[MediaWiki-commits] [Gerrit] operations/puppet[production]: Phabricator: Unbreak incoming email and harden config file p...

20after4 (Code Review) Mon, 21 Nov 2016 15:29:14 -0800

20after4 has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/322791


Change subject: Phabricator: Unbreak incoming email and harden config file 
permissions.
......................................................................

Phabricator: Unbreak incoming email and harden config file permissions.

refs T146055

Bug: T151229
Change-Id: Idfdb764e36de6fbe28db50c184e1b74bf485ddbd
---
M modules/phabricator/files/phab_epipe.py
M modules/phabricator/manifests/tools.pp
M modules/role/manifests/phabricator/main.pp
3 files changed, 16 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/91/322791/1

diff --git a/modules/phabricator/files/phab_epipe.py 
b/modules/phabricator/files/phab_epipe.py
index 950b907..81b09d8 100644
--- a/modules/phabricator/files/phab_epipe.py
+++ b/modules/phabricator/files/phab_epipe.py
@@ -53,6 +53,7 @@
 
 from phabricator import Phabricator
 
+os.environ['PHABRICATOR_ENV'] = 'mail'
 
 def extract_direct_task(list_of_dests):
     """returns a dest ticket number of available
diff --git a/modules/phabricator/manifests/tools.pp 
b/modules/phabricator/manifests/tools.pp
index 6e0dc97..085507b 100644
--- a/modules/phabricator/manifests/tools.pp
+++ b/modules/phabricator/manifests/tools.pp
@@ -27,6 +27,9 @@
     file { '/etc/phabtools.conf':
         content => template('phabricator/phabtools.conf.erb'),
         require => Package[$deploy_target],
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0660',
     }
 
     $dump_script = "${directory}/public_task_dump.py"
diff --git a/modules/role/manifests/phabricator/main.pp 
b/modules/role/manifests/phabricator/main.pp
index 74ad4dc..22cf1bf 100644
--- a/modules/role/manifests/phabricator/main.pp
+++ b/modules/role/manifests/phabricator/main.pp
@@ -45,6 +45,9 @@
     # todo: create a separate phd_user and phd_pass
     $daemons_user = $passwords::mysql::phabricator::app_user
     $daemons_pass = $passwords::mysql::phabricator::app_pass
+    # todo: create a separate mail_user and mail_pass?
+    $mail_user = $daemons_user
+    $mail_pass = $daemons_pass
 
     $conf_files = {
         'www' => {
@@ -74,6 +77,15 @@
                 'mysql.pass'        => $daemons_pass,
             }
         },
+        'mail' => {
+            'environment'       => 'mail',
+            'owner'             => 'root',
+            'group'             => 'mail',
+            'phab_settings'     => {
+                'mysql.user'        => $mail_user,
+                'mysql.pass'        => $mail_pass,
+            }
+        },
     }
 
 

-- 
To view, visit https://gerrit.wikimedia.org/r/322791
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idfdb764e36de6fbe28db50c184e1b74bf485ddbd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <mmod...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Phabricator: Unbreak incoming email and harden config file p...

Reply via email to