Puppet Class: profile::lvs

Defined in:
modules/profile/manifests/lvs.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class profile::lvs

Sets up a linux load-balancer.

Parameters:

  • tagged_subnets (Array[String]) (defaults to: lookup('profile::lvs::tagged_subnets'))
  • vlan_data (Hash[String, Hash]) (defaults to: lookup('lvs::interfaces::vlan_data'))
  • interface_tweaks (Hash[String, Hash]) (defaults to: lookup('profile::lvs::interface_tweaks'))
  • ipip_enabled (Boolean) (defaults to: lookup('profile::lvs::ipip_enabled')) 


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'modules/profile/manifests/lvs.pp', line 6

class profile::lvs(
    Array[String] $tagged_subnets = lookup('profile::lvs::tagged_subnets'),
    Hash[String, Hash] $vlan_data = lookup('lvs::interfaces::vlan_data'),
    Hash[String, Hash] $interface_tweaks = lookup('profile::lvs::interface_tweaks'),
    Boolean $ipip_enabled = lookup('profile::lvs::ipip_enabled'),
){
    require profile::lvs::configuration

    $services = wmflib::service::get_services_for_lvs($profile::lvs::configuration::lvs_class, $::site)

    ## Kernel setup

    # defaults to "performance"
    class { '::cpufrequtils': }

    # kernel-level parameters
    class { '::lvs::kernel_config': }

    ## LVS IPs setup
    # Obtain all the IPs configured for this class of load-balancers,
    # as an array.
    $service_ips = wmflib::service::get_ips_for_services($services, $::site)
    # Also, get the advertised instrumentation IPs:
    $i13n_ips = wmflib::service::get_i13n_ips_for_lvs()

    # Bind balancer IPs to the loopback interface
    class { '::lvs::realserver':
        realserver_ips => sort($service_ips + $i13n_ips)
    }

    # Monitoring sysctl
    $rp_args = inline_template('<%= @interfaces.split(",").map{|x| "net.ipv4.conf.#{x.gsub(/[_:.]/,"/")}.rp_filter=0" if !x.start_with?("lo") }.compact.join(",") %>')
    nrpe::monitor_service { 'check_rp_filter_disabled':
        description  => 'Check rp_filter disabled',
        nrpe_command => "/usr/local/lib/nagios/plugins/check_sysctl ${rp_args}",
        notes_url    => 'https://wikitech.wikimedia.org/wiki/Monitoring/check_rp_filter_disabled',
    }

    profile::lvs::tagged_interface {$tagged_subnets:
        interfaces   => $vlan_data,
        ipip_enabled => $ipip_enabled,
    }

    # Apply needed interface tweaks

    create_resources(profile::lvs::interface_tweaks, $interface_tweaks, {ipip_enabled => $ipip_enabled})


    # Install ipip-multiqueue-optimizer
    package { 'ipip-multiqueue-optimizer':
        ensure => stdlib::ensure($ipip_enabled),
    }

    $host_vlan_ifaces = $vlan_data.filter |$vlan_name, $vlan| {
        $::hostname in $vlan['iface']
    }.map |$vlan_name, $vlan| {
        # Interface name comes from profile::lvs::tagged_interface --> interface::tagged
        "vlan${vlan['id']}"
    }
    $host_native_ifaces = $interface_tweaks.map|$iface_name, $tweaks| {
        $iface_name
    }

    $optimizer_interfaces = $host_vlan_ifaces + $host_native_ifaces
    $prometheus_addr = "${::ipaddress}:9095"
    systemd::service { 'ipip-multiqueue-optimizer':
        ensure               => stdlib::ensure($ipip_enabled),
        content              => systemd_template('ipip-multiqueue-optimizer'),
        monitoring_enabled   => true,
        monitoring_notes_url => 'https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments',
        restart              => false,
    }

    if $ipip_enabled {
        exec { 'enable_ipip-multiqueue-optimizer_service':
            command => '/usr/bin/systemctl enable ipip-multiqueue-optimizer.service',
            unless  => '/usr/bin/systemctl -q is-enabled ipip-multiqueue-optimizer.service',
            require => Systemd::Service['ipip-multiqueue-optimizer'],
        }
    }
}