Thcipriani has uploaded a new change for review.
https://gerrit.wikimedia.org/r/303955
Change subject: Stop icinga git remote update
......................................................................
Stop icinga git remote update
This check has been causing some ownership issues on
/srv/mediawiki-staging for a few months. Ideally, icinga wouldn't change
the state of a git repository.
Use git ls-remote to check the current sha1 of the remote.
Bug: T127093
Change-Id: I921d3f9e75a5ac2a19e1b82e246827ab4e1b7a9a
---
M modules/monitoring/manifests/icinga/git_merge.pp
M modules/monitoring/templates/check_git-needs-merge.erb
M modules/role/manifests/deployment/server.pp
3 files changed, 10 insertions(+), 7 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/55/303955/1
diff --git a/modules/monitoring/manifests/icinga/git_merge.pp
b/modules/monitoring/manifests/icinga/git_merge.pp
index f5fe73b..56d6288 100644
--- a/modules/monitoring/manifests/icinga/git_merge.pp
+++ b/modules/monitoring/manifests/icinga/git_merge.pp
@@ -4,15 +4,14 @@
define monitoring::icinga::git_merge (
$dir = "/var/lib/git/operations/${title}",
$user = 'gitpuppet',
- $remote_branch = 'origin/production',
+ $remote = 'origin',
+ $remote_branch = 'production',
$interval = 10
) {
$sane_title = regsubst($title, '\W', '_', 'G')
$filename = "/usr/local/lib/nagios/plugins/check_${sane_title}-needs-merge"
$file_resource = "check_${sane_title}_needs_merge"
-
- $remote = regsubst($remote_branch,'/\w+$','')
file { $file_resource:
ensure => present,
diff --git a/modules/monitoring/templates/check_git-needs-merge.erb
b/modules/monitoring/templates/check_git-needs-merge.erb
index 463916a..d716e59 100755
--- a/modules/monitoring/templates/check_git-needs-merge.erb
+++ b/modules/monitoring/templates/check_git-needs-merge.erb
@@ -5,12 +5,15 @@
#Config variables
basedir="<%= @dir %>"
git_user=<%= @user %>
-refname=<%= @remote_branch %>
+repository=<%= @remote %>
+refs=<%= @remote_branch %>
+refname="${repository}/${refs}"
# First of all, check if there is something to merge.
cd "${basedir}"
-su - $git_user -c "cd ${basedir} && git remote update <%= @remote %> >
/dev/null 2>&1"
-remote_sha1=$(git rev-parse ${refname})
+remote_sha1=$(su - $git_user -c "cd \"${basedir}\" \
+ && git ls-remote --heads \"${repository}\" \"${refs}\" 2>&1" \
+ | cut -f1)
local_sha1=$(git rev-parse HEAD)
# Exit if there are no changes to merge.
if [ "x${remote_sha1}" == "x${local_sha1}" ]; then
diff --git a/modules/role/manifests/deployment/server.pp
b/modules/role/manifests/deployment/server.pp
index 6774592..fb5c86a 100644
--- a/modules/role/manifests/deployment/server.pp
+++ b/modules/role/manifests/deployment/server.pp
@@ -67,7 +67,8 @@
::monitoring::icinga::git_merge { 'mediawiki_config':
dir => '/srv/mediawiki-staging/',
user => 'root',
- remote_branch => 'readonly/master'
+ remote => 'readonly',
+ remote_branch => 'master',
}
# Also make sure that no files have been stolen by root ;-)
--
To view, visit https://gerrit.wikimedia.org/r/303955
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I921d3f9e75a5ac2a19e1b82e246827ab4e1b7a9a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Thcipriani <tcipri...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
