coren has submitted this change and it was merged.
Change subject: Tools: Only update ssh configuration when necessary
......................................................................
Tools: Only update ssh configuration when necessary
At the moment /etc/security/access.conf, /etc/ssh/shosts.equiv and
/etc/ssh/ssh_known_hosts are regenerated on every Puppet run making
the log a bit more convoluted than necessary. This change only
regenerates them when either the constituting source files or their
directory (to catch deletions) are newer than each generated file.
Change-Id: I6c457e787b16c1187e9c7958aa351c6cddf37479
---
M modules/toollabs/manifests/hba.pp
M modules/toollabs/manifests/init.pp
2 files changed, 3 insertions(+), 0 deletions(-)
Approvals:
coren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/toollabs/manifests/hba.pp
b/modules/toollabs/manifests/hba.pp
index 2d0ff38..3747ec4 100644
--- a/modules/toollabs/manifests/hba.pp
+++ b/modules/toollabs/manifests/hba.pp
@@ -23,6 +23,7 @@
exec { 'make-shosts':
command => '/usr/local/sbin/project-make-shosts
>/etc/ssh/shosts.equiv~',
require => File['/usr/local/sbin/project-make-shosts'],
+ onlyif => "/usr/bin/test -n \"\$(/usr/bin/find
/data/project/.system/store -maxdepth 1 \\( -type d -or -type f -name
submithost-\\* \\) -newer /etc/ssh/shosts.equiv~)\"",
}
file { '/etc/ssh/shosts.equiv':
@@ -45,6 +46,7 @@
exec { 'make-access':
command => '/usr/local/sbin/project-make-access
>/etc/security/access.conf~',
require => File['/usr/local/sbin/project-make-access'],
+ onlyif => "/usr/bin/test -n \"\$(/usr/bin/find
/data/project/.system/store -maxdepth 1 \\( -type d -or -type f -name
submithost-\\* \\) -newer /etc/security/access.conf~)\"",
}
File <| title == '/etc/security/access.conf' |> {
diff --git a/modules/toollabs/manifests/init.pp
b/modules/toollabs/manifests/init.pp
index 0a309a1..7a28f2f 100644
--- a/modules/toollabs/manifests/init.pp
+++ b/modules/toollabs/manifests/init.pp
@@ -57,6 +57,7 @@
exec { 'make_known_hosts':
command => "/bin/cat ${store}/hostkey-* >/etc/ssh/ssh_known_hosts~",
require => File[$store],
+ onlyif => "/usr/bin/test -n \"\$(/usr/bin/find ${store} -maxdepth 1
\\( -type d -or -type f -name hostkey-\\* \\) -newer
/etc/ssh/ssh_known_hosts~)\"",
}
file { '/etc/ssh/ssh_known_hosts':
--
To view, visit https://gerrit.wikimedia.org/r/145441
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6c457e787b16c1187e9c7958aa351c6cddf37479
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
