[MediaWiki-commits] [Gerrit] mysql: Disable apparmor in labs instances - change (operations/puppet)

Yuvipanda (Code Review) Mon, 16 Nov 2015 13:53:14 -0800

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/253463


Change subject: mysql: Disable apparmor in labs instances
......................................................................

mysql: Disable apparmor in labs instances

Since it fails with:

  Starting AppArmor profiles:AppArmor not available as kernel LSM..

Change-Id: I14cf84a4e745282244654f6f2f69ae922532d410
---
M hieradata/labs.yaml
M modules/mysql/manifests/server.pp
2 files changed, 15 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/63/253463/1

diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index 5804b08..c993ba1 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -57,3 +57,4 @@
   dumps: true
 ssh::server::disable_agent_forwarding: false
 puppetmaster: "labs-puppetmaster-eqiad.wikimedia.org"
+mysql::use_apparmor: false  # The images we have for debian don't support it
diff --git a/modules/mysql/manifests/server.pp 
b/modules/mysql/manifests/server.pp
index f81e873..650493b 100644
--- a/modules/mysql/manifests/server.pp
+++ b/modules/mysql/manifests/server.pp
@@ -21,7 +21,8 @@
   $service_provider = $mysql::params::service_provider,
   $config_hash      = {},
   $enabled          = true,
-  $manage_service   = false
+  $manage_service   = false,
+  $use_apparmor     = true,
 ) inherits mysql::params {
 
   Class['mysql::server::package'] -> Class['mysql::config']
@@ -44,16 +45,18 @@
     }
   }
 
-  include apparmor
-  # mysql is protected by apparmor.  Need to
-  # reload apparmor if the file changes.
-  file { '/etc/apparmor.d/usr.sbin.mysqld':
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => template('mysql/apparmor.template.usr.sbin.mysqld.erb'),
-    require => Package['mysql-server'],
-    notify  => Service['apparmor'],
+  if $use_apparmor {
+      include apparmor
+      # mysql is protected by apparmor.  Need to
+      # reload apparmor if the file changes.
+      file { '/etc/apparmor.d/usr.sbin.mysqld':
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        content => template('mysql/apparmor.template.usr.sbin.mysqld.erb'),
+        require => Package['mysql-server'],
+        notify  => Service['apparmor'],
+      }
   }
 
 

-- 
To view, visit https://gerrit.wikimedia.org/r/253463
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I14cf84a4e745282244654f6f2f69ae922532d410
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mysql: Disable apparmor in labs instances - change (operations/puppet)

Reply via email to