commit 08ffffbe5247cca7e488dbc810415d1f66a0607e
Author: root <root@paws-puppetmaster-01.paws.eqiad.wmflabs>
Date:   Mon Mar 25 18:41:49 2019 +0000

    Initial PAWS puppetization

diff --git a/manifests/site.pp b/manifests/site.pp
index 271c507d05..ce7799a765 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,2299 +1,19 @@
+node 'paws-packages-01.paws.eqiad.wmflabs' {
+    include role::paws::packages_server
 }
 
+node /^paws-master/ {
+    include role::paws::master
 }
 
+node /^paws-worker/ {
+    include role::paws::worker
 }
 
+node /^paws-int-lb/ {
+    include role::paws::internal_lb
 }

+node /^paws-ext-lb/ {
+    include role::paws::external_lb
 }
diff --git a/modules/profile/manifests/paws/common.pp b/modules/profile/manifests/paws/common.pp
new file mode 100644
index 0000000000..db99dcf272
--- /dev/null
+++ b/modules/profile/manifests/paws/common.pp
@@ -0,0 +1,6 @@
+class profile::paws::common {
+
+   require role::labs::instance
+   include profile::paws::repos
+   
+}
diff --git a/modules/profile/manifests/paws/docker.pp b/modules/profile/manifests/paws/docker.pp
new file mode 100644
index 0000000000..73a8bcb322
--- /dev/null
+++ b/modules/profile/manifests/paws/docker.pp
@@ -0,0 +1,47 @@
+class profile::paws::docker {
+    
+    # Consult the Kubernetes changelog for supported versions
+    $docker_ce_version = '5:18.09.3~3-0~debian-stretch'
+    $docker_ce_cli_version = '5:18.09.3~3-0~debian-stretch'
+    $containerd_version = '1.2.4-1'
+
+    apt::pin { 'docker-ce':
+        package  => 'docker-ce',
+        pin      => "version ${docker_ce_version}",
+        priority => '3000',
+    }
+
+    package { 'docker-ce':
+        ensure  => "${docker_ce_version}",
+        require => Apt::Pin['docker-ce'],
+    }
+
+    apt::pin { 'docker-ce-cli':
+        package  => 'docker-ce-cli',
+        pin      => "version ${docker_ce_cli_version}",
+        priority => '3000',
+    }
+
+    package { 'docker-ce-cli':
+        ensure  => "${docker_ce_cli_version}",
+        require => Apt::Pin['docker-ce-cli'],
+    }
+
+    apt::pin { 'containerd.io':
+        package  => 'containerd.io',
+        pin      => "version ${containerd_version}",
+        priority => '3000',
+    }
+
+    package { 'containerd.io':
+        ensure  => "${containerd_version}",
+        require => Apt::Pin['containerd.io'],
+    }
+
+    service { 'docker':
+        ensure  => true,
+        enable  => true,
+        require => Package['docker-ce'],
+    }
+
+}
diff --git a/modules/profile/manifests/paws/external_lb.pp b/modules/profile/manifests/paws/external_lb.pp
new file mode 100644
index 0000000000..7f0a817d89
--- /dev/null
+++ b/modules/profile/manifests/paws/external_lb.pp
@@ -0,0 +1,2 @@
+class profile::paws::external_lb {
+}
diff --git a/modules/profile/manifests/paws/internal_lb.pp b/modules/profile/manifests/paws/internal_lb.pp
new file mode 100644
index 0000000000..53e2409b06
--- /dev/null
+++ b/modules/profile/manifests/paws/internal_lb.pp
@@ -0,0 +1,2 @@
+class profile::paws::internal_lb {
+}
diff --git a/modules/profile/manifests/paws/kubernetes.pp b/modules/profile/manifests/paws/kubernetes.pp
new file mode 100644
index 0000000000..d2d9872d06
--- /dev/null
+++ b/modules/profile/manifests/paws/kubernetes.pp
@@ -0,0 +1,41 @@
+class profile::paws::kubernetes {
+    
+    $version = '1.13.4-00'
+
+    $packages = [
+        'kubectl',
+        'kubelet',
+        'kubeadm',
+    ]
+
+    apt::pin { 'kubernetes':
+        package  => $packages,
+        pin      => "version ${version}",
+        priority => '3000',
+    }
+
+    package { $packages:
+        ensure  => "${version}",
+        require => Apt::Pin['kubernetes'],
+    }
+
+    service { 'kubelet':
+        ensure  => true,
+        enable  => true,
+        require => Package['kubelet'],
+    }
+
+    file_line { 'swap-fstab':
+        ensure            => absent,
+        path              => '/etc/fstab',
+        match             => 'none swap defaults 1 0',
