[MediaWiki-commits] [Gerrit] dataset: move system user creation to module - change (operations/puppet)

Faidon Liambotis (Code Review) Fri, 16 Oct 2015 06:17:40 -0700

Faidon Liambotis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/246825


Change subject: dataset: move system user creation to module
......................................................................

dataset: move system user creation to module

The "datasets" user/group creation/maintainance has been wildly
inconsistent to say the least:
- It was created by role::dataset::systemusers which is clearly not a
  role.
- The class was applied by site.pp, although User['datasets'] was
  actually required upon by role::dataset::pagecountsraw which was in
  turn included by role::dataset::primary.
- The class dataset::dirs, included by dataset::html, included by class
  dataset (over at the dataset module, *not* the role), is actually
  hardcoded to use the user "datasets" so it actually requires
  role::dataset::systemusers to have been applied before, although there
  is no formal dependency (so it's broken puppet code)
- All the cronjobs have a $user parameter which defaulted to "datasets",
  except one, which defaulted to undef. All of the callsites passed the
  parameter to set it to "datasets", although in all but one cases it
  was superfluous.

Create a dataset::user and move the user/group creation there as it is
(despite being broken in other ways, see the FIXME); require it from the
main dataset class and remove the non-role role class.

Change-Id: Iba922bc3f3f97c72a839fc5a1ef932ec783b5e17
---
M manifests/role/dataset.pp
M manifests/role/logging.pp
M manifests/role/snapshot.pp
M manifests/site.pp
M modules/dataset/manifests/cron/pagecountsraw.pp
M modules/dataset/manifests/init.pp
A modules/dataset/manifests/user.pp
7 files changed, 27 insertions(+), 34 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/25/246825/1

diff --git a/manifests/role/dataset.pp b/manifests/role/dataset.pp
index 657c528..2a0b1ef 100644
--- a/manifests/role/dataset.pp
+++ b/manifests/role/dataset.pp
@@ -3,9 +3,7 @@
 class role::dataset::pagecountsraw($enable = true) {
     class { '::dataset::cron::pagecountsraw':
         enable  => $enable,
-        user    => 'datasets',
         source  => 'stat1002.eqiad.wmnet::hdfs-archive/pagecounts-raw/*/*/',
-        require =>  User['datasets'],
     }
 }
 
@@ -21,7 +19,6 @@
     class { '::dataset::cron::pagecounts_all_sites':
         source =>  'stat1002.eqiad.wmnet::hdfs-archive/pagecounts-all-sites',
         enable => $enable,
-        user   => 'datasets',
     }
 }
 
@@ -37,7 +34,6 @@
     class { '::dataset::cron::mediacounts':
         source =>  'stat1002.eqiad.wmnet::hdfs-archive/mediacounts',
         enable => $enable,
-        user   => 'datasets',
     }
 }
 
@@ -96,28 +92,3 @@
     }
     class { 'role::dataset::pagecountsraw': enable => false }
 }
-
-
-# FIXME: this clearly not a role.
-class role::dataset::systemusers {
-
-    group { 'datasets':
-        ensure => present,
-        name   => 'datasets',
-        system => true,
-    }
-
-    user { 'datasets':
-        uid        => 10003,
-        home       => '/home/datasets',
-        shell      => '/bin/bash',
-        managehome => true,
-        system     => true,
-    }
-
-    ssh::userkey { 'datasets':
-        ensure  => present,
-        content => 'ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEAuLqmSdltCJzltgEin2j/72k/g7RroS1SE+Tvfh2JRPs2PhWweOJ+omtVp4x+YFNCGBg5wW2GaUnyZkUY0ARzv59aNLsGg87aCCY3J1oAudQ7b+yjrEaE8QebYDPmGTXRDV2osPbXf5UFTzl/O350vRy4q6UHRH+StflSOKhvundwf9QAs2RXNd+96kRe+r8YRcMBGmaJFX3OD9U+Z+gZID8knTvBceVGibEsnYKhHLXLYvMkQF3RfBuZHSsWZiiiXajlcutrLTo8eoG1nCj/FLK1slEXzgopcXEBiX1/LQAGXjgUVF7WmnKZELVCabqY6Qbk+qcmpaM8dL50P4WNdw==
 datasets',
-    }
-}
-
diff --git a/manifests/role/logging.pp b/manifests/role/logging.pp
index 8cfb97c..15ade6d 100644
--- a/manifests/role/logging.pp
+++ b/manifests/role/logging.pp
@@ -17,7 +17,7 @@
 
