Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/292385
Change subject: ores: Allow specifying specific sudo rules
......................................................................
ores: Allow specifying specific sudo rules
We want to be able to restart the celery worker as well. Allow that via
an extra sudo_rules parameter in service::uwsgi
Change-Id: I900fb078c889708a63be92e794382b64707e7234
---
M modules/ores/manifests/web.pp
M modules/service/manifests/uwsgi.pp
2 files changed, 17 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/85/292385/1
diff --git a/modules/ores/manifests/web.pp b/modules/ores/manifests/web.pp
index 40c72b7..b20e227 100644
--- a/modules/ores/manifests/web.pp
+++ b/modules/ores/manifests/web.pp
@@ -8,10 +8,18 @@
) {
require ores::base
+ # Need to be able to also restart the worker. The uwsgi service is
+ # hopefully temporary
+ $sudo_rules = [
+ 'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-ores *',
+ 'ALL=(root) NOPASSWD: /usr/sbin/service celery-ores-worker *',
+ ]
+
$processes = $::processorcount * $workers_per_core
service::uwsgi { 'ores':
- port => $port,
- config => {
+ port => $port,
+ sudo_rules => $sudo_rules,
+ config => {
'wsgi-file' => "${ores::base::config_path}/ores_wsgi.py",
chdir => $ores::base::config_path,
plugins => 'python3',
@@ -20,6 +28,7 @@
processes => $processes,
}
}
+
# lint:ignore:arrow_alignment
$base_config = {
'ores' => {
diff --git a/modules/service/manifests/uwsgi.pp
b/modules/service/manifests/uwsgi.pp
index 77800fe..427706b 100644
--- a/modules/service/manifests/uwsgi.pp
+++ b/modules/service/manifests/uwsgi.pp
@@ -50,6 +50,10 @@
# [*deployment_manage_user*]
# Boolean. Whether or not scap::target manages user. Only applicable
# when $deployment ='scap3'. Default: false
+
+# [*sudo_rules*]
+# An array of string representing sudo rules in the sudoers format that you
+# want the service to have. Default: empty array
#
# === Examples
#
@@ -76,6 +80,7 @@
$deployment_user = 'deploy-service',
$deployment_manage_user = true,
$deployment = 'scap3',
+ $sudo_rules = [],
) {
if $deployment == 'scap3' {
scap::target { $repo:
@@ -83,6 +88,7 @@
deploy_user => $deployment_user,
before => Uwsgi::App[$title],
manage_user => $deployment_manage_user,
+ sudo_rules => $sudo_rules,
}
}
--
To view, visit https://gerrit.wikimedia.org/r/292385
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I900fb078c889708a63be92e794382b64707e7234
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
