Giuseppe Lavagetto has submitted this change and it was merged.
Change subject: scap: add configuration for phabricator
......................................................................
scap: add configuration for phabricator
Add deploy-phabricator group for phabricator deployment on deployment
servers. This group is needed to limit access to the private key
in keyholder that will be used by scap3 for ssh access to
phabricator deployment targets.
Bug: T114363
Change-Id: Ia14cda45f18b2069bc5d2ebd76ce2de1c975d9a7
---
M hieradata/common/scap/server.yaml
M hieradata/labs/deployment-prep/common.yaml
M hieradata/role/common/deployment/server.yaml
M modules/admin/data/data.yaml
M modules/phabricator/files/phab-deploy-key.labs
5 files changed, 13 insertions(+), 1 deletion(-)
Approvals:
Giuseppe Lavagetto: Verified; Looks good to me, approved
diff --git a/hieradata/common/scap/server.yaml
b/hieradata/common/scap/server.yaml
index 7da43cd..90ee963 100644
--- a/hieradata/common/scap/server.yaml
+++ b/hieradata/common/scap/server.yaml
@@ -36,6 +36,9 @@
# will be cloned on the scap deploy server.
sources:
+ phabricator/deployment:
+ repository: phabricator/deployment
+
# Source code for taking XML dumps and snapshots of Mediawiki.
dumps/dumps:
repository: operations/dumps
diff --git a/hieradata/labs/deployment-prep/common.yaml
b/hieradata/labs/deployment-prep/common.yaml
index f3969f9..bede0b3 100644
--- a/hieradata/labs/deployment-prep/common.yaml
+++ b/hieradata/labs/deployment-prep/common.yaml
@@ -247,6 +247,9 @@
# will be cloned on the scap deploy server.
scap::server::sources:
+ phabricator/deployment:
+ repository: phabricator/deployment
+
# eventbus runs eventlogging-service.
# See: https://wikitech.wikimedia.org/wiki/EventBus
eventlogging/eventbus:
diff --git a/hieradata/role/common/deployment/server.yaml
b/hieradata/role/common/deployment/server.yaml
index a1c3efe..fd07c23 100644
--- a/hieradata/role/common/deployment/server.yaml
+++ b/hieradata/role/common/deployment/server.yaml
@@ -6,6 +6,8 @@
- wdqs-admins
- eventlogging-admins
- aqs-admins
+ - deploy-phabricator
+
debdeploy::grains:
debdeploy-deployment:
value: standard
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index 7a96dd7..29d5ec4 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -493,6 +493,10 @@
description: allows full sudo on labtest cluster, T131166
members: [krenair]
privileges: ['ALL = (ALL) NOPASSWD: ALL']
+ deploy-phabricator:
+ gid: 777
+ description: Group of phabricator deployers
+ members: [twentyafterfour,demon,rush,thcipriani]
users:
rush:
diff --git a/modules/phabricator/files/phab-deploy-key.labs
b/modules/phabricator/files/phab-deploy-key.labs
index 17bc88e..38641cd 100644
--- a/modules/phabricator/files/phab-deploy-key.labs
+++ b/modules/phabricator/files/phab-deploy-key.labs
@@ -1 +1 @@
-ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC5385VUpvkzTd2XPgpi5DppbuIBZyUQvXVpSSV3AG8/Pvx/x3U8lH3Tif2wKC/eXbH4tJmeRf8j16XaLaNorlhsRrG9HZSvjX/LFYj4FBInzxheXQkVSGasNWv17BDfsTSExBRTUOdAhoLfnbe9HfyEVvFHvxx6zfoGcrsiFeEjg2S41cnzn7cgkdUa6r2FKdurmmhZmGp9LhlGpq2wbb5z5GQbfs1d3Qd66dg/ktP1S+RdL5eyAQewzCTjqo4u4tpps2In9b0ZBLQ2H2C03kkWBG9Q4o0Fs4Z0/8vZ2mp0U30tWYYwqRB8htf8PdSknZjcVgFdjf5m3lJphJpfxr1
phab-deploy@deploy
+ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDYNkbiYqQ9/UU3X5AKxhXOLkjCNofnmUDR/uGgRXAICAu0SZoso18zARNqVlwUWo8jsioBKg7OTKz3EIyp0WSXSbdgbiBTSNURdH6UVatWpFRbUCqlIysWZvf+QdPvpRlOufecz3/wi5QoyfNdmGI5QUZt6fHJW6p/JD+AYYnwWvuoy4jBB3gkFeGqgWrVMrB3RMsxlGYPc3DavycxCtp2jWu4DX1Q7wpMAvg2RujCSw8hB7lJGizvTYI+feRqtkHmjOGuUAPvPEBl2/sVO7WjQ3T2bQw4q0Y8S0hlYFNUJwpOTWPJUHNyXpkipbuGTTWf7lapVQZAtYjAdzTlAaXl
root@deploy
--
To view, visit https://gerrit.wikimedia.org/r/282186
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia14cda45f18b2069bc5d2ebd76ce2de1c975d9a7
Gerrit-PatchSet: 8
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <[email protected]>
Gerrit-Reviewer: Alex Monk <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
