Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/179079
Change subject: install-server: remove pre-precise/squid 2 compat
......................................................................
install-server: remove pre-precise/squid 2 compat
Change-Id: I867d8654c019b396835800be95bff2bfba5049da
---
M manifests/role/install-server.pp
D modules/install-server/files/squid-apt-proxy.conf
D modules/install-server/files/squid-logrotate
M modules/install-server/manifests/caching-proxy.pp
M modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
5 files changed, 16 insertions(+), 150 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/79/179079/1
diff --git a/manifests/role/install-server.pp b/manifests/role/install-server.pp
index d6be319..eca9843 100644
--- a/manifests/role/install-server.pp
+++ b/manifests/role/install-server.pp
@@ -84,26 +84,10 @@
]
backup::set { $sets : }
- # pin package to the default, Ubuntu version, instead of our own
- if $::lsbdistid == 'Ubuntu' and versioncmp($::lsbdistrelease, '12.04') >=
0 {
- $pinned_packages = [
- 'squid3',
- 'squid-common3',
- 'squid-langpack',
- ]
- $before_package = 'squid3'
- } else {
- $pinned_packages = [
- 'squid',
- 'squid-common',
- 'squid-langpack',
- ]
- $before_package = 'squid'
- }
- apt::pin { $pinned_packages:
+ apt::pin { [ 'squid3', 'squid-common3', 'squid-langpack' ]:
pin => 'release o=Ubuntu',
priority => '1001',
- before => Package[$before_package],
+ before => Package['squid3'],
}
# Monitoring
diff --git a/modules/install-server/files/squid-apt-proxy.conf
b/modules/install-server/files/squid-apt-proxy.conf
deleted file mode 100644
index 12406dc..0000000
--- a/modules/install-server/files/squid-apt-proxy.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-####################################################################
-
-http_port 8080
-hierarchy_stoplist cgi-bin ?
-acl QUERY urlpath_regex cgi-bin \?
-cache deny QUERY
-acl apache rep_header Server ^Apache
-broken_vary_encoding allow apache
-cache_replacement_policy heap LFUDA
-cache_dir aufs /var/spool/squid 1000 16 256
-access_log none
-cache_store_log none
-hosts_file /etc/hosts
-refresh_pattern ^ftp: 1440 20% 10080
-refresh_pattern ^gopher: 1440 0% 1440
-refresh_pattern . 0 20% 4320
-acl all src 0.0.0.0/0.0.0.0
-acl manager proto cache_object
-acl localhost src 127.0.0.1/255.255.255.255
-acl to_localhost dst 127.0.0.0/8
-acl SSL_ports port 443 563 # https, snews
-acl SSL_ports port 873 # rsync
-acl Safe_ports port 80 # http
-acl Safe_ports port 21 # ftp
-acl Safe_ports port 443 563 # https, snews
-acl Safe_ports port 70 # gopher
-acl Safe_ports port 210 # wais
-acl Safe_ports port 1025-65535 # unregistered ports
-acl Safe_ports port 280 # http-mgmt
-acl Safe_ports port 488 # gss-http
-acl Safe_ports port 591 # filemaker
-acl Safe_ports port 777 # multiling http
-acl Safe_ports port 631 # cups
-acl Safe_ports port 873 # rsync
-acl Safe_ports port 901 # SWAT
-acl purge method PURGE
-acl CONNECT method CONNECT
-# TODO: Fix this to use templates and be populated from network.pp
-acl wikimedia src 208.80.152.0/22
-acl wikimedia src 91.198.174.0/24
-acl wikimedia src 198.35.26.0/23
-acl wikimedia src 185.15.56.0/22
-acl wikimedia src 10.0.0.0/8
-http_access allow manager localhost
-http_access deny manager
-http_access allow purge localhost
-http_access deny purge
-http_access deny !Safe_ports
-http_access deny CONNECT !SSL_ports
-http_access allow localhost
-http_access allow wikimedia
-http_access deny all
-http_reply_access allow all
-icp_access deny all
-cache_effective_user proxy
-cache_effective_group proxy
-coredump_dir /var/spool/squid
diff --git a/modules/install-server/files/squid-logrotate
b/modules/install-server/files/squid-logrotate
deleted file mode 100644
index d810a59..0000000
--- a/modules/install-server/files/squid-logrotate
+++ /dev/null
@@ -1,21 +0,0 @@
-#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-#####################################################################
-#
-# Logrotate fragment for squid.
