[MediaWiki-commits] [Gerrit] Groundwork work for keyholder-based MediaWiki deployments - change (operations/puppet)

Wed, 12 Nov 2014 15:33:18 -0800 

Ori.livneh has submitted this change and it was merged.

Change subject: Groundwork work for keyholder-based MediaWiki deployments
......................................................................


Groundwork work for keyholder-based MediaWiki deployments

Currently, when MediaWiki deployers push code, scap SSHs them into each host as
themselves, where they sudo to mwdeploy to run rsync. With keyholder, users
would be SSHing as mwdeploy directly. This requires setting a real shell for
mwdeploy and an SSH key.

Change-Id: I2523a13b99687f0c2ad2da2cd73a66abffe037b6
---
A modules/mediawiki/files/authorized_keys.mwdeploy
M modules/mediawiki/manifests/users.pp
2 files changed, 24 insertions(+), 2 deletions(-)

Approvals:
  Ori.livneh: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/mediawiki/files/authorized_keys.mwdeploy 
b/modules/mediawiki/files/authorized_keys.mwdeploy
new file mode 100644
index 0000000..c9b0d0a
--- /dev/null
+++ b/modules/mediawiki/files/authorized_keys.mwdeploy
@@ -0,0 +1 @@
+# Placeholder.
diff --git a/modules/mediawiki/manifests/users.pp 
b/modules/mediawiki/manifests/users.pp
index 3c7a3b1..5f00aef 100644
--- a/modules/mediawiki/manifests/users.pp
+++ b/modules/mediawiki/manifests/users.pp
@@ -37,12 +37,33 @@
 
     user { 'mwdeploy':
         ensure     => present,
-        shell      => '/bin/false',
-        home       => '/var/lib/mwdeploy',
+        shell      => '/bin/bash',
+        home       => '/home/mwdeploy',
         system     => true,
         managehome => true,
     }
 
+    file { '/home/mwdeploy':
+        ensure => directory,
+        owner  => 'mwdeploy',
+        group  => 'mwdeploy',
+        mode   => '0755',
+    }
+
+    file { '/home/mwdeploy/.ssh':
+        ensure => directory,
+        owner  => 'mwdeploy',
+        group  => 'mwdeploy',
+        mode   => '0500',
+    }
+
+    file { '/home/mwdeploy/.ssh/authorized_keys':
+        source  => 'puppet:///modules/mediawiki/authorized_keys.mwdeploy',
+        owner   => 'mwdeploy',
+        group   => 'mwdeploy',
+        mode    => '0400',
+    }
+
 
     # The l10nupdate account is used for updating the localisation files
     # with new interface message translations.

-- 
To view, visit https://gerrit.wikimedia.org/r/172911
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2523a13b99687f0c2ad2da2cd73a66abffe037b6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ori.livneh <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Ori.livneh <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to