Giuseppe Lavagetto has submitted this change and it was merged.
Change subject: add admin group 'wikidata query service deployers'
......................................................................
add admin group 'wikidata query service deployers'
As explained by Joe in the ticket, we need a new
admin group for Wikidata Query Service deployers and
grant it sudo rights to start/stop/restart the wqds service.
Per Smalyshev there will be two services, wdqs-blazegraph and
wdqs-update are the suggested names.
We are also adding journalctl for access to logs.
Bug:T105185
Change-Id: I4c19134e652f71e4da6df92bb75d235725d9ac24
---
M hieradata/hosts/tin.yaml
M hieradata/role/common/wdqs.yaml
M manifests/site.pp
M modules/admin/data/data.yaml
4 files changed, 11 insertions(+), 1 deletion(-)
Approvals:
Giuseppe Lavagetto: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/hosts/tin.yaml b/hieradata/hosts/tin.yaml
index ab037c0..ef9a7b9 100644
--- a/hieradata/hosts/tin.yaml
+++ b/hieradata/hosts/tin.yaml
@@ -7,4 +7,5 @@
- deployment
- parsoid-admin
- ocg-render-admins
+ - wdqs-admins
cluster: misc
diff --git a/hieradata/role/common/wdqs.yaml b/hieradata/role/common/wdqs.yaml
index 6fd47d7..396117b 100644
--- a/hieradata/role/common/wdqs.yaml
+++ b/hieradata/role/common/wdqs.yaml
@@ -1,2 +1,5 @@
wdqs::gui::log_aggregator: 'logstash1001.eqiad.wmnet'
wdqs::updater::options: '-n wdq -- -b 500'
+admin::groups:
+ - wdqs-admins
+cluster: wdqs
diff --git a/manifests/site.pp b/manifests/site.pp
index df7fc39..8ca448f 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2372,7 +2372,6 @@
# Wikidata query service
node /^wdqs100[1-2]\.eqiad\.wmnet$/ {
- $cluster = 'wdqs'
role wdqs
include standard
}
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index 71eb227..bcfcd5e 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -336,6 +336,13 @@
members: [yurik, maxsem]
privileges: ['ALL = NOPASSWD: /usr/sbin/service kartotherian *',
'ALL = (kartotherian) NOPASSWD: ALL']
+ wdqs-admins:
+ gid: 755
+ description: Admins for the WikiData Query Service project
+ members: [smalyshev, jdouglas]
+ privileges: ['ALL = NOPASSWD: /usr/sbin/service wdqs-blazegraph *',
+ 'ALL = NOPASSWD: /usr/sbin/service wdqs-updater *',
+ 'ALL = NOPASSWD: /bin/journalctl *']
users:
rush:
--
To view, visit https://gerrit.wikimedia.org/r/223984
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I4c19134e652f71e4da6df92bb75d235725d9ac24
Gerrit-PatchSet: 8
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Jdouglas <[email protected]>
Gerrit-Reviewer: Smalyshev <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
