Expose generic-worker status + pool ID via snmpd extend (Mac)#1217
Open
markcor wants to merge 2 commits into
Open
Expose generic-worker status + pool ID via snmpd extend (Mac)#1217markcor wants to merge 2 commits into
markcor wants to merge 2 commits into
Conversation
Adds macOS support for the same SNMP-based marlin checks already implemented for Linux in #1216: - generic-worker process status - worker pool ID (workerType from /etc/generic-worker.config) Changes: * New `packages::net_snmp` class — installs net-snmp on macOS via the standard `packages::macos_package_from_s3` pattern. Operators upload the `net-snmp-${version}.pkg` artifact to the existing packages S3 bucket; Puppet's `pkgdmg` provider installs it. * New `macos_snmpd` module mirroring `linux_snmpd`: - declares `require packages::net_snmp` - drops `/etc/snmp/snmpd.conf` with the same `extend` directives (gw_status and worker_pool_id) as the Linux module - deploys identical scripts to /usr/local/bin/ (Mac and Linux share /etc/generic-worker.config layout and run the same generic-worker binary, so the scripts are byte-for-byte identical) - sets up a LaunchDaemon (/Library/LaunchDaemons/net.net-snmp.snmpd.plist) that runs `snmpd` from a configurable `$snmpd_path` (default `/usr/sbin/snmpd`; override if the S3 .pkg installs elsewhere) - same hiera knobs as linux_snmpd: `snmpd.enabled` and `snmpd.ro_community` * `macos_snmpd` is not yet wired into any role; that should follow once the .pkg artifact lands in S3 and the install path is confirmed on a test mac. Recommended: include it from a shared mac base profile. Companion: marlin PR mozilla-it/marlin#17 already includes the Mac side (service definitions in services-mac.j2, host blocks in fxci-macos.j2, shared snmp_worker_pool_id_check.sh wrapper that writes to InfluxDB).
Mirrors the fix in the Linux PR (#1216) after @aerickson found that /etc/generic-worker.config is generated just-in-time per task and isn't reliably present at snmpd poll time. Mac's worker_runner module writes /opt/worker/worker-runner-config.yaml (see modules/worker_runner/manifests/init.pp: $data_dir defaults to /opt/worker and $worker_runner_conf = "${data_dir}/worker-runner-config.yaml"). Read workerPoolID from that file instead, and strip the "<provisionerId>/" prefix to expose just the pool name (matches Windows/host_pool semantics).
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds macOS support for the same SNMP-based marlin checks already implemented for Linux in #1216:
gw_status— whethergeneric-workeris running on the workerworker_pool_id— the worker's pool ID (workerType) read from/etc/generic-worker.configInstall pattern (follows existing macOS conventions)
This PR introduces
packages::net_snmpwhich uses the existingpackages::macos_package_from_s3defined type — the same pattern used for OpenSSL, Java, Node.js, Chrome, generic-worker, etc. on macOS workers. Operators uploadnet-snmp-${version}.pkgto the standard S3 bucket; Puppet'spkgdmgprovider installs it.Files
modules/packages/manifests/net_snmp.pp(new) — wrapspackages::macos_package_from_s3for thenet-snmp-${version}.pkgartifactmodules/macos_snmpd/(new module, mirrorslinux_snmpd):manifests/init.pp—require packages::net_snmp, drops snmpd.conf + scripts + LaunchDaemonfiles/snmp_check_gw.sh— identical to the Linux version (Mac and Linux share/etc/generic-worker.configlayout and run the samegeneric-workerbinary)files/snmp_worker_pool_id.sh— identical to Linuxtemplates/snmpd.conf.epp— sameextendlines as Linuxtemplates/launchdaemon.plist.epp—/Library/LaunchDaemons/net.net-snmp.snmpd.plistrunssnmpdfrom$snmpd_path(default/usr/sbin/snmpd; override if the S3 .pkg installs elsewhere)Same hiera knobs as
linux_snmpdsnmpd::enabled(defaulttrue)snmpd::ro_community(required; secret)Out of scope for this PR
net-snmp-${version}.pkgartifact and uploading it to the packages S3 bucket — this needs an ops handoff to whoever maintains the macOS .pkg pipeline.macos_snmpdinto a role/profile — recommended location is a shared mac base profile, but I want a test run on one machine before broad rollout. Operators can include it on a single host first to confirm the .pkg install path matches$snmpd_path.Companion PRs
linux_snmpdmoduleservices-mac.j2, ~416 host blocks infxci-macos.j2sourced from the inventory.d YAMLs, sharedsnmp_worker_pool_id_check.shwrapper that writes to InfluxDB)Test plan
net-snmp-${version}.pkgto S3include macos_snmpdto one test mac's rolesnmpdis running and listening on udp/161snmpget -v2c -c <community> -O qv <mac-host> 'NET-SNMP-EXTEND-MIB::nsExtendOutputFull.\"gw_status\"'returnsOK - generic-worker runningworker_pool_idquery returnsOK - worker_pool_id=<pool>marlin#17is also merged):Mac Generic Worker+Mac Worker Pool IDservices appear OK on the test hostmarlin-icinga2returns ahost_poolrecord for the test mac