coren has submitted this change and it was merged.
Change subject: contint: tmpfs is now root:root and world writable
......................................................................
contint: tmpfs is now root:root and world writable
When enabling the tmpfs on labs instances, we found out that the instance
ends up deadlocked upon reboot. The jenkins-slave user is not known to
the bootup mount command since it is only in LDAP.
Instead, change the contint tmpfs to be owned by root:root, world
writable and with prevent deletion bit set (1777).
The file {} directive does not set any user/group/mode to prevent puppet
from changing them after the tmpfs has been mounted.
Bug: T76250
Change-Id: I4713ff77a7835ec5cd1dc000c85198732e40ed64
---
M manifests/role/ci.pp
M modules/contint/manifests/tmpfs.pp
2 files changed, 6 insertions(+), 19 deletions(-)
Approvals:
coren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/ci.pp b/manifests/role/ci.pp
index 7d274e2..a0fe233 100644
--- a/manifests/role/ci.pp
+++ b/manifests/role/ci.pp
@@ -165,8 +165,6 @@
}
contint::tmpfs { 'tmpfs for jenkins CI slave':
- user => 'jenkins-slave',
- group => 'jenkins-slave',
mount_point => '/var/lib/jenkins-slave/tmpfs',
size => '512M',
}
@@ -344,13 +342,7 @@
include role::ci::slave::labs::common
/**
- * FIXME breaks puppet because jenkins-deploy is not known
- * by puppet since it is provided via LDAP.
- */
- /**
contint::tmpfs { 'tmpfs for jenkins CI slave':
- user => 'jenkins-deploy',
- group => 'wikidev',
# Jobs expect the tmpfs to be in $HOME/tmpfs
mount_point => '/home/jenkins-deploy/tmpfs',
size => '128M',
diff --git a/modules/contint/manifests/tmpfs.pp
b/modules/contint/manifests/tmpfs.pp
index 2a030f5..8dd91f4 100644
--- a/modules/contint/manifests/tmpfs.pp
+++ b/modules/contint/manifests/tmpfs.pp
@@ -1,8 +1,7 @@
-# Wikimedia uses a small tmpfs disk to help soften I/O on the contint server.
-# A typical use cases are the MediaWiki sqlite files
+# Use a small tmpfs disk to help soften I/O on the contint slaves.
+# A typical use case is speeding up interaction with MediaWiki
+# sqlite database files in Jenkins jobs.
define contint::tmpfs(
- $user = 'jenkins',
- $group = 'jenkins',
$mount_point = '/var/lib/jenkins/tmpfs',
$size = '512M',
) {
@@ -10,19 +9,15 @@
# Setup tmpfs to write SQLite files to
file { $mount_point:
ensure => directory,
- mode => '0755',
- owner => $user,
- group => $group,
- require => [ User[$user], Group[$group] ],
+ # user/group/mode set by mount
}
mount { $mount_point:
ensure => mounted,
device => 'tmpfs',
fstype => 'tmpfs',
- options =>
"noatime,defaults,size=${size},mode=755,uid=${user},gid=${group}",
- require => [ User[$user], Group[$group],
- File[$mount_point] ],
+ options => "noatime,defaults,size=${size},mode=1777",
+ require => File[$mount_point],
}
}
--
To view, visit https://gerrit.wikimedia.org/r/173511
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I4713ff77a7835ec5cd1dc000c85198732e40ed64
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Krinkle <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
