Alexandros Kosiaris has uploaded a new change for review. https://gerrit.wikimedia.org/r/234273
Change subject: maps: ensure PostgreSQL's logs as maps-admin ...................................................................... maps: ensure PostgreSQL's logs as maps-admin Ensure postgresql logs as maps-admin to allow maps-admin to read them Rely on logrotate's copytruncate policy for postgres for the rest of the log files in /var/log/postgresql We should find a better way of doing this. Abandoned efforts include: * sudo => wait to complex to right a good rule that does not make people's lives miserable but still works * adding adm group to maps-admins groups => not really possible with our current admin module or the puppet group resource. The puppet group resource provider on linux (groupadd) does not support the manages_members feature: https://docs.puppetlabs.com/references/latest/type.html#group-provider-features The admin module does not allow us to add people in groups on a per host basis. This means groups are global and that was a design goal back then. Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22 --- M manifests/role/maps.pp 1 file changed, 14 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/73/234273/1 diff --git a/manifests/role/maps.pp b/manifests/role/maps.pp index 518d6e1..cc7e3ec 100644 --- a/manifests/role/maps.pp +++ b/manifests/role/maps.pp @@ -69,6 +69,13 @@ mode => '0400', content => template('maps/grants.cql.erb'), } + # TODO: Figure out a better way to do this + # Ensure postgresql logs as maps-admin to allow maps-admin to read them + # Rely on logrotate's copytruncate policy for postgres for the rest of the + # log file + file { '/var/log/postgresql/postgresql-9.4-main.log': + group => 'maps-admin', + } } class role::maps::slave { @@ -98,4 +105,11 @@ mode => '0444', source => 'puppet:///files/postgres/tuning.conf', } + # TODO: Figure out a better way to do this + # Ensure postgresql logs as maps-admin to allow maps-admin to read them + # Rely on logrotate's copytruncate policy for postgres for the rest of the + # log file + file { '/var/log/postgresql/postgresql-9.4-main.log': + group => 'maps-admin', + } } -- To view, visit https://gerrit.wikimedia.org/r/234273 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
