Alex Monk has uploaded a new change for review.
https://gerrit.wikimedia.org/r/284851
Change subject: Try to separate trebuchet stuff from role::deployment::server
......................................................................
Try to separate trebuchet stuff from role::deployment::server
By creating role::deployment::trebuchet_server
Change-Id: I360c46fbbeb9ff22adc2dcd3bc7c7a4f2f3ae69d
---
M modules/role/manifests/deployment/server.pp
A modules/role/manifests/deployment/trebuchet_server.pp
2 files changed, 68 insertions(+), 56 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/51/284851/1
diff --git a/modules/role/manifests/deployment/server.pp
b/modules/role/manifests/deployment/server.pp
index f6ef4de..0c61d9b 100644
--- a/modules/role/manifests/deployment/server.pp
+++ b/modules/role/manifests/deployment/server.pp
@@ -14,10 +14,6 @@
# anything to do with Mediawiki.
include scap::server
- class { 'deployment::deployment_server':
- deployment_group => $deployment_group,
- }
-
# set umask for wikidev users so that newly-created files are g+w
file { '/etc/profile.d/umask-wikidev.sh':
ensure => present,
@@ -50,17 +46,6 @@
srange => '$MW_APPSERVER_NETWORKS',
}
-
- $deployable_networks_ferm = join($deployable_networks, ' ')
-
- # T113351
- ferm::service { 'http_deployment_server':
- desc => 'http on trebuchet deployment servers, for serving actual
files to deploy',
- proto => 'tcp',
- port => '80',
- srange => "(${deployable_networks_ferm})",
- }
-
### End firewall rules
#T83854
@@ -70,60 +55,22 @@
remote_branch => 'readonly/master'
}
- ### Trebuchet
- file { '/srv/deployment':
- ensure => directory,
- owner => 'trebuchet',
- group => $deployment_group,
- }
-
- apache::site { 'deployment':
- content => template('role/deployment/apache-vhost.erb'),
- require => File['/srv/deployment'],
- }
$deployment_server = hiera('deployment_server', 'tin.eqiad.wmnet')
- class { '::deployment::redis':
- deployment_server => $deployment_server
- }
-
$deploy_ensure = $deployment_server ? {
$::fqdn => 'absent',
default => 'present'
}
-
- class { '::deployment::rsync':
- deployment_server => $deployment_server,
- cron_ensure => $deploy_ensure,
- }
-
motd::script { 'inactive_warning':
ensure => $deploy_ensure,
priority => 01,
source => 'puppet:///modules/role/deployment/inactive.motd',
}
- # Bacula backups (T125527)
- backup::set { 'srv-deployment': }
-
- # Used by the trebuchet salt returner
- ferm::service { 'deployment-redis':
- proto => 'tcp',
- port => '6379',
- srange => "(${deployable_networks_ferm})",
+ class { '::role::deployment::trebuchet_server':
+ apache_fqdn => $apache_fqdn,
+ deployment_group => $deployment_group,
}
-
- sudo::group { "${deployment_group}_deployment_server":
- group => $deployment_group,
- privileges => [
- 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet --out=json
pillar.data',
- 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet publish.runner
deploy.fetch *',
- 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet publish.runner
deploy.checkout *',
- 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet --out=json
publish.runner deploy.restart *',
- ],
- }
- ### End Trebuchet
-
# tig is a ncurses-based git utility which is useful for
# determining the state of git repos during deployments.
diff --git a/modules/role/manifests/deployment/trebuchet_server.pp
b/modules/role/manifests/deployment/trebuchet_server.pp
new file mode 100644
index 0000000..50a01ed
--- /dev/null
+++ b/modules/role/manifests/deployment/trebuchet_server.pp
@@ -0,0 +1,65 @@
+class role::deployment::trebuchet_server(
+ $apache_fqdn = $::fqdn,
+ $deployment_group = 'wikidev',
+) {
+ # T113351
+ include network::constants
+ $deployable_networks = $::network::constants::deployable_networks
+ $deployable_networks_ferm = join($deployable_networks, ' ')
+ ferm::service { 'http_deployment_server':
+ desc => 'http on trebuchet deployment servers, for serving actual
files to deploy',
+ proto => 'tcp',
+ port => '80',
+ srange => "(${deployable_networks_ferm})",
+ }
+
+ file { '/srv/deployment':
+ ensure => directory,
+ owner => 'trebuchet',
+ group => $deployment_group,
+ }
+
+ apache::site { 'deployment':
+ content => template('role/deployment/apache-vhost.erb'),
+ require => File['/srv/deployment'],
+ }
+
+ class { 'deployment::deployment_server':
+ deployment_group => $deployment_group,
+ }
+
+ $deployment_server = hiera('deployment_server', 'tin.eqiad.wmnet')
+ class { '::deployment::redis':
+ deployment_server => $deployment_server
+ }
+
+ $deploy_ensure = $deployment_server ? {
+ $::fqdn => 'absent',
+ default => 'present'
+ }
+
+ class { '::deployment::rsync':
+ deployment_server => $deployment_server,
+ cron_ensure => $deploy_ensure,
+ }
+
+ # Bacula backups (T125527)
+ backup::set { 'srv-deployment': }
+
+ # Used by the trebuchet salt returner
+ ferm::service { 'deployment-redis':
+ proto => 'tcp',
+ port => '6379',
+ srange => "(${deployable_networks_ferm})",
+ }
+
+ sudo::group { "${deployment_group}_deployment_server":
+ group => $deployment_group,
+ privileges => [
+ 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet --out=json
pillar.data',
+ 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet publish.runner
deploy.fetch *',
+ 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet publish.runner
deploy.checkout *',
+ 'ALL = (root) NOPASSWD: /usr/bin/salt-call -l quiet --out=json
publish.runner deploy.restart *',
+ ],
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/284851
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I360c46fbbeb9ff22adc2dcd3bc7c7a4f2f3ae69d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alex Monk <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
