Yuvipanda has submitted this change and it was merged.

Change subject: puppetmaster: Allow customizing which user owns git repos
......................................................................


puppetmaster: Allow customizing which user owns git repos

For per-project puppetmasters, this should be root rather
than gitpuppet. This allows us to make that customization

Change-Id: I3bad006bf82ae1bbb747b70df919159925411aef
---
M modules/puppetmaster/manifests/gitclone.pp
M modules/puppetmaster/manifests/init.pp
2 files changed, 48 insertions(+), 32 deletions(-)

Approvals:
  Yuvipanda: Verified; Looks good to me, approved



diff --git a/modules/puppetmaster/manifests/gitclone.pp 
b/modules/puppetmaster/manifests/gitclone.pp
index f551298..8c414ee 100644
--- a/modules/puppetmaster/manifests/gitclone.pp
+++ b/modules/puppetmaster/manifests/gitclone.pp
@@ -12,16 +12,24 @@
 #
 # [*prevent_cherrypicks*]
 # If true, setup git hooks to prevent manual modification of the git repos.
+#
+# [*user*]
+# The user which should own the git repositories
+#
+# [*group*]
+# The group which should own the git repositories
 class puppetmaster::gitclone(
     $secure_private = true,
     $is_git_master = false,
     $prevent_cherrypicks = true,
+    $user = 'gitpuppet',
+    $group = 'gitpuppet',
 ){
     $servers = hiera('puppetmaster::servers', {})
 
     class  { '::puppetmaster::base_repo':
         gitdir   => $::puppetmaster::gitdir,
-        gitowner => 'gitpuppet'
+        gitowner => $user,
     }
 
     if $prevent_cherrypicks {
@@ -36,29 +44,29 @@
         "${puppetmaster::gitdir}/operations/puppet/.git/hooks/pre-commit":
             ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/puppet'],
-            owner   => 'gitpuppet',
-            group   => 'gitpuppet',
+            owner   => $user,
+            group   => $group,
             source  => 'puppet:///modules/puppetmaster/git/pre-commit',
             mode    => '0550';
         "${puppetmaster::gitdir}/operations/puppet/.git/hooks/pre-merge":
             ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/puppet'],
-            owner   => 'gitpuppet',
-            group   => 'gitpuppet',
+            owner   => $user,
+            group   => $group,
             source  => 'puppet:///modules/puppetmaster/git/pre-merge',
             mode    => '0550';
         "${puppetmaster::gitdir}/operations/puppet/.git/hooks/pre-rebase":
             ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/puppet'],
-            owner   => 'gitpuppet',
-            group   => 'gitpuppet',
+            owner   => $user,
+            group   => $group,
             source  => 'puppet:///modules/puppetmaster/git/pre-rebase',
             mode    => '0550';
         "${puppetmaster::gitdir}/operations/software/.git/hooks/pre-commit":
             ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/software'],
-            owner   => 'gitpuppet',
-            group   => 'gitpuppet',
+            owner   => $user,
+            group   => $group,
             source  => 'puppet:///modules/puppetmaster/git/pre-commit',
             mode    => '0550';
         $puppetmaster::volatiledir:
@@ -74,8 +82,8 @@
         '/var/log/puppet-post-merge.log':
             ensure  => file,
             replace => false,
-            owner   => 'gitpuppet',
-            group   => 'gitpuppet',
+            owner   => $user,
+            group   => $group,
             mode    => '0640';
     }
 
