Puppet Class: profile::services_proxy::envoy

Defined in:
modules/profile/manifests/services_proxy/envoy.pp

Summary

This class sets up a simple nginx proxy to remote services.

Overview

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: lookup('profile::envoy::ensure', {'default_value' => 'present'}))

    Whether the proxy should be present or not. We don't use it in deployment-prep.

  • all_listeners (Array[Profile::Service_listener]) (defaults to: lookup('profile::services_proxy::envoy::listeners', {'default_value' => []}))

    A hash of listener definitions. Each listener should have the following structure: name - the name of the listener port - the local port to listen on timeout - the time after which we timeout on a call service - The label for the service we're connecting to in service::catalog in hiera http_host - optional http Host: header to add to the request upstream - upstream host to contact. If unspecified, <service>.discovery.wmnet will be assumed. retry - The retry policy, if any. See the envoy docs for RetryPolicy for details. keepalive - keepalive timeout. If not specified, the default envoy value will be used.

    For nodejs applications assume the right value is 5 seconds (see T247484)

    xfp - Set an explicit value for X-Forwarded-Proto, instead of letting envoy inject it (see T249535)

  • enabled_listeners (Optional[Array[String]]) (defaults to: lookup('profile::services_proxy::envoy::enabled_listeners', {'default_value' => undef}))

    Optional list of listeners we want to install locally.

  • listen_ipv6 (Boolean) (defaults to: lookup('profile::services_proxy::envoy::listen_ipv6'))

    listent on ipv6



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'modules/profile/manifests/services_proxy/envoy.pp', line 17

class profile::services_proxy::envoy(
    Wmflib::Ensure                   $ensure            = lookup('profile::envoy::ensure', {'default_value' => 'present'}),
    Array[Profile::Service_listener] $all_listeners     = lookup('profile::services_proxy::envoy::listeners', {'default_value' => []}),
    Optional[Array[String]]          $enabled_listeners = lookup('profile::services_proxy::envoy::enabled_listeners', {'default_value' => undef}),
    Boolean                          $listen_ipv6       = lookup('profile::services_proxy::envoy::listen_ipv6'),
) {
    if $enabled_listeners == undef {
        $listeners = $all_listeners
    } else {
        $listeners = $all_listeners.filter |$listener| {$listener['name'] in $enabled_listeners}
    }

    if $ensure == 'present' {
        if $listeners == [] {
            fail('You must declare services if the proxy is to be present')
        }
        require profile::envoy

    }
    $all_services = wmflib::service::fetch()
    $listeners.each |$listener| {
        $cluster_label = $listener['service']
        $svc = $all_services[$cluster_label]
        if $svc == undef {
            fail("Could not find service ${cluster_label} in service::catalog")
        }
        # Service name is:
        # - foo if upstream is foo.discovery.wmnet
        # - $listener['service']_eqiad if upstream is foo.eqiad.wikimedia.org
        #   or foo.svc.eqiad.wmnet
        # - $listener['service'] otherwise
        if $listener['upstream'] {
            $address = $listener['upstream']
            if $address =~ /^([^.]+)\.discovery\.wmnet$/ {
                $svc_name = $1
            }
            elsif $address =~ /^[^.]+\.svc\.([^.]+)\.wmnet$/ {
                $svc_name = "${listener['service']}_${1}"
            }
            elsif $address =~ /^[^.]+\.([^.]+)\.wikimedia\.org$/ {
                $svc_name = "${listener['service']}_${1}"
            }
            else {
                $svc_name = $listener['service']
            }
        } else {
            $svc_name = $listener['service']
            $address = "${svc_name}.discovery.wmnet"
        }
        if !defined(Envoyproxy::Cluster["${svc_name}_cluster"]) {
            envoyproxy::cluster { "${svc_name}_cluster":
                content => template('profile/services_proxy/envoy_service_cluster.yaml.erb'),
            }
        }

        # Now define the listener
        if $listener['retry'] == undef {
            $retry_policy = {'num_retries' => 0}
        } else {
            $retry_policy = $listener['retry']
        }

        envoyproxy::listener { $listener['name']:
            content => template('profile/services_proxy/envoy_service_listener.yaml.erb'),
        }
    }
}