<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 2, 2015 at 9:49 AM, Andrew Bogott <span dir="ltr"><<a href="mailto:abogott@wikimedia.org" target="_blank">abogott@wikimedia.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div><div class="h5">
<div>On 6/2/15 11:39 AM, Filippo Giunchedi
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">hey Andrew,<br>
</div>
<div class="gmail_extra">thanks for the designate/dns work on
labs! looks like very tricky to coordinate everyone :|<br>
<br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On Tue, Jun 2, 2015 at 9:15 AM,
Andrew Bogott <span dir="ltr"><<a href="mailto:abogott@wikimedia.org" target="_blank">abogott@wikimedia.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="overflow:hidden">2. If
your $puppetmaster setting is a fqdn, change it to a
simple instance name. For example, you would change
'project-puppetmaster.eqiad.wmflabs' to
'project-puppetmaster'. The two are currently
equivalent in puppet anyway, so the change should be a
no-op.</div>
</blockquote>
<div><br>
</div>
<div>I think this should be auditable from ldap since the
puppet variables come from there (?) <br>
</div>
</div>
</div>
</div>
</blockquote></div></div>
Yes, I'm planning to go through ldap and make changes before I merge
the enforcement patch. I believe that hiera overrides ldap, though,
for those projects that use it. So, self-serve is best; project
admins are the ones who know how things are set up.<span class="HOEnZb"><font color="#888888"><br></font></span></div></blockquote><div><br></div><div>true! didn't think of hiera so yeah that's easier<br><br></div><div>thanks!<br></div><div>filippo<br></div></div></div></div>