertmanager/templates/alertmanager.yml.erb
modified: modules/aptrepo/files/distributions-wikimedia
modified: modules/base/lib/facter/interface_primary.rb
modified: modules/cassandra/templates/cassandra.yaml-3.11.13.erb
modified: modules/cassandra/templates/cassandra.yaml-3.x.erb
modified: modules/ceph/manifests/config.pp
modified: modules/ceph/spec/classes/ceph_config_spec.rb
new file: modules/ceph/templates/ceph.conf.epp
deleted: modules/ceph/templates/ceph.conf.erb
modified: modules/cfssl/types/common_name.pp
modified: modules/dumps/files/fetches/kiwix-rsync-cron.sh
modified: modules/facilities/manifests/init.pp
modified: modules/ferm/manifests/init.pp
modified: modules/geoip/manifests/data/maxmind.pp
modified: modules/geoip/manifests/data/maxmind/ipinfo.pp
modified: modules/geoip/templates/GeoIP.conf.erb
modified: modules/gerrit/files/homedir/.ssh/known_hosts
modified: modules/haproxy/templates/tls_terminator.cfg.erb
modified: modules/icinga/files/check_legal_html.py
modified: modules/icinga/manifests/monitor/cloudgw.pp
modified: modules/icinga/templates/nsca_frack.cfg.erb
modified: modules/install_server/files/autoinstall/netboot.cfg
modified: modules/install_server/files/autoinstall/partman/custom/gitlab-raid1.cfg
modified: modules/install_server/files/autoinstall/partman/custom/ms-be.cfg
modified: modules/ircecho/files/ib3_auth.py
modified: modules/ircecho/files/ircecho.py
modified: modules/ircecho/manifests/init.pp
modified: modules/ircecho/templates/default.erb
modified: modules/ircecho/templates/initscripts/ircecho.systemd.erb
new file: modules/jwt_authorizer/manifests/init.pp
new file: modules/jwt_authorizer/manifests/service.pp
new file: modules/jwt_authorizer/templates/authorizer.service.erb
modified: modules/kartotherian/manifests/init.pp
modified: modules/klaxon/manifests/init.pp
modified: modules/lxc/manifests/init.pp
modified: modules/mediabackup/manifests/worker.pp
deleted: modules/mediawiki/templates/apache/sites/main.conf
deleted: modules/mediawiki/templates/apache/sites/remnant.conf
deleted: modules/mediawiki/templates/apache/sites/wikimania.conf
deleted: modules/mediawiki/templates/apache/sites/wikimedia.conf
modified: modules/mtail/files/programs/atsbackend.mtail
modified: modules/mtail/files/programs/atstls.mtail
modified: modules/mtail/files/programs/cache_haproxy.mtail
modified: modules/mtail/files/programs/mediawiki_access_log.mtail
modified: modules/mtail/files/programs/varnishprocessing.mtail
modified: modules/mtail/files/programs/varnishttfb.mtail
modified: modules/mtail/files/test/ats_test.py
modified: modules/mtail/files/test/cache_haproxy_test.py
modified: modules/mtail/files/test/mediawiki_access_log_test.py
new file: modules/mtail/files/test/programs_test.py
deleted: modules/openstack/files/monitor/fullstack/check_nova_fullstack_leaks.py
modified: modules/openstack/files/nova/fullstack/nova_fullstack_test.py
modified: modules/openstack/manifests/cinder/monitor.pp
modified: modules/openstack/manifests/glance/monitor.pp
modified: modules/openstack/manifests/nova/api/monitor.pp
modified: modules/openstack/manifests/nova/fullstack/monitor.pp
modified: modules/openstack/manifests/nova/placement/monitor.pp
modified: modules/openstack/manifests/placement/monitor.pp
new file: modules/openstack/spec/classes/nova_fullstack_monitor_spec.rb
modified: modules/openstack/templates/bootstrap/glance/glance_seed.sh.erb
modified: modules/openstack/templates/bootstrap/neutron/neutron_seed.sh.erb
modified: modules/openstack/templates/bootstrap/nova/nova_seed.sh.erb
modified: modules/openstack/templates/wallaby/cinder/cinder.conf.erb
modified: modules/openstack/templates/wallaby/designate/designate.conf.erb
modified: modules/openstack/templates/wallaby/heat/heat.conf.erb
modified: modules/openstack/templates/wallaby/magnum/magnum.conf.erb
modified: modules/openstack/templates/wallaby/neutron/neutron.conf.erb
modified: modules/openstack/templates/wallaby/nova/common/nova.conf.erb
modified: modules/openstack/templates/wallaby/trove/trove-guestagent.conf.erb
