Yuvipanda has submitted this change and it was merged.
Change subject: Tools: Puppetize missing intermediate directory
......................................................................
Tools: Puppetize missing intermediate directory
Currently on a submit host, crontabs are backed up to
/data/project/.system/crontabs/$fqdn, but the parent directory
/data/project/.system/crontabs is not puppetized. This change fixes
this.
On Tools, the directory currently has the setgid bit set:
| scfc@tools-submit:~$ ls -dl /data/project/.system/crontabs
| drwxrws--- 5 root tools.admin 4096 Jun 19 14:36 /data/project/.system/crontabs
| scfc@tools-submit:~$
This appears to have been an oversight and is fixed by this change as
well. Also, this change replaces the hardcoding of tools.admin as the
owning group for the directories with the admin group of the specific
project.
Bug: T87387
Change-Id: I66c1e60c0a52d7abbab1275b44f429c105634b27
---
M modules/toollabs/manifests/submit.pp
1 file changed, 7 insertions(+), 1 deletion(-)
Approvals:
Yuvipanda: Verified; Looks good to me, approved
Merlijn van Deen: Looks good to me, but someone else must approve
diff --git a/modules/toollabs/manifests/submit.pp
b/modules/toollabs/manifests/submit.pp
index 456c217..ffc7a6d 100644
--- a/modules/toollabs/manifests/submit.pp
+++ b/modules/toollabs/manifests/submit.pp
@@ -74,11 +74,17 @@
}
# Backup crontabs! See https://phabricator.wikimedia.org/T95798
+ file { '/data/project/.system/crontabs':
+ ensure => directory,
+ owner => 'root',
+ group => "${::labsproject}.admin",
+ mode => '0770',
+ }
file { "/data/project/.system/crontabs/${::fqdn}":
ensure => directory,
source => '/var/spool/cron/crontabs',
owner => 'root',
- group => 'tools.admin',
+ group => "${::labsproject}.admin",
mode => '0440',
recurse => true,
}
--
To view, visit https://gerrit.wikimedia.org/r/232886
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I66c1e60c0a52d7abbab1275b44f429c105634b27
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <[email protected]>
Gerrit-Reviewer: Merlijn van Deen <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits