--- Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport].orig
+++ Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]
@@
- clamped_ipport => ['185.15.59.225:29418', '[2a02:ec80:300:ed1a::2]:29418']
+ clamped_ipport => ['185.15.59.225:29418', '185.15.59.228:2222', '[2a02:ec80:300:ed1a::2]:29418', '[2a02:ec80:300:ed1a::4]:2222']
File[/lib/systemd/system/tcp-mss-clamper.service]
- Content differences:
--- /lib/systemd/system/tcp-mss-clamper.service.orig
+++ /lib/systemd/system/tcp-mss-clamper.service
@@ -7,5 +7,5 @@
[Service]
LimitMEMLOCK=infinity
-ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s "185.15.59.225:29418,[2a02:ec80:300:ed1a::2]:29418" -i ens13,lo
+ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s "185.15.59.225:29418,185.15.59.228:2222,[2a02:ec80:300:ed1a::2]:29418,[2a02:ec80:300:ed1a::4]:2222" -i ens13,lo
Restart=on-failure
Systemd::Unit[prometheus_ferm_mss.service]
File[/etc/conftool/local_services.yaml]
- Content differences:
--- /etc/conftool/local_services.yaml.orig
+++ /etc/conftool/local_services.yaml
@@ -5,3 +5,9 @@
servers:
- pybal-high-traffic1-esams.wikimedia.org
port: 29418
+gitlab-ssh:
+ cluster: tcp-proxy
+ service: gitlab
+ servers:
+ - pybal-high-traffic1-esams.wikimedia.org
+ port: 2222
Systemd::Timer::Job[prometheus_lvs_realserver_mss]
- Parameters differences:
--- Systemd::Timer::Job[prometheus_lvs_realserver_mss].orig
+++ Systemd::Timer::Job[prometheus_lvs_realserver_mss]
@@
- command => /usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418
+ command => /usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222
- Class[Lvs::Realserver]
- Parameters differences:
--- Class[Lvs::Realserver].orig
+++ Class[Lvs::Realserver]
@@
- realserver_ips => ['185.15.59.225', '2a02:ec80:300:ed1a::2']
+ realserver_ips => ['185.15.59.225', '185.15.59.228', '2a02:ec80:300:ed1a::2', '2a02:ec80:300:ed1a::4']
- Ferm::Rule[clamp-mss-ipv6]
- Parameters differences:
--- Ferm::Rule[clamp-mss-ipv6].orig
+++ Ferm::Rule[clamp-mss-ipv6]
@@
- rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;
+ rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;
- Systemd::Unit[tcp-mss-clamper]
- File[/etc/ferm/conf.d/10_clamp-mss-ipv4]
- Content differences:
--- /etc/ferm/conf.d/10_clamp-mss-ipv4.orig
+++ /etc/ferm/conf.d/10_clamp-mss-ipv4
@@ -5,7 +5,7 @@
domain (ip) {
table filter {
chain OUTPUT {
- outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;
+ outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;
}
}
}
- File[/etc/default/wikimedia-lvs-realserver]
- Content differences:
--- /etc/default/wikimedia-lvs-realserver.orig
+++ /etc/default/wikimedia-lvs-realserver
@@ -7,4 +7,4 @@
# LVS service IPs to be bound to the loopback interface,
# separate using spaces
-LVS_SERVICE_IPS="185.15.59.225 2a02:ec80:300:ed1a::2"
+LVS_SERVICE_IPS="185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2 2a02:ec80:300:ed1a::4"
- File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]
- Content differences:
--- /lib/systemd/system/prometheus_lvs_realserver_mss.service.orig
+++ /lib/systemd/system/prometheus_lvs_realserver_mss.service
@@ -5,4 +5,4 @@
[Service]
Type=oneshot
User=root
-ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418
+ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222
- Class[Profile::Tcpproxy]
- Parameters differences:
--- Class[Profile::Tcpproxy].orig
+++ Class[Profile::Tcpproxy]
+ enable_gitlab_ssh => True
- Systemd::Unit[prometheus_lvs_realserver_mss.service]
- File[/lib/systemd/system/prometheus_ferm_mss.service]
- Content differences:
--- /lib/systemd/system/prometheus_ferm_mss.service.orig
+++ /lib/systemd/system/prometheus_ferm_mss.service
@@ -5,4 +5,4 @@
[Service]
Type=oneshot
User=root
-ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418
+ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222
- File[/etc/ferm/conf.d/10_clamp-mss-ipv6]
- Content differences:
--- /etc/ferm/conf.d/10_clamp-mss-ipv6.orig
+++ /etc/ferm/conf.d/10_clamp-mss-ipv6
@@ -5,7 +5,7 @@
domain (ip6) {
table filter {
chain OUTPUT {
- outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;
+ outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;
}
}
}
- Ferm::Rule[clamp-mss-ipv4]
- Parameters differences:
--- Ferm::Rule[clamp-mss-ipv4].orig
+++ Ferm::Rule[clamp-mss-ipv4]
@@
- rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;
+ rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;
- File[/etc/haproxy/haproxy.cfg]
- Content differences:
--- /etc/haproxy/haproxy.cfg.orig
+++ /etc/haproxy/haproxy.cfg
@@ -24,6 +24,10 @@
bind :::29418 v4v6
server backend_server gerrit.discovery.wmnet port 29418 resolvers default init-addr none check maxconn 200
+listen gitlab_ssh
+ bind :::2222 v4v6
+ server backend_server gitlab.discovery.wmnet port 22 resolvers default init-addr none check maxconn 200
+
frontend stats
mode http
no log
- Systemd::Service[tcp-mss-clamper]
- Systemd::Timer::Job[prometheus_ferm_mss]
- Parameters differences:
--- Systemd::Timer::Job[prometheus_ferm_mss].orig
+++ Systemd::Timer::Job[prometheus_ferm_mss]
@@
- command => /usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418
+ command => /usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222
- Class[Profile::Lvs::Realserver::Ipip]
- Parameters differences:
--- Class[Profile::Lvs::Realserver::Ipip].orig
+++ Class[Profile::Lvs::Realserver::Ipip]
@@
- pools => {'gerrit-ssh': {'services': ['gerrit']}}
+ pools => {'gerrit-ssh': {'services': ['gerrit']}, 'gitlab-ssh': {'services': ['gitlab']}}
- Prometheus::Node_ferm_mss[ferm_clamped_ipport]
- Parameters differences:
--- Prometheus::Node_ferm_mss[ferm_clamped_ipport].orig
+++ Prometheus::Node_ferm_mss[ferm_clamped_ipport]
@@
- clamped_ipport => ['185.15.59.225:29418', '[2a02:ec80:300:ed1a::2]:29418']
+ clamped_ipport => ['185.15.59.225:29418', '185.15.59.228:2222', '[2a02:ec80:300:ed1a::2]:29418', '[2a02:ec80:300:ed1a::4]:2222']
- Class[Profile::Lvs::Realserver]
- Parameters differences:
--- Class[Profile::Lvs::Realserver].orig
+++ Class[Profile::Lvs::Realserver]
@@
- pools => {'gerrit-ssh': {'services': ['gerrit']}}
+ pools => {'gerrit-ssh': {'services': ['gerrit']}, 'gitlab-ssh': {'services': ['gitlab']}}