modified: modules/openstack/templates/wallaby/trove/trove.conf.erb
modified: modules/package_builder/manifests/pbuilder_hook.pp
new file: modules/package_builder/templates/D04component.erb
modified: modules/phabricator/files/phab_deploy_ensure_config_ownership.sh
modified: modules/phabricator/manifests/init.pp
modified: modules/phabricator/manifests/phd.pp
modified: modules/phabricator/manifests/vcs.pp
modified: modules/postgresql/files/dump_all.sh
modified: modules/postgresql/manifests/backup.pp
modified: modules/postgresql/manifests/slave.pp
modified: modules/postgresql/templates/slave.conf.erb
modified: modules/profile/files/configmaster/disc_desired_state.py
modified: modules/profile/files/debdeploy/debdeploy.conf
new file: modules/profile/files/firewall/defs_requestctl.tpl
modified: modules/profile/files/logstash/Makefile
new file: modules/profile/files/logstash/filter_scripts/set_default_values.rb
modified: modules/profile/files/logstash/filters/15-filter_kubernetes_docker.conf
modified: modules/profile/files/logstash/filters/20-filter_udp2log.conf
modified: modules/profile/files/logstash/filters/50-filter_w3creportingapi.conf
modified: modules/profile/files/logstash/filters/70-filter_routing.conf
new file: modules/profile/files/logstash/filters/72-filter_loki_alerts.conf
modified: modules/profile/files/logstash/filters/89-filter_diagnostics.conf
modified: modules/profile/files/logstash/tests/alertmanager.yaml
modified: modules/profile/files/logstash/tests/apache2-access.yaml
modified: modules/profile/files/logstash/tests/apache2-error.yaml
modified: modules/profile/files/logstash/tests/blackbox-exporter.yaml
modified: modules/profile/files/logstash/tests/clienterror.yaml
modified: modules/profile/files/logstash/tests/dlq.yaml
modified: modules/profile/files/logstash/tests/eventlogging.yaml
modified: modules/profile/files/logstash/tests/gerrit.yaml
modified: modules/profile/files/logstash/tests/gitlab.yaml
modified: modules/profile/files/logstash/tests/icinga.yaml
modified: modules/profile/files/logstash/tests/invalid_target_index.yaml
modified: modules/profile/files/logstash/tests/knative_activator.yaml
modified: modules/profile/files/logstash/tests/kubernetes_docker.yaml
modified: modules/profile/files/logstash/tests/logstash.yaml
modified: modules/profile/files/logstash/tests/mediawiki.yaml
modified: modules/profile/files/logstash/tests/netdev.yaml
modified: modules/profile/files/logstash/tests/node.yaml
modified: modules/profile/files/logstash/tests/openstack.yaml
modified: modules/profile/files/logstash/tests/ores.yaml
modified: modules/profile/files/logstash/tests/oslo_json.yaml
modified: modules/profile/files/logstash/tests/scap.yaml
new file: modules/profile/files/logstash/tests/toolhub.yaml
modified: modules/profile/files/logstash/tests/ulogd.yaml
modified: modules/profile/files/logstash/tests/w3creportingapi.yaml
modified: modules/profile/files/logstash/tests/webrequest.yaml
new file: modules/profile/files/pki/intermediates/etcd.pem
modified: modules/profile/files/puppet/97-last-puppet-run
modified: modules/profile/files/rsyslog/lookup_table_output.json
modified: modules/profile/files/trafficserver/multi-dc.lua.conf
modified: modules/profile/files/trafficserver/x-wikimedia-debug-routing.lua
modified: modules/profile/files/trafficserver/x-wikimedia-debug-routing_test.lua
modified: modules/profile/manifests/analytics/refinery/job/data_purge.pp
modified: modules/profile/manifests/analytics/refinery/job/test/data_purge.pp
modified: modules/profile/manifests/base/firewall.pp
modified: modules/profile/manifests/ceph/client/rbd_cloudbackup.pp
modified: modules/profile/manifests/ceph/client/rbd_cloudcontrol.pp
modified: modules/profile/manifests/ceph/client/rbd_glance.pp
modified: modules/profile/manifests/ceph/client/rbd_libvirt.pp
modified: modules/profile/manifests/ceph/mon.pp
modified: modules/profile/manifests/ceph/osd.pp
modified: modules/profile/manifests/dumps/distribution/server.pp
modified: modules/profile/manifests/gitlab/runner.pp
