Thcipriani has uploaded a new change for review. https://gerrit.wikimedia.org/r/303955
Change subject: Stop icinga git remote update ...................................................................... Stop icinga git remote update This check has been causing some ownership issues on /srv/mediawiki-staging for a few months. Ideally, icinga wouldn't change the state of a git repository. Use git ls-remote to check the current sha1 of the remote. Bug: T127093 Change-Id: I921d3f9e75a5ac2a19e1b82e246827ab4e1b7a9a --- M modules/monitoring/manifests/icinga/git_merge.pp M modules/monitoring/templates/check_git-needs-merge.erb M modules/role/manifests/deployment/server.pp 3 files changed, 10 insertions(+), 7 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/55/303955/1 diff --git a/modules/monitoring/manifests/icinga/git_merge.pp b/modules/monitoring/manifests/icinga/git_merge.pp index f5fe73b..56d6288 100644 --- a/modules/monitoring/manifests/icinga/git_merge.pp +++ b/modules/monitoring/manifests/icinga/git_merge.pp @@ -4,15 +4,14 @@ define monitoring::icinga::git_merge ( $dir = "/var/lib/git/operations/${title}", $user = 'gitpuppet', - $remote_branch = 'origin/production', + $remote = 'origin', + $remote_branch = 'production', $interval = 10 ) { $sane_title = regsubst($title, '\W', '_', 'G') $filename = "/usr/local/lib/nagios/plugins/check_${sane_title}-needs-merge" $file_resource = "check_${sane_title}_needs_merge" - - $remote = regsubst($remote_branch,'/\w+$','') file { $file_resource: ensure => present, diff --git a/modules/monitoring/templates/check_git-needs-merge.erb b/modules/monitoring/templates/check_git-needs-merge.erb index 463916a..d716e59 100755 --- a/modules/monitoring/templates/check_git-needs-merge.erb +++ b/modules/monitoring/templates/check_git-needs-merge.erb @@ -5,12 +5,15 @@ #Config variables basedir="<%= @dir %>" git_user=<%= @user %> -refname=<%= @remote_branch %> +repository=<%= @remote %> +refs=<%= @remote_branch %> +refname="${repository}/${refs}" # First of all, check if there is something to merge. cd "${basedir}" -su - $git_user -c "cd ${basedir} && git remote update <%= @remote %> > /dev/null 2>&1" -remote_sha1=$(git rev-parse ${refname}) +remote_sha1=$(su - $git_user -c "cd \"${basedir}\" \ + && git ls-remote --heads \"${repository}\" \"${refs}\" 2>&1" \ + | cut -f1) local_sha1=$(git rev-parse HEAD) # Exit if there are no changes to merge. if [ "x${remote_sha1}" == "x${local_sha1}" ]; then diff --git a/modules/role/manifests/deployment/server.pp b/modules/role/manifests/deployment/server.pp index 6774592..fb5c86a 100644 --- a/modules/role/manifests/deployment/server.pp +++ b/modules/role/manifests/deployment/server.pp @@ -67,7 +67,8 @@ ::monitoring::icinga::git_merge { 'mediawiki_config': dir => '/srv/mediawiki-staging/', user => 'root', - remote_branch => 'readonly/master' + remote => 'readonly', + remote_branch => 'master', } # Also make sure that no files have been stolen by root ;-) -- To view, visit https://gerrit.wikimedia.org/r/303955 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I921d3f9e75a5ac2a19e1b82e246827ab4e1b7a9a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Thcipriani <tcipri...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits