ArielGlenn has submitted this change and it was merged.
Change subject: dataset: move system user creation to module
......................................................................
dataset: move system user creation to module
The "datasets" user/group creation/maintainance has been wildly
inconsistent to say the least:
- It was created by role::dataset::systemusers which is clearly not a
role.
- The class was applied by site.pp, although User['datasets'] was
actually required upon by role::dataset::pagecountsraw which was in
turn included by role::dataset::primary.
- The class dataset::dirs, included by dataset::html, included by class
dataset (over at the dataset module, *not* the role), is actually
hardcoded to use the user "datasets" so it actually requires
role::dataset::systemusers to have been applied before, although there
is no formal dependency (so it's broken puppet code)
- All the cronjobs have a $user parameter which defaulted to "datasets",
except one, which defaulted to undef. All of the callsites passed the
parameter to set it to "datasets", although in all but one cases it
was superfluous.
Create a dataset::user and move the user/group creation there as it is
(despite being broken in other ways, see the FIXME); require it from the
main dataset class and remove the non-role role class.
Change-Id: Iba922bc3f3f97c72a839fc5a1ef932ec783b5e17
---
M manifests/role/dataset.pp
M manifests/role/logging.pp
M manifests/role/snapshot.pp
M manifests/site.pp
M modules/dataset/manifests/cron/pagecountsraw.pp
M modules/dataset/manifests/init.pp
A modules/dataset/manifests/user.pp
7 files changed, 27 insertions(+), 34 deletions(-)
Approvals:
ArielGlenn: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/dataset.pp b/manifests/role/dataset.pp
index 657c528..2a0b1ef 100644
--- a/manifests/role/dataset.pp
+++ b/manifests/role/dataset.pp
@@ -3,9 +3,7 @@
class role::dataset::pagecountsraw($enable = true) {
class { '::dataset::cron::pagecountsraw':
enable => $enable,
- user => 'datasets',
source => 'stat1002.eqiad.wmnet::hdfs-archive/pagecounts-raw/*/*/',
- require => User['datasets'],
}
}
@@ -21,7 +19,6 @@
class { '::dataset::cron::pagecounts_all_sites':
source => 'stat1002.eqiad.wmnet::hdfs-archive/pagecounts-all-sites',
enable => $enable,
- user => 'datasets',
}
}
@@ -37,7 +34,6 @@
class { '::dataset::cron::mediacounts':
source => 'stat1002.eqiad.wmnet::hdfs-archive/mediacounts',
enable => $enable,
- user => 'datasets',
}
}
@@ -96,28 +92,3 @@
}
class { 'role::dataset::pagecountsraw': enable => false }
}
-
-
-# FIXME: this clearly not a role.
-class role::dataset::systemusers {
-
- group { 'datasets':
- ensure => present,
- name => 'datasets',
- system => true,
- }
-
- user { 'datasets':
- uid => 10003,
- home => '/home/datasets',
- shell => '/bin/bash',
- managehome => true,
- system => true,
- }
-
- ssh::userkey { 'datasets':
- ensure => present,
- content => 'ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAuLqmSdltCJzltgEin2j/72k/g7RroS1SE+Tvfh2JRPs2PhWweOJ+omtVp4x+YFNCGBg5wW2GaUnyZkUY0ARzv59aNLsGg87aCCY3J1oAudQ7b+yjrEaE8QebYDPmGTXRDV2osPbXf5UFTzl/O350vRy4q6UHRH+StflSOKhvundwf9QAs2RXNd+96kRe+r8YRcMBGmaJFX3OD9U+Z+gZID8knTvBceVGibEsnYKhHLXLYvMkQF3RfBuZHSsWZiiiXajlcutrLTo8eoG1nCj/FLK1slEXzgopcXEBiX1/LQAGXjgUVF7WmnKZELVCabqY6Qbk+qcmpaM8dL50P4WNdw==
