Merlijn van Deen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/297902
Change subject: Set up labs realm (ldap classifier and hiera)
......................................................................
Set up labs realm (ldap classifier and hiera)
If host names end in .wmflabs:
- ldap classifier is set up via puppet.conf,
- hiera config is switched from prod to labs.
Mixing labs and non-labs hosts is not allowed.
Bug: T97081
Change-Id: I75b266da99e7dcb948f10d182e7f00bb3debfac6
---
M puppet_compiler/prepare.py
1 file changed, 36 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/software/puppet-compiler
refs/changes/02/297902/1
diff --git a/puppet_compiler/prepare.py b/puppet_compiler/prepare.py
index a02ce2d..ade44c8 100644
--- a/puppet_compiler/prepare.py
+++ b/puppet_compiler/prepare.py
@@ -1,5 +1,6 @@
from contextlib import contextmanager
import json
+import yaml
import subprocess
import os
import shutil
@@ -18,13 +19,15 @@
class ManageCode(object):
private_modules = ['passwords', 'contacts', 'privateexim']
- def __init__(self, config, jobid, changeid):
+ def __init__(self, config, jobid, changeid, realm='production'):
self.base_dir = os.path.join(config['base'],
str(jobid))
self.puppet_src = config['puppet_src']
self.puppet_private = config['puppet_private']
self.puppet_var = config['puppet_var']
self.change_id = changeid
+ self.realm = realm
+
self.change_dir = os.path.join(self.base_dir, 'change')
self.prod_dir = os.path.join(self.base_dir, 'production')
self.diff_dir = os.path.join(self.base_dir, 'diffs')
@@ -58,7 +61,8 @@
self._prepare_dir(self.prod_dir)
prod_src = os.path.join(self.prod_dir, 'src')
with pushd(prod_src):
- self._copy_hiera(self.prod_dir)
+ self._copy_hiera(self.prod_dir, self.realm)
+ self._create_puppetconf(self.change_dir, self.realm)
# Change
self._prepare_dir(self.change_dir)
@@ -66,7 +70,8 @@
with pushd(change_src):
self._fetch_change()
# Re-do in case of hiera config changes
- self._copy_hiera(self.change_dir)
+ self._copy_hiera(self.change_dir, self.realm)
+ self._create_puppetconf(self.change_dir, self.realm)
def refresh(self, gitdir):
"""
@@ -99,11 +104,13 @@
os.path.join(src, 'ssl'))
@staticmethod
- def _copy_hiera(dirname):
+ def _copy_hiera(dirname, realm):
"""
Copy the hiera file
"""
- hiera_file = 'modules/puppetmaster/files/production.hiera.yaml'
+ hiera_file = 'modules/puppetmaster/files/{realm}.hiera.yaml'.format(
+ realm=realm
+ )
priv = os.path.join(dirname, 'private')
pub = os.path.join(dirname, 'src')
with open(hiera_file, 'r') as g, open('hiera.yaml', 'w') as f:
@@ -114,6 +121,30 @@
'/etc/puppet', pub)
f.write(l)
+ @staticmethod
+ def _create_puppetconf(dirname, realm):
+ if realm != 'labs':
+ _log.debug('Realm is %s, skipping writing puppet.conf', realm)
+ return
+
+ template = """# This file has been generated by puppet-compiler.
+[master]
+ node_terminus = ldap
+ ldapbase = ou=hosts,dc=wikimedia,dc=org
+ ldapstring = (&(objectclass=puppetClient)(associatedDomain=%s))
+ ldaptls = true
+ ldappassword = {password}
+ ldapuser = {user}
+ ldapserver = {servers[0]}
+"""
+
+ with open('/etc/ldap.yaml') as f:
+ config = yaml.safe_load(f)
+
+ with open('puppet.conf', 'w') as f:
+ f.write(template.format(**config))
+ _log.debug('Wrote puppet.conf with ldap settings')
+
def _fetch_change(self):
"""get changes from the change directly"""
headers = {'Accept': 'application/json',
--
To view, visit https://gerrit.wikimedia.org/r/297902
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I75b266da99e7dcb948f10d182e7f00bb3debfac6
Gerrit-PatchSet: 1
Gerrit-Project: operations/software/puppet-compiler
Gerrit-Branch: master
Gerrit-Owner: Merlijn van Deen <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