modified: modules/profile/manifests/kubernetes/deployment_server/mediawiki/mwdebug_deploy.pp
modified: modules/profile/manifests/kubernetes/deployment_server/mediawiki/release.pp
modified: modules/profile/manifests/ldap/client/labs.pp
modified: modules/profile/manifests/logstash/beta.pp
modified: modules/profile/manifests/logstash/production.pp
modified: modules/profile/manifests/maps/apps.pp
modified: modules/profile/manifests/maps/osm_master.pp
modified: modules/profile/manifests/maps/osm_replica.pp
modified: modules/profile/manifests/maps/postgresql_common.pp
modified: modules/profile/manifests/mediawiki/deployment/server.pp
modified: modules/profile/manifests/mediawiki/maintenance/wikidata.pp
modified: modules/profile/manifests/mirrors/tails.pp
modified: modules/profile/manifests/netbox.pp
modified: modules/profile/manifests/netbox/db.pp
modified: modules/profile/manifests/openstack/base/barbican.pp
modified: modules/profile/manifests/openstack/base/cinder.pp
modified: modules/profile/manifests/openstack/base/designate/firewall/api.pp
modified: modules/profile/manifests/openstack/base/glance.pp
modified: modules/profile/manifests/openstack/base/heat.pp
modified: modules/profile/manifests/openstack/base/keystone/service.pp
modified: modules/profile/manifests/openstack/base/neutron/service.pp
modified: modules/profile/manifests/openstack/base/nova/api/service.pp
modified: modules/profile/manifests/openstack/base/nova/placement/service.pp
modified: modules/profile/manifests/openstack/base/pdns/dns_floating_ip_updater.pp
modified: modules/profile/manifests/openstack/base/placement.pp
modified: modules/profile/manifests/openstack/base/rabbitmq.pp
modified: modules/profile/manifests/openstack/base/radosgw.pp
modified: modules/profile/manifests/openstack/base/trove.pp
modified: modules/profile/manifests/openstack/codfw1dev/db.pp
modified: modules/profile/manifests/openstack/codfw1dev/designate/firewall/api.pp
modified: modules/profile/manifests/openstack/codfw1dev/glance.pp
modified: modules/profile/manifests/openstack/codfw1dev/haproxy.pp
modified: modules/profile/manifests/openstack/codfw1dev/trove.pp
modified: modules/profile/manifests/openstack/eqiad1/cumin/target.pp
modified: modules/profile/manifests/openstack/eqiad1/designate/firewall/api.pp
modified: modules/profile/manifests/openstack/eqiad1/glance.pp
modified: modules/profile/manifests/openstack/eqiad1/haproxy.pp
modified: modules/profile/manifests/openstack/eqiad1/pdns/dns_floating_ip_updater.pp
modified: modules/profile/manifests/openstack/eqiad1/trove.pp
modified: modules/profile/manifests/phabricator/main.pp
modified: modules/profile/manifests/puppetdb/database.pp
new file: modules/profile/manifests/vopsbot.pp
new file: modules/profile/manifests/wikifunctions/beta.pp
modified: modules/profile/spec/classes/profile_ceph_client_rbd_glance_spec.rb
modified: modules/profile/spec/classes/profile_ceph_client_rbd_libvirt_spec.rb
modified: modules/profile/spec/classes/profile_ceph_mon_spec.rb
modified: modules/profile/spec/classes/profile_ceph_osd_spec.rb
modified: modules/profile/templates/cumin/aliases.yaml.erb
modified: modules/profile/templates/netbox/netbox.wikimedia.org.erb
modified: modules/profile/templates/openstack/eqiad1/cumin/userkey.erb
modified: modules/profile/templates/wmcs/db/wikireplicas/maintain-views.yaml
modified: modules/prometheus/manifests/blackbox/check/http.pp
new file: modules/prometheus/manifests/blackbox/check/icmp.pp
modified: modules/prometheus/manifests/blackbox/import_checks.pp
new file: modules/prometheus/spec/defines/prometheus_blackbox_check_icmp_spec.rb
modified: modules/rancid/manifests/init.pp
modified: modules/role/files/logging/logspam.pl
modified: modules/role/manifests/alerting_host.pp
new file: modules/role/manifests/analytics_cluster/airflow/platform_eng_legacy.pp
modified: modules/role/manifests/etcd/v3/dse_k8s_etcd.pp
modified: modules/role/manifests/wmcs/openstack/eqiad1/control.pp
modified: modules/sbuild/manifests/chroot.pp
modified: modules/scap/manifests/master.pp
modified: modules/scap/manifests/target.pp