+        match_for_absence => true,
+        multiple          => true,
+    }
+
+    exec { "swap-off":
+      command => "/sbin/swapoff -a",
+      onlyif => "/bin/grep partition /proc/swaps"
+    }
+
+}
diff --git a/modules/profile/manifests/paws/nginx.pp b/modules/profile/manifests/paws/nginx.pp
new file mode 100644
index 0000000000..1f4452a91c
--- /dev/null
+++ b/modules/profile/manifests/paws/nginx.pp
@@ -0,0 +1,24 @@
+class profile::paws::nginx {
+
+    $version = '1.14.1-1~bpo9+1'
+
+    $packages = [
+        'nginx-light',
+        'nginx-common',
+        'libnginx-mod-http-echo',
+        'libnginx-mod-stream',
+    ]
+
+    apt::pin { 'nginx':
+        package  => $packages,
+        pin      => "version ${version}",
+        priority => '3000',
+    }
+
+    package { $packages:
+        ensure          => "${version}",
+        install_options => ['-t', 'stretch-backports'],
+        require         => Apt::Pin['nginx'],
+    }
+
+}
diff --git a/modules/profile/manifests/paws/packages_server.pp b/modules/profile/manifests/paws/packages_server.pp
new file mode 100644
index 0000000000..d4314a803d
--- /dev/null
+++ b/modules/profile/manifests/paws/packages_server.pp
@@ -0,0 +1,3 @@
+class profile::paws::packages_server {
+    include role::aptly::server
+}
diff --git a/modules/profile/manifests/paws/repos.pp b/modules/profile/manifests/paws/repos.pp
new file mode 100644
index 0000000000..456d15623f
--- /dev/null
+++ b/modules/profile/manifests/paws/repos.pp
@@ -0,0 +1,23 @@
+class profile::paws::repos (
+    String $servername = 'paws-packages-01.paws.eqiad.wmflabs',
+    String $protocol = 'http',
+) {
+
+    apt::repository { 'kubernetes-xenial':
+        uri        => "${protocol}://${servername}/repo",
+        dist       => "kubernetes-xenial",
+        components => "main",
+        source     => false,
+        trust_repo => true,
+    }
+
+    apt::repository { 'docker-ce':
+        uri        => "${protocol}://${servername}/repo",
+        dist       => "docker-ce",
+        components => "main",
+        source     => false,
+        trust_repo => true,
+    }
+
+}
+
diff --git a/modules/role/manifests/paws/external_lb.pp b/modules/role/manifests/paws/external_lb.pp
new file mode 100644
index 0000000000..4f1e052ca4
--- /dev/null
+++ b/modules/role/manifests/paws/external_lb.pp
@@ -0,0 +1,5 @@
+class role::paws::external_lb {
+    include profile::paws::common
+    include profile::paws::nginx
+    include profile::paws::external_lb
+}
diff --git a/modules/role/manifests/paws/internal_lb.pp b/modules/role/manifests/paws/internal_lb.pp
new file mode 100644
index 0000000000..c065b2a7f9
--- /dev/null
+++ b/modules/role/manifests/paws/internal_lb.pp
@@ -0,0 +1,5 @@
+class role::paws::internal_lb {
+    include profile::paws::common
+    include profile::paws::nginx
+    include profile::paws::internal_lb
+}
diff --git a/modules/role/manifests/paws/master.pp b/modules/role/manifests/paws/master.pp
new file mode 100644
index 0000000000..084b3e6de6
--- /dev/null
+++ b/modules/role/manifests/paws/master.pp
@@ -0,0 +1,5 @@
+class role::paws::master {
+    include profile::paws::common
+    include profile::paws::docker
+    include profile::paws::kubernetes
+}
diff --git a/modules/role/manifests/paws/packages_server.pp b/modules/role/manifests/paws/packages_server.pp
new file mode 100644
index 0000000000..3db48c682f
--- /dev/null
+++ b/modules/role/manifests/paws/packages_server.pp
@@ -0,0 +1,4 @@
+class role::paws::packages_server {
+    include profile::paws::common
+    include profile::paws::packages_server
+}
diff --git a/modules/role/manifests/paws/worker.pp b/modules/role/manifests/paws/worker.pp
new file mode 100644
index 0000000000..a801576498
--- /dev/null
+++ b/modules/role/manifests/paws/worker.pp
@@ -0,0 +1,5 @@
+class role::paws::worker {
+    include profile::paws::common
+    include profile::paws::docker
+    include profile::paws::kubernetes
+}