[MediaWiki-commits] [Gerrit] Labs: Have fileservers no longer nsswitch to LDAP - change (operations/puppet)

Mon, 23 Nov 2015 08:42:05 -0800 

coren has submitted this change and it was merged.

Change subject: Labs: Have fileservers no longer nsswitch to LDAP
......................................................................


Labs: Have fileservers no longer nsswitch to LDAP

This adds a minor tweak to ldap::manifests::client so that a
hiera value can force the system nsswitch.conf to be the distro
default (rather than ours which adds the ldap source); and
sets that variable to true for the labstores.

Bug: T87870
Change-Id: I76d7365e54c63f0668ebda4d7f9a252043be4438
---
M hieradata/eqiad/labstore/fileserver.yaml
M modules/ldap/manifests/client/nss.pp
2 files changed, 9 insertions(+), 1 deletion(-)

Approvals:
  ArielGlenn: Looks good to me, but someone else must approve
  coren: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/hieradata/eqiad/labstore/fileserver.yaml 
b/hieradata/eqiad/labstore/fileserver.yaml
index 09e3390..620e069 100644
--- a/hieradata/eqiad/labstore/fileserver.yaml
+++ b/hieradata/eqiad/labstore/fileserver.yaml
@@ -1 +1,2 @@
 use_ldap: true
+nsswitch_use_default: true
diff --git a/modules/ldap/manifests/client/nss.pp 
b/modules/ldap/manifests/client/nss.pp
index 2007e3f..7988237 100644
--- a/modules/ldap/manifests/client/nss.pp
+++ b/modules/ldap/manifests/client/nss.pp
@@ -38,9 +38,16 @@
         source  => $nscd_conf,
     }
 
+    # Allow hiera to prevent systemwide nsswitch.conf change
+    # (more specifically, force the distro default)
+    $nsswitch_source = hiera('nsswitch_use_default', false)? {
+        true    => 'file:///usr/share/base-files/nsswitch.conf',
+        default => 'puppet:///modules/ldap/nsswitch.conf',
+    }
+
     file { '/etc/nsswitch.conf':
         notify => Service['nscd'],
-        source => 'puppet:///modules/ldap/nsswitch.conf',
+        source => $nsswitch_source,
     }
 
     # Allow labs projects to give people custom shells

-- 
To view, visit https://gerrit.wikimedia.org/r/254881
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I76d7365e54c63f0668ebda4d7f9a252043be4438
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: ArielGlenn <ar...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to