datasets',
- }
-}
-
diff --git a/manifests/role/logging.pp b/manifests/role/logging.pp
index c1070d2..739f5dd 100644
--- a/manifests/role/logging.pp
+++ b/manifests/role/logging.pp
@@ -17,7 +17,7 @@
# Rsync archived slow-parse logs to dumps.wikimedia.org.
# These are available for download at
http://dumps.wikimedia.org/other/slow-parse/
- include role::dataset::systemusers
+ include ::dataset::user
cron { 'rsync_slow_parse':
command => '/usr/bin/rsync -rt
/a/mw-log/archive/slow-parse.log*.gz dumps.wikimedia.org::slow-parse/',
hour => 23,
diff --git a/manifests/role/snapshot.pp b/manifests/role/snapshot.pp
index 41e2bc0..6d15a58 100644
--- a/manifests/role/snapshot.pp
+++ b/manifests/role/snapshot.pp
@@ -1,5 +1,5 @@
class role::snapshot::common {
- include role::dataset::systemusers
+ include ::dataset::user
include base::firewall
# Allow SSH from deployment hosts
diff --git a/manifests/site.pp b/manifests/site.pp
index bdbb032..0d081be 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -481,7 +481,7 @@
node 'dataset1001.wikimedia.org' {
- role dataset::systemusers, dataset::primary, dumps
+ role dataset::primary, dumps
include standard
include base::firewall
@@ -1807,7 +1807,7 @@
node 'ms1001.wikimedia.org' {
$cluster = 'misc'
- role dataset::systemusers, dataset::secondary, dumps
+ role dataset::secondary, dumps
include standard
include base::firewall
diff --git a/modules/dataset/manifests/cron/pagecountsraw.pp
b/modules/dataset/manifests/cron/pagecountsraw.pp
index 0ca1a2b..d04f0a0 100644
--- a/modules/dataset/manifests/cron/pagecountsraw.pp
+++ b/modules/dataset/manifests/cron/pagecountsraw.pp
@@ -1,7 +1,7 @@
class dataset::cron::pagecountsraw(
$enable = true,
- $user = undef,
$source = undef,
+ $user = 'datasets',
) {
if ($enable) {
diff --git a/modules/dataset/manifests/init.pp
b/modules/dataset/manifests/init.pp
index 3d7a2d2..2afa116 100644
--- a/modules/dataset/manifests/init.pp
+++ b/modules/dataset/manifests/init.pp
@@ -18,6 +18,7 @@
) {
include dataset::common
+ require dataset::user
$rsync_public_enable = has_key($rsync,'public')
class { 'dataset::rsync::public': enable => $rsync_public_enable }
diff --git a/modules/dataset/manifests/user.pp
b/modules/dataset/manifests/user.pp
new file mode 100644
index 0000000..7ffb840
--- /dev/null
+++ b/modules/dataset/manifests/user.pp
@@ -0,0 +1,21 @@
+class dataset::user {
+ # FIXME: wrong (non-system) uid, wrong gid, wrong (non-system) home dir
+ user { 'datasets':
+ uid => 10003,
+ home => '/home/datasets',
+ shell => '/bin/bash',
+ managehome => true,
+ system => true,
+ }
+
+ group { 'datasets':
+ ensure => present,
+ name => 'datasets',
+ system => true,
+ }
+
+ ssh::userkey { 'datasets':
+ ensure => present,
+ content => 'ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAuLqmSdltCJzltgEin2j/72k/g7RroS1SE+Tvfh2JRPs2PhWweOJ+omtVp4x+YFNCGBg5wW2GaUnyZkUY0ARzv59aNLsGg87aCCY3J1oAudQ7b+yjrEaE8QebYDPmGTXRDV2osPbXf5UFTzl/O350vRy4q6UHRH+StflSOKhvundwf9QAs2RXNd+96kRe+r8YRcMBGmaJFX3OD9U+Z+gZID8knTvBceVGibEsnYKhHLXLYvMkQF3RfBuZHSsWZiiiXajlcutrLTo8eoG1nCj/FLK1slEXzgopcXEBiX1/LQAGXjgUVF7WmnKZELVCabqY6Qbk+qcmpaM8dL50P4WNdw==
datasets',
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/246825
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iba922bc3f3f97c72a839fc5a1ef932ec783b5e17
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: ArielGlenn <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
