Dzahn has submitted this change and it was merged.
Change subject: scap: add configuration for phabricator
......................................................................
scap: add configuration for phabricator
Add deploy-phabricator on deployment servers. This group
is needed for keyholder ssh access to phabricator
deployment targets (iridium)
Bug: T114363
Change-Id: Iab5cad2e2a5881cede2e1e6eab0bdd3660080cd0
---
M hieradata/common/scap/server.yaml
M hieradata/labs/deployment-prep/common.yaml
M hieradata/role/common/deployment/server.yaml
M modules/admin/data/data.yaml
M modules/phabricator/files/phab-deploy-key.labs
5 files changed, 13 insertions(+), 1 deletion(-)
Approvals:
20after4: Looks good to me, but someone else must approve
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/hieradata/common/scap/server.yaml
b/hieradata/common/scap/server.yaml
index 7da43cd..90ee963 100644
--- a/hieradata/common/scap/server.yaml
+++ b/hieradata/common/scap/server.yaml
@@ -36,6 +36,9 @@
# will be cloned on the scap deploy server.
sources:
+ phabricator/deployment:
+ repository: phabricator/deployment
+
# Source code for taking XML dumps and snapshots of Mediawiki.
dumps/dumps:
repository: operations/dumps
diff --git a/hieradata/labs/deployment-prep/common.yaml
b/hieradata/labs/deployment-prep/common.yaml
index f3969f9..bede0b3 100644
--- a/hieradata/labs/deployment-prep/common.yaml
+++ b/hieradata/labs/deployment-prep/common.yaml
@@ -247,6 +247,9 @@
# will be cloned on the scap deploy server.
scap::server::sources:
+ phabricator/deployment:
+ repository: phabricator/deployment
+
# eventbus runs eventlogging-service.
# See: https://wikitech.wikimedia.org/wiki/EventBus
eventlogging/eventbus:
diff --git a/hieradata/role/common/deployment/server.yaml
b/hieradata/role/common/deployment/server.yaml
index a1c3efe..fd07c23 100644
--- a/hieradata/role/common/deployment/server.yaml
+++ b/hieradata/role/common/deployment/server.yaml
@@ -6,6 +6,8 @@
- wdqs-admins
- eventlogging-admins
- aqs-admins
+ - deploy-phabricator
+
debdeploy::grains:
debdeploy-deployment:
value: standard
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index 2c82135..60cedb6 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -498,6 +498,10 @@
description: users who have root on swift servers
members: [gilles]
privileges: ['ALL = (ALL) NOPASSWD: ALL']
+ deploy-phabricator:
+ gid: 778
+ description: Group of phabricator deployers
+ members: [twentyafterfour, demon, rush, thcipriani]
users:
rush:
diff --git a/modules/phabricator/files/phab-deploy-key.labs
b/modules/phabricator/files/phab-deploy-key.labs
index 17bc88e..38641cd 100644
--- a/modules/phabricator/files/phab-deploy-key.labs
+++ b/modules/phabricator/files/phab-deploy-key.labs
@@ -1 +1 @@
-ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC5385VUpvkzTd2XPgpi5DppbuIBZyUQvXVpSSV3AG8/Pvx/x3U8lH3Tif2wKC/eXbH4tJmeRf8j16XaLaNorlhsRrG9HZSvjX/LFYj4FBInzxheXQkVSGasNWv17BDfsTSExBRTUOdAhoLfnbe9HfyEVvFHvxx6zfoGcrsiFeEjg2S41cnzn7cgkdUa6r2FKdurmmhZmGp9LhlGpq2wbb5z5GQbfs1d3Qd66dg/ktP1S+RdL5eyAQewzCTjqo4u4tpps2In9b0ZBLQ2H2C03kkWBG9Q4o0Fs4Z0/8vZ2mp0U30tWYYwqRB8htf8PdSknZjcVgFdjf5m3lJphJpfxr1
phab-deploy@deploy
+ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDYNkbiYqQ9/UU3X5AKxhXOLkjCNofnmUDR/uGgRXAICAu0SZoso18zARNqVlwUWo8jsioBKg7OTKz3EIyp0WSXSbdgbiBTSNURdH6UVatWpFRbUCqlIysWZvf+QdPvpRlOufecz3/wi5QoyfNdmGI5QUZt6fHJW6p/JD+AYYnwWvuoy4jBB3gkFeGqgWrVMrB3RMsxlGYPc3DavycxCtp2jWu4DX1Q7wpMAvg2RujCSw8hB7lJGizvTYI+feRqtkHmjOGuUAPvPEBl2/sVO7WjQ3T2bQw4q0Y8S0hlYFNUJwpOTWPJUHNyXpkipbuGTTWf7lapVQZAtYjAdzTlAaXl
root@deploy
--
To view, visit https://gerrit.wikimedia.org/r/283494
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iab5cad2e2a5881cede2e1e6eab0bdd3660080cd0
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <[email protected]>
Gerrit-Reviewer: 20after4 <[email protected]>
Gerrit-Reviewer: Alex Monk <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
Gerrit-Reviewer: Thcipriani <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
