[MediaWiki-commits] [Gerrit] Display a message in motd if puppet agent is disabled - change (operations/puppet)

Fri, 12 Feb 2016 01:55:03 -0800 

Ema has submitted this change and it was merged.

Change subject: Display a message in motd if puppet agent is disabled
......................................................................


Display a message in motd if puppet agent is disabled

Change-Id: I37039ddc47a265e4c314a2536a6c073691d0fa05
---
M modules/base/files/puppet/97-last-puppet-run
A modules/base/files/puppet/puppet-enabled
M modules/base/manifests/puppet.pp
3 files changed, 37 insertions(+), 3 deletions(-)

Approvals:
  Filippo Giunchedi: Looks good to me, but someone else must approve
  Ema: Verified; Looks good to me, approved
  Giuseppe Lavagetto: Looks good to me, but someone else must approve



diff --git a/modules/base/files/puppet/97-last-puppet-run 
b/modules/base/files/puppet/97-last-puppet-run
index 6a931b5..9bb86a4 100755
--- a/modules/base/files/puppet/97-last-puppet-run
+++ b/modules/base/files/puppet/97-last-puppet-run
@@ -3,7 +3,7 @@
 
 set -e
 
-PATH=/bin:/usr/bin
+PATH=/bin:/usr/bin:/usr/local/bin
 LANG=C
 
 TSLASTPUPPETRUN=$(stat -c %Z /var/lib/puppet/state/classes.txt)
@@ -14,8 +14,10 @@
 
 echo -n "The last Puppet run was at $(date -d @$TSLASTPUPPETRUN) "
 
+DISABLEDMSG="$(puppet-enabled || true)"
+
 if [ $DELTAMIN -gt 60 ]; then
-       echo "${BOLD}($DELTAMIN minutes ago)${NORM}."
+       echo "${BOLD}($DELTAMIN minutes ago)${NORM}. $DISABLEDMSG"
 else
-       echo "($DELTAMIN minutes ago)."
+       echo "($DELTAMIN minutes ago). $DISABLEDMSG"
 fi
diff --git a/modules/base/files/puppet/puppet-enabled 
b/modules/base/files/puppet/puppet-enabled
new file mode 100644
index 0000000..774ca86
--- /dev/null
+++ b/modules/base/files/puppet/puppet-enabled
@@ -0,0 +1,16 @@
+#!/bin/sh
+# Script displaying a message if Puppet agent is disabled.
+
+set -eu
+
+PATH=/bin:/usr/bin
+
+lockfile="/var/lib/puppet/state/agent_disabled.lock"
+
+if test -f $lockfile; then
+    reason="$(jq -r '.disabled_message' $lockfile 2>/dev/null)"
+    echo "Puppet is disabled. $reason"
+    exit 1
+fi
+
+exit 0
diff --git a/modules/base/manifests/puppet.pp b/modules/base/manifests/puppet.pp
index b4e0872..0458c4e 100644
--- a/modules/base/manifests/puppet.pp
+++ b/modules/base/manifests/puppet.pp
@@ -90,6 +90,22 @@
         source => 'puppet:///modules/base/logrotate/puppet',
     }
 
+    # Mode 0751 to make sure non-root users can access
+    # /var/lib/puppet/state/agent_disabled.lock to check if puppet is enabled
+    file { '/var/lib/puppet':
+        ensure => directory,
+        owner  => 'puppet',
+        group  => 'puppet',
+        mode   => '0751',
+    }
+
+    file { '/usr/local/bin/puppet-enabled':
+        mode   => '0555',
+        owner  => 'root',
+        group  => 'root',
+        source => 'puppet:///modules/base/puppet/puppet-enabled',
+    }
+
     motd::script { 'last-puppet-run':
         ensure   => present,
         priority => 97,

-- 
To view, visit https://gerrit.wikimedia.org/r/268684
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I37039ddc47a265e4c314a2536a6c073691d0fa05
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ema <e...@wikimedia.org>
Gerrit-Reviewer: Ema <e...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Volans <rcocci...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to