@@ -95,8 +103,8 @@
         if $is_git_master {
             file { '/srv/private':
                 ensure  => directory,
-                owner   => 'gitpuppet',
-                group   => 'gitpuppet',
+                owner   => $user,
+                group   => $group,
                 mode    => '0640', # Will become 0755 for dir automatically
                 recurse => true,
             }
@@ -124,8 +132,8 @@
             file { '/srv/private/.git/hooks/commit-msg':
                 ensure  => present,
                 source  => 
'puppet:///modules/puppetmaster/git/private/commit-msg-master',
-                owner   => 'gitpuppet',
-                group   => 'gitpuppet',
+                owner   => $user,
+                group   => $group,
                 mode    => '0550',
                 require => Exec['/srv/private init'],
             }
@@ -135,8 +143,8 @@
             file { '/srv/private/.git/hooks/post-commit':
                 ensure  => present,
                 content => template('puppetmaster/git-master-postcommit.erb'),
-                owner   => 'gitpuppet',
-                group   => 'gitpuppet',
+                owner   => $user,
+                group   => $group,
                 mode    => '0550',
                 require => Exec['/srv/private init'],
             }
@@ -145,15 +153,15 @@
             # This will reset to head, and transmit data to /var/lib
             file { '/srv/private/.git/hooks/post-receive':
                 source  => 
'puppet:///modules/puppetmaster/git/private/post-receive-master',
-                owner   => 'gitpuppet',
-                group   => 'gitpuppet',
+                owner   => $user,
+                group   => $group,
                 mode    => '0550',
                 require => File['/srv/private']
             }
             file { '/srv/private/.git/config':
                 source  => 
'puppet:///modules/puppetmaster/git/private/gitconfig-master',
-                owner   => 'gitpuppet',
-                group   => 'gitpuppet',
+                owner   => $user,
+                group   => $group,
                 mode    => '0550',
                 require => File['/srv/private']
             }
@@ -161,15 +169,15 @@
             puppetmaster::gitprivate { '/srv/private':
                 bare     => true,
                 dir_mode => '0700',
-                owner    => 'gitpuppet',
-                group    => 'gitpuppet',
+                owner    => $user,
+                group    => $group,
             }
 
             # This will transmit data to /var/lib...
             file { '/srv/private/hooks/post-receive':
                 source  => 
'puppet:///modules/puppetmaster/git/private/post-receive',
-                owner   => 'gitpuppet',
-                group   => 'gitpuppet',
+                owner   => $user,
+                group   => $group,
                 mode    => '0550',
                 require => Puppetmaster::Gitprivate['/srv/private']
             }
@@ -182,7 +190,7 @@
 
         puppetmaster::gitprivate { $private_dir:
             origin   => '/srv/private',
-            owner    => 'gitpuppet',
+            owner    => $user,
             group    => 'puppet',
             dir_mode => '0750',
         }
@@ -202,14 +210,14 @@
     } else {
         file { '/var/lib/git/labs':
             ensure => directory,
-            owner  => 'gitpuppet',
-            group  => 'gitpuppet',
+            owner  => $user,
+            group  => $group,
             mode   => '0755',
         }
 
         git::clone { 'labs/private':
             require   => File["${puppetmaster::gitdir}/labs"],
-            owner     => 'gitpuppet',
+            owner     => $user,
             directory => "${puppetmaster::gitdir}/labs/private",
         }
 
@@ -223,7 +231,7 @@
     git::clone {
         'operations/software':
             require   => File["${puppetmaster::gitdir}/operations"],
-            owner     => 'gitpuppet',
+            owner     => $user,
             directory => "${puppetmaster::gitdir}/operations/software",
             origin    => 
'https://gerrit.wikimedia.org/r/p/operations/software';
     }
diff --git a/modules/puppetmaster/manifests/init.pp 
b/modules/puppetmaster/manifests/init.pp
index e055cdb..2c9f8ce 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -2,7 +2,7 @@
 #
 # This class installs a Puppetmaster
 #
-# Parameters:
+# Parameters
 #    - $bind_address:
 #        The IP address Apache will bind to
 #    - $verify_client:
@@ -31,7 +31,11 @@
 #        String - extra authentication rules to add before the default policy.
 #    - $prevent_cherrypicks:
 #        Bool - use git hooks to prevent cherry picking on top of the git repo
-
+#    - $git_user
+#        String - name of user who should own the git repositories
+#
+#    - $git_group
+#        String - name of group which should own the git repositories
 class puppetmaster(
     $server_name='puppet',
     $bind_address='*',
@@ -53,6 +57,8 @@
     $extra_auth_rules='',
     $include_conftool=true,
     $prevent_cherrypicks=true,
+    $git_user='gitpuppet',
+    $git_group='gitpuppet',
 ){
 
     $gitdir = '/var/lib/git'
@@ -148,6 +154,8 @@
         secure_private      => $secure_private,
         is_git_master       => $is_git_master,
         prevent_cherrypicks => $prevent_cherrypicks,
+        user                => $git_user,
+        group               => $git_group,
     }
 
     include puppetmaster::scripts

-- 
To view, visit https://gerrit.wikimedia.org/r/312295
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3bad006bf82ae1bbb747b70df919159925411aef
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to