Ori.livneh has submitted this change and it was merged.
Change subject: Add tmpreaper module
......................................................................
Add tmpreaper module
Adds a tmpreaper module with two custom resource types:
* tmpreaper::dir adds a directory to the set of directories which are 'reaped'
by tmpreaper during its daily cron run. It does so by appending the directory
to TMPREAPER_DIRS in /etc/tmpreaper.conf.
* tmpreaper::reap allows a path to be reaped by Puppet, like Puppet's native
'tidy' resource, except not insanely broken. This may be used when the age
setting or other settings in /etc/tmpreaper.conf (which are applied to all
directories) are not optimal for the given path.
Change-Id: Ibc013bbf58340664213273bbb97954e5a1e08f9c
---
A modules/tmpreaper/manifests/dir.pp
A modules/tmpreaper/manifests/init.pp
A modules/tmpreaper/manifests/reap.pp
A modules/tmpreaper/templates/args.erb
4 files changed, 125 insertions(+), 0 deletions(-)
Approvals:
Ori.livneh: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/tmpreaper/manifests/dir.pp
b/modules/tmpreaper/manifests/dir.pp
new file mode 100644
index 0000000..9e66174
--- /dev/null
+++ b/modules/tmpreaper/manifests/dir.pp
@@ -0,0 +1,39 @@
+# == Define: tmpreaper::dir
+#
+# Add a directory to the set of directories purged by tmpreaper's
+# daily cron script.
+#
+# === Parameters
+#
+# [*ensure*]
+# 'present' means that the directory will be managed by tmpreaper;
+# 'absent' means it will not be. The value of this parameter does
+# not create or destroy the directory on disk.
+#
+# [*path*]
+# Path to tidy. Defaults to the resource name.
+#
+# === Example
+#
+# tmpreaper::dir { '/tmp':
+# ensure => present,
+# }
+#
+define tmpreaper::dir(
+ $ensure = present,
+ $path = $name,
+) {
+ include ::tmpreaper
+
+ validate_absolute_path($path)
+
+ $safe_name = regsubst($title, '\W', '-', 'G')
+ $safe_path = regsubst($path, '/?$', '/')
+
+ file_line { "tmpreaper_dir_${safe_name}":
+ ensure => $ensure,
+ line => "TMPREAPER_DIRS=\"\${TMPREAPER_DIRS} ${safe_path}.\"",
+ path => '/etc/tmpreaper.conf',
+ require => Package['tmpreaper'],
+ }
+}
diff --git a/modules/tmpreaper/manifests/init.pp
b/modules/tmpreaper/manifests/init.pp
new file mode 100644
index 0000000..511b945
--- /dev/null
+++ b/modules/tmpreaper/manifests/init.pp
@@ -0,0 +1,24 @@
+# == Class: tmpreaper
+#
+# This module provides a simple custom resource type for using
+# tmpreaper. tmpreaper recursively searches for and removes files
+# and empty directories which haven't been accessed for a period
+# time.
+#
+class tmpreaper {
+ package { 'tmpreaper':
+ ensure => present,
+ }
+
+ # tmpreaper's cron.daily script declines to run unless the line
+ # below is removed from its config file, indicating that the user
+ # understands the security implications of having tmpreaper run
+ # automatically. See /usr/share/doc/tmpreaper/README.security.gz .
+
+ file_line { 'load_env_enabled':
+ ensure => absent,
+ line => 'SHOWWARNING=true',
+ path => '/etc/tmpreaper.conf',
+ require => Package['tmpreaper'],
+ }
+}
diff --git a/modules/tmpreaper/manifests/reap.pp
b/modules/tmpreaper/manifests/reap.pp
new file mode 100644
index 0000000..f92bc57
--- /dev/null
+++ b/modules/tmpreaper/manifests/reap.pp
@@ -0,0 +1,55 @@
+# == Define: tmpreaper::reap
+#
+# Purge a directory hierarchy of files that have not been accessed in
+# a given period of time. Like `puppet::tidy`, but fast and secure.
+#
+# === Parameters
+#
+# [*path*]
+# Path to tidy. Defaults to the resource name.
+#
+# [*age*]
+# Defines the age threshold for removing files. If the file has not been
+# accessed for <$age>, it becomes eligible for removal. The value should
+# be a number suffixed by one character: 'd' for days, 'h' for hours, 'm'
+# for minutes, or 's' for seconds. Defaults to '7d'.
+#
+# [*include_symlinks*]
+# If true, remove symlinks too, not just regular files and directories.
+# False by default.
+#
+# [*include_all*]
+# If true, remove all file types, not just regular files, symlinks, and
+# directories. Defaults to false.
+#
+# [*protect*]
+# An optional array of shell patterns specifying files that should be
+# protected from deletion.
+#
+# === Example
+#
+# tmpreaper::reap { '/tmp':
+# age => '1d',
+# protect => ['*.log'],
+# include_symlinks => true,
+# }
+#
+define tmpreaper::reap(
+ $path = $name,
+ $age = '7d',
+ $protect = [],
+ $include_symlinks = false,
+ $include_all = false,
+) {
+ include ::tmpreaper
+
+ validate_re($age, '^\d+[smhd]$')
+ validate_absolute_path($path)
+
+ $args = template('tmpreaper/args.erb')
+
+ exec { "/usr/sbin/tmpreaper ${args}":
+ onlyif => "/usr/sbin/tmpreaper --test ${args} 2>&1 | /bin/grep -q
remove",
+ require => Package['tmpreaper'],
+ }
+}
diff --git a/modules/tmpreaper/templates/args.erb
b/modules/tmpreaper/templates/args.erb
new file mode 100644
index 0000000..040eeb0
--- /dev/null
+++ b/modules/tmpreaper/templates/args.erb
@@ -0,0 +1,7 @@
+<%= args = []
+ args.push('--symlinks') if @include_symlinks
+ args.push('--all') if @include_all
+ args.concat(@protect.map { |p| ['--protect', p] })
+ args.push(@age, @path)
+ args.map! { |arg| arg.gsub(/([^A-Za-z0-9_\-.,:\/@\n])/n,
"\\\\\\1").gsub(/\n/, "'\n'") }
+ args.join(' ').strip -%>
--
To view, visit https://gerrit.wikimedia.org/r/169935
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibc013bbf58340664213273bbb97954e5a1e08f9c
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ori.livneh <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Ori.livneh <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
