Move os-reports to the puppetdb host(s)

Move this away from the Cumin hosts, the microservice doesn't provide the full syntax and this can directly run on the puppetdb 7 host(s). Also remove the now obsolete config option for the puppetdb host to query and switch to plain text queries given that we're now running on the puppetdb host(s) locally. Bug: T342214 Hosts: puppetdb2003.codfw.wmnet, cumin2002.codfw.wmnet, miscweb1003.eqiad.wmnet Change-Id: I677c756dd6132487218fe076e4ddbbf85a69a5ca
wikimedia · Sep 22, 2023 · bba817e · bba817e
1 parent b838b90
commit bba817e
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 29 deletions.
diff --git a/hieradata/role/common/cluster/management.yaml b/hieradata/role/common/cluster/management.yaml
@@ -7,7 +7,6 @@ profile::admin::groups:
 profile::conftool::client::etcd_user: 'root'
 profile::mariadb::wmfmariadbpy::role: 'admin'
 profile::cumin::monitor_agentrun: true
-profile::sre::os_reports::host: cumin2002.codfw.wmnet
 profile::contacts::role_contacts: ['Infrastructure Foundations']
 profile::cumin::master::email_alerts: true
 profile::ldap::bitu::group: ops

diff --git a/hieradata/role/common/miscweb.yaml b/hieradata/role/common/miscweb.yaml
@@ -14,5 +14,5 @@ profile::miscweb::rsync::src_host: 'miscweb1003.eqiad.wmnet'
 profile::miscweb::rsync::dst_hosts:
   - 'miscweb2003.codfw.wmnet'
 
-profile::sre::os_reports::host: cumin2002.codfw.wmnet
+profile::sre::os_reports::host: puppetdb2003.codfw.wmnet
 profile::contacts::role_contacts: ['ServiceOps-Collab']
diff --git a/hieradata/role/common/puppetdb/bookworm.yaml b/hieradata/role/common/puppetdb/bookworm.yaml
@@ -104,3 +104,5 @@ profile::nginx::variant: 'custom'
 profile::java::java_packages:
   - version: '17'
     variant: 'jre-headless'
+
+profile::sre::os_reports::host: puppetdb2003.codfw.wmnet
diff --git a/modules/profile/files/sre/os-updates-report.py b/modules/profile/files/sre/os-updates-report.py
@@ -39,18 +39,12 @@ def add_header():
             text(' SRE')
 
 
-def connect_puppetdb(puppetdb_host):
-    db = connect(host=puppetdb_host,
-                 port=443,
-                 protocol='https',
-                 ssl_key=None,
-                 ssl_cert=None,
-                 ssl_verify='/var/lib/puppet/ssl/certs/ca.pem')
-    return db
-
-
-def get_servers_running_os(distro_release, puppetdb_host):
-    pdb = connect_puppetdb(puppetdb_host)
+def connect_puppetdb():
+    return connect()
+
+
+def get_servers_running_os(distro_release):
+    pdb = connect_puppetdb()
     facts = pdb.facts('lsbdistcodename', distro_release)
 
     return [fact.node for fact in facts]
@@ -87,7 +81,7 @@ def get_current_quarter():
 
 
 # Fetch all roles and return a dictionary of fqdn[rolename]
-def get_roles(puppetdb_host):
+def get_roles():
     fqdns_roles = {}
 
     q = QueryBuilder.ExtractOperator()
@@ -96,7 +90,7 @@ def get_roles(puppetdb_host):
     q.add_field(str('certname'))
     q.add_query(QueryBuilder.EqualsOperator('type', 'System::Role'))
 
-    pdb = connect_puppetdb(puppetdb_host)
+    pdb = connect_puppetdb()
     data = pdb._query('resources', query=q)
 
     for resource in data:
@@ -129,7 +123,7 @@ def unroll_result_list(entries):
     return '\n'.join(sorted(entries))
 
 
-def prepare_report(datafile, puppetdb_host, owners, roles, distro, hosts, uptodate_os,
+def prepare_report(datafile, owners, roles, distro, hosts, uptodate_os,
                    target_dir, eol_date):
     status_log = []
     owners_to_contact_plan = defaultdict(set)
@@ -150,9 +144,9 @@ def prepare_report(datafile, puppetdb_host, owners, roles, distro, hosts, uptoda
     targets = defaultdict(list)
 
     for current_distro in uptodate_os:
-        hosts_current_count += len(get_servers_running_os(current_distro, puppetdb_host))
+        hosts_current_count += len(get_servers_running_os(current_distro))
 
-    deprecated_count = len(get_servers_running_os(distro, puppetdb_host))
+    deprecated_count = len(get_servers_running_os(distro))
 
     for host in hosts:
 
@@ -341,10 +335,6 @@ def main_function():
         print("Malformed config file, no [general] section found")
         sys.exit(1)
 
-    if 'puppetdb_host' not in cfg.options('general'):
-        print("Malformed config file, no puppetdb host configured")
-        sys.exit(1)
-
     if 'owners' not in cfg.options('general'):
         print("Malformed config file, no owners file configured")
         sys.exit(1)
@@ -380,13 +370,11 @@ def main_function():
 
         uptodate_os = [i.strip() for i in cfg.get(distro, 'current').split(",")]
 
-        puppetdb_host = cfg.get('general', 'puppetdb_host')
         target_directory = cfg.get('general', 'target_directory')
-        roles = get_roles(puppetdb_host)
-        hosts = get_servers_running_os(distro, puppetdb_host)
+        roles = get_roles()
+        hosts = get_servers_running_os(distro)
 
         prepare_report(cfg.get(distro, 'datafile'),
-                       puppetdb_host,
                        owners,
                        roles,
                        distro,

diff --git a/modules/profile/files/sre/os-updates-tracking.cfg b/modules/profile/files/sre/os-updates-tracking.cfg
@@ -1,6 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
 [general]
-puppetdb_host: puppetdb1003.eqiad.wmnet
 owners: /etc/wikimedia/os-updates/puppetdb_owners.yaml
 additional-owners: /etc/wikimedia/os-updates/additional_owners.yaml
 target_directory: /srv/os-reports

diff --git a/modules/role/manifests/cluster/management.pp b/modules/role/manifests/cluster/management.pp
@@ -33,7 +33,6 @@
 
     include profile::netops::ripeatlas::cli
 
-    include profile::sre::os_updates
     include profile::sre::check_user
 
     include profile::kubernetes::kubeconfig::admin

diff --git a/modules/role/manifests/puppetdb/bookworm.pp b/modules/role/manifests/puppetdb/bookworm.pp
@@ -5,4 +5,5 @@
     system::role { 'puppetdb::bookworm': description => 'Puppetdb server' }
 
     include role::puppetdb
+    include profile::sre::os_updates
 }