modified: modules/scap/templates/scap.cfg.erb
modified: modules/service/templates/docker-service-shim.erb
modified: modules/swift/files/codfw-prod_hosts.yaml
modified: modules/swift/manifests/ring_manager.pp
modified: modules/sysfs/manifests/conffile.pp
modified: modules/sysfs/manifests/init.pp
modified: modules/sysfs/manifests/parameters.pp
modified: modules/sysfs/templates/sysfs.conf.erb
modified: modules/tilerator/manifests/init.pp
modified: modules/tilerator/manifests/ui.pp
modified: modules/varnish/files/tests/Dockerfile
modified: modules/varnish/files/tests/confd_stub_data.yaml
new file: modules/varnish/files/tests/text/44-querysort.vtc
modified: modules/varnish/templates/wikimedia-frontend.vcl.erb
new file: modules/vopsbot/files/schema.sql
new file: modules/vopsbot/manifests/init.pp
new file: modules/vopsbot/templates/systemd.unit.erb
new file: modules/vopsbot/types/user.pp
modified: modules/wmflib/lib/puppet/parser/functions/ipresolve.rb
modified: modules/wmflib/spec/functions/ipresolve_spec.rb
new file: modules/wmflib/spec/type_aliases/dns_srv_spec.rb
new file: modules/wmflib/types/dns/srv.pp
Unmerged paths:
(use "git add <file>..." to mark resolution)
both modified: modules/profile/manifests/etcd/v3.pp
Untracked files:
(use "git add <file>..." to include in what will be committed)
modules/profile/files/ssl/deployment-elastic10.deployment-prep.eqiad.wmflabs.crt
modules/profile/files/ssl/deployment-elastic10.deployment-prep.eqiad1.wikimedia.cloud.crt
modules/profile/files/ssl/deployment-elastic11.deployment-prep.eqiad.wmflabs.crt
modules/profile/files/ssl/elastic.deployment-prep.eqiad1.wikimedia.cloud.crt
root@deployment-puppetmaster04:/var/lib/git/operations/puppet(production *+%|MERGING u+11-279)# git diff
diff --cc modules/profile/manifests/etcd/v3.pp
index 7460714ca88,13696b9215e..00000000000
--- a/modules/profile/manifests/etcd/v3.pp
+++ b/modules/profile/manifests/etcd/v3.pp
@@@ -65,27 -63,36 +72,55 @@@ class profile::etcd::v3
$peers_list = $discovery
$srv_dns = undef
$certname = $::fqdn
+ file { '/etc/etcd/':
+ ensure => directory,
+ owner => 'etcd',
+ group => 'etcd',
+ require => Package['etcd-server'],
+ before => Service['etcd']
+ }
+ $cert_path = '/etc/etcd/ssl/cert.pem'
+ $key_path = '/etc/etcd/ssl/server.key'
+ # In this case, just use puppet host certs
+ # TODO: switch everything to use profile::pki::client
+ puppet::expose_agent_certs { '/etc/etcd':
+ ensure => present,
+ provide_private => true,
+ user => 'etcd',
+ group => 'etcd',
+ require => Package['etcd-server'],
+ before => Service['etcd']
+ }
}
+ # TLS certs *for etcd use* in peer-to-peer communications.
+ # Tlsproxy will use other certificates.
+
+ # This option uses the puppet CA based certificates
+ if ! $use_pki_certs {
+ sslcert::certificate { $certname:
+ skip_private => false,
+ group => 'etcd',
+ require => Package['etcd-server'],
+ before => Service['etcd'],
+ }
+
+ $trusted_ca = '/etc/ssl/certs/Puppet_Internal_CA.pem'
+ $ssl_paths = {
+ 'chained' => "/etc/ssl/localcerts/${certname}.crt",
+ 'key' => "/etc/ssl/private/${certname}.key",
+ }
+ }
+ # This option allows the CFSSL based PKI to be used with the etcd intermediate
+ else {
+ $trusted_ca = '/etc/ssl/certs/wmf-ca-certificates.crt'
+ $ssl_paths = profile::pki::get_cert('etcd', $certname, {
+ hosts => [$facts['networking']['fqdn']],
+ owner => 'etcd',
+ outdir => '/var/lib/etcd/ssl',
+ } )
+ }
+
# Service
class { '::etcd::v3':
cluster_name => $cluster_name,
@@@ -95,11 -102,11 +130,19 @@@
use_client_certs => $use_client_certs,
max_latency_ms => $max_latency,
adv_client_port => $adv_client_port,
++<<<<<<< HEAD
+ trusted_ca => '/etc/ssl/certs/Puppet_Internal_CA.pem',
+ client_cert => $cert_path,
+ client_key => $key_path,
+ peer_cert => $cert_path,
+ peer_key => $key_path,
++=======
+ trusted_ca => $trusted_ca,
+ client_cert => $ssl_paths['chained'],
+ client_key => $ssl_paths['key'],
+ peer_cert => $ssl_paths['chained'],
+ peer_key => $ssl_paths['key'],
++>>>>>>> bee77e72b800b8a8f08883b89408fe11bdc0bf7b
}
# Monitoring