Dzahn has submitted this change and it was merged.
Change subject: Make trebuchet work in eqiad.wmflabs
......................................................................
Make trebuchet work in eqiad.wmflabs
Update the role::deployment::deployment_servers::labs role to work in
the eqiad labs environment.
* Don't create the "trebuchet" user in labs
* Make "trebuchet" the owner or /srv/deployment
* Allow 10/8 to access the apache vhost
* Fix grain selector for refresh_* commands to include
'G@deployment_server:true'
* Add top.sls configuration for grain 'deployment_server:true'
Change-Id: Ie89deed31031b53742a0d5f0fd4cd0e82e21438e
---
M manifests/role/deployment.pp
M modules/deployment/files/states/top.sls
M modules/deployment/manifests/deployment_server.pp
M modules/deployment/manifests/salt_master.pp
M modules/deployment/templates/pillars/top.sls.erb
5 files changed, 19 insertions(+), 10 deletions(-)
Approvals:
BryanDavis: Looks good to me, but someone else must approve
Ryan Lane: Looks good to me, but someone else must approve
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index d31ad55..b593ace 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -243,9 +243,9 @@
priority => 10,
port => 80,
docroot => "/srv/deployment",
- docroot_owner => "${::instanceproject}",
+ docroot_owner => 'trebuchet',
docroot_group => "project-${::instanceproject}",
- docroot_dir_allows => ["10.4.0.0/16"],
+ docroot_dir_allows => ['10.0.0.0/8'],
serveradmin => "[email protected]",
configure_firewall => false,
}
diff --git a/modules/deployment/files/states/top.sls
b/modules/deployment/files/states/top.sls
index eb8bd58..0fec40f 100644
--- a/modules/deployment/files/states/top.sls
+++ b/modules/deployment/files/states/top.sls
@@ -1,4 +1,7 @@
base:
+ 'deployment_server:true':
+ - match: grain
+ - deploy.sync_all
'deployment_target:*':
- match: grain
- deploy.sync_all
diff --git a/modules/deployment/manifests/deployment_server.pp
b/modules/deployment/manifests/deployment_server.pp
index 8182932..3f43d35 100644
--- a/modules/deployment/manifests/deployment_server.pp
+++ b/modules/deployment/manifests/deployment_server.pp
@@ -47,10 +47,12 @@
replace => true,
}
- generic::systemuser { 'trebuchet':
- name => 'trebuchet',
- shell => '/bin/false',
- home => '/nonexistent',
- groups => $deployer_groups,
+ if $::realm != 'labs' {
+ generic::systemuser { 'trebuchet':
+ name => 'trebuchet',
+ shell => '/bin/false',
+ home => '/nonexistent',
+ groups => $deployer_groups,
+ }
}
}
diff --git a/modules/deployment/manifests/salt_master.pp
b/modules/deployment/manifests/salt_master.pp
index dbac3a4..2c3d1ea 100644
--- a/modules/deployment/manifests/salt_master.pp
+++ b/modules/deployment/manifests/salt_master.pp
@@ -111,7 +111,7 @@
require => [File[$module_dir]],
}
- # If pillars or modules change, we need to sync them with the minions
+ # If pillars or modules change, we need to sync them with the minions
exec { 'refresh_deployment_pillars':
command => "/usr/bin/salt -C 'G@deployment_server:true or
G@deployment_target:*' saltutil.refresh_pillar",
subscribe => [File["${pillar_dir}/deployment/deployment_config.sls"],
@@ -129,7 +129,7 @@
}
exec { 'refresh_deployment_modules':
- command => "/usr/bin/salt -G 'deployment_target:*'
saltutil.sync_modules",
+ command => "/usr/bin/salt -C 'G@deployment_server:true or
G@deployment_target:*' saltutil.sync_modules",
subscribe => [File["${module_dir}/deploy.py"],
File["${module_dir}/mwprof.py"],
File["${module_dir}/mediawiki.py"]],
@@ -138,7 +138,7 @@
}
exec { 'refresh_deployment_returners':
- command => "/usr/bin/salt -G 'deployment_target:*'
saltutil.sync_returners",
+ command => "/usr/bin/salt -C 'G@deployment_server:true or
G@deployment_target:*' saltutil.sync_returners",
subscribe => [File["${returner_dir}/deploy_redis.py"]],
refreshonly => true,
require => [Package['salt-master']],
diff --git a/modules/deployment/templates/pillars/top.sls.erb
b/modules/deployment/templates/pillars/top.sls.erb
index 17a01b7..1bfd986 100644
--- a/modules/deployment/templates/pillars/top.sls.erb
+++ b/modules/deployment/templates/pillars/top.sls.erb
@@ -1,4 +1,8 @@
base:
+ 'deployment_server:true':
+ - match: grain
+ - deployment.repo_config
+ - deployment.deployment_config
'deployment_target:*':
- match: grain
- deployment.repo_config
--
To view, visit https://gerrit.wikimedia.org/r/119221
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie89deed31031b53742a0d5f0fd4cd0e82e21438e
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Ori.livneh <[email protected]>
Gerrit-Reviewer: Ryan Lane <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