     # Rsync archived slow-parse logs to dumps.wikimedia.org.
     # These are available for download at 
http://dumps.wikimedia.org/other/slow-parse/
-    include role::dataset::systemusers
+    include ::dataset::user
     cron { 'rsync_slow_parse':
         command     => '/usr/bin/rsync -rt 
/a/mw-log/archive/slow-parse.log*.gz dumps.wikimedia.org::slow-parse/',
         hour        => 23,
diff --git a/manifests/role/snapshot.pp b/manifests/role/snapshot.pp
index 41e2bc0..6d15a58 100644
--- a/manifests/role/snapshot.pp
+++ b/manifests/role/snapshot.pp
@@ -1,5 +1,5 @@
 class role::snapshot::common {
-    include role::dataset::systemusers
+    include ::dataset::user
     include base::firewall
 
     # Allow SSH from deployment hosts
diff --git a/manifests/site.pp b/manifests/site.pp
index 2232770..bd25021 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -500,7 +500,7 @@
 
 node 'dataset1001.wikimedia.org' {
 
-    role dataset::systemusers, dataset::primary, dumps
+    role dataset::primary, dumps
     include standard
     include base::firewall
 
@@ -1864,7 +1864,7 @@
 node 'ms1001.wikimedia.org' {
     $cluster = 'misc'
 
-    role dataset::systemusers, dataset::secondary, dumps
+    role dataset::secondary, dumps
     include standard
     include base::firewall
 
diff --git a/modules/dataset/manifests/cron/pagecountsraw.pp 
b/modules/dataset/manifests/cron/pagecountsraw.pp
index 0ca1a2b..d04f0a0 100644
--- a/modules/dataset/manifests/cron/pagecountsraw.pp
+++ b/modules/dataset/manifests/cron/pagecountsraw.pp
@@ -1,7 +1,7 @@
 class dataset::cron::pagecountsraw(
     $enable = true,
-    $user   = undef,
     $source = undef,
+    $user   = 'datasets',
 ) {
 
     if ($enable) {
diff --git a/modules/dataset/manifests/init.pp 
b/modules/dataset/manifests/init.pp
index 3d7a2d2..2afa116 100644
--- a/modules/dataset/manifests/init.pp
+++ b/modules/dataset/manifests/init.pp
@@ -18,6 +18,7 @@
     ) {
 
     include dataset::common
+    require dataset::user
 
     $rsync_public_enable = has_key($rsync,'public')
     class { 'dataset::rsync::public': enable => $rsync_public_enable }
diff --git a/modules/dataset/manifests/user.pp 
b/modules/dataset/manifests/user.pp
new file mode 100644
index 0000000..7ffb840
--- /dev/null
+++ b/modules/dataset/manifests/user.pp
@@ -0,0 +1,21 @@
+class dataset::user {
+    # FIXME: wrong (non-system) uid, wrong gid, wrong (non-system) home dir
+    user { 'datasets':
+        uid        => 10003,
+        home       => '/home/datasets',
+        shell      => '/bin/bash',
+        managehome => true,
+        system     => true,
+    }
+
+    group { 'datasets':
+        ensure => present,
+        name   => 'datasets',
+        system => true,
+    }
+
+    ssh::userkey { 'datasets':
+        ensure  => present,
+        content => 'ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEAuLqmSdltCJzltgEin2j/72k/g7RroS1SE+Tvfh2JRPs2PhWweOJ+omtVp4x+YFNCGBg5wW2GaUnyZkUY0ARzv59aNLsGg87aCCY3J1oAudQ7b+yjrEaE8QebYDPmGTXRDV2osPbXf5UFTzl/O350vRy4q6UHRH+StflSOKhvundwf9QAs2RXNd+96kRe+r8YRcMBGmaJFX3OD9U+Z+gZID8knTvBceVGibEsnYKhHLXLYvMkQF3RfBuZHSsWZiiiXajlcutrLTo8eoG1nCj/FLK1slEXzgopcXEBiX1/LQAGXjgUVF7WmnKZELVCabqY6Qbk+qcmpaM8dL50P4WNdw==
 datasets',
+    }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/246825
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iba922bc3f3f97c72a839fc5a1ef932ec783b5e17
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] dataset: move system user creation to module - change (operations/puppet)

Reply via email to