-#
-/var/log/squid/*.log {
- daily
- compress
- size 300M
- rotate 0
- missingok
- nocreate
- sharedscripts
- prerotate
- test ! -x /usr/sbin/sarg-reports || /usr/sbin/sarg-reports
- endscript
- postrotate
- test ! -e /var/run/squid.pid || /usr/sbin/squid -k rotate
- endscript
-}
diff --git a/modules/install-server/manifests/caching-proxy.pp
b/modules/install-server/manifests/caching-proxy.pp
index 6830afd..2d11da4 100644
--- a/modules/install-server/manifests/caching-proxy.pp
+++ b/modules/install-server/manifests/caching-proxy.pp
@@ -13,44 +13,31 @@
# include install-server::caching-proxy
class install-server::caching-proxy {
- if $::lsbdistid == 'Ubuntu' and versioncmp($::lsbdistrelease, '12.04') >=
0 {
- $confdir = '/etc/squid3'
- $package_name = 'squid3'
- $service_name = 'squid3'
- } else {
- $confdir = '/etc/squid'
- $package_name = 'squid'
- $service_name = 'squid'
- }
-
- file { "${confdir}/squid.conf":
+ file { '/etc/squid3/squid.conf':
ensure => present,
- require => Package[$package_name],
mode => '0444',
owner => 'root',
group => 'root',
- source =>
"puppet:///modules/install-server/${package_name}-apt-proxy.conf",
+ source => 'puppet:///modules/install-server/squid3-apt-proxy.conf',
+ require => Package['squid3'],
}
- file { "/etc/logrotate.d/${package_name}":
+ file { '/etc/logrotate.d/squid3':
ensure => present,
- require => Package[$package_name],
mode => '0444',
owner => 'root',
group => 'root',
- source =>
"puppet:///modules/install-server/${package_name}-logrotate",
+ source => 'puppet:///modules/install-server/squid3-logrotate',
+ require => Package['squid3'],
}
- package { $package_name:
- ensure => latest,
+ package { 'squid3':
+ ensure => installed,
}
- service { $service_name:
- ensure => running,
- require => [
- File["${confdir}/squid.conf"],
- Package[$package_name]
- ],
- subscribe => File["${confdir}/squid.conf"],
+ service { 'squid3':
+ ensure => running,
+ require => [ Package['squid3'], File['/etc/squid3/squid.conf'] ],
+ subscribe => File['/etc/squid3/squid.conf'],
}
}
diff --git
a/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
b/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
index 954e1c1..aa3a647 100644
--- a/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
+++ b/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
@@ -1,33 +1,8 @@
require 'spec_helper'
describe 'install-server::caching-proxy', :type => :class do
- let(:facts) { { :lsbdistid => 'Ubuntu', :lsbdistrelease => '10.04' } }
-
- it 'should have squid with Ubuntu < 12.04' do
- contain_package('squid').with_ensure('latest')
- contain_service('squid').with_ensure('running')
-
- should contain_file('/etc/squid/squid.conf').with({
- 'ensure' => 'present',
- 'mode' => '0444',
- 'owner' => 'root',
- 'group' => 'root',
- }).without_path()
-
- should contain_file('/etc/logrotate.d/squid').with({
- 'ensure' => 'present',
- 'mode' => '0444',
- 'owner' => 'root',
- 'group' => 'root',
- }).without_path()
- end
-end
-
-describe 'install-server::caching-proxy', :type => :class do
- let(:facts) { { :lsbdistid => 'Ubuntu', :lsbdistrelease => '12.04' } }
-
- it 'should have squid with Ubuntu >= 12.04' do
- contain_package('squid3').with_ensure('latest')
+ it 'should have squid' do
+ contain_package('squid3').with_ensure('present')
contain_service('squid3').with_ensure('running')
should contain_file('/etc/squid3/squid.conf').with({
--
To view, visit https://gerrit.wikimedia.org/r/179079
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I867d8654c019b396835800be95bff2bfba5049da
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
