[MediaWiki-commits] [Gerrit] Group own refinery logs by analytics-admins, add hdfs to ana... - change (operations/puppet)

Tue, 05 Aug 2014 08:23:43 -0700 

Ottomata has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/151863

Change subject: Group own refinery logs by analytics-admins, add hdfs to 
analytics-admins group
......................................................................

Group own refinery logs by analytics-admins, add hdfs to analytics-admins group

Change-Id: I343ac7c5b8bf63a0aeeb39cf7a57b769ebf06b19
---
M manifests/role/analytics/refinery.pp
1 file changed, 19 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/63/151863/1

diff --git a/manifests/role/analytics/refinery.pp 
b/manifests/role/analytics/refinery.pp
index 0fe5882..fe50e4d 100644
--- a/manifests/role/analytics/refinery.pp
+++ b/manifests/role/analytics/refinery.pp
@@ -33,13 +33,27 @@
     file { $log_dir:
         ensure => 'directory',
         owner  => 'root',
-        # TODO: Change this to analytics-admins group after
-        # https://gerrit.wikimedia.org/r/#/c/150560 is merged.
-        group  => 'stats',
-        # setgid bit here to make kraken log files writeable
-        # by users in the stats group.
+        group  => 'analytics-admins',
+        # setgid bit here to make refinery log files writeable
+        # by users in the analytics-admins group.
         mode   => '2775',
     }
+
+    # If hdfs user exists, then add it to the analytics-admins group.
+    # I don't want to use puppet types or the admin module to manage
+    # the hdfs user, since it is installed by the CDH packages.
+    # TODO: Move this to the admin module if/when it supports
+    # adding system users to groups.
+    exec { 'hdfs_user_in_stats_group':
+        command => 'usermod hdfs -a -G analytics-admins',
+        # Only run this command if the hdfs user exists
+        # and it is not already in the stats group
+        # This command returns true if hdfs user does not exist,
+        # or if hdfs user does exist and is in the stats group.
+        unless  => 'getent passwd hdfs > /dev/null; if [ $? != 0 ]; then true; 
else groups hdfs | grep -q analytics-admins; fi',
+        path    => '/usr/sbin:/usr/bin:/bin',
+        require => Group['analytics-admins'],
+    }
 }
 
 # == Class role::analytics::refinery::camus

-- 
To view, visit https://gerrit.wikimedia.org/r/151863
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I343ac7c5b8bf63a0aeeb39cf7a57b769ebf06b19
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ottomata <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to