20after4 has uploaded a new change for review. https://gerrit.wikimedia.org/r/322791
Change subject: Phabricator: Unbreak incoming email and harden config file permissions. ...................................................................... Phabricator: Unbreak incoming email and harden config file permissions. refs T146055 Bug: T151229 Change-Id: Idfdb764e36de6fbe28db50c184e1b74bf485ddbd --- M modules/phabricator/files/phab_epipe.py M modules/phabricator/manifests/tools.pp M modules/role/manifests/phabricator/main.pp 3 files changed, 16 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/91/322791/1 diff --git a/modules/phabricator/files/phab_epipe.py b/modules/phabricator/files/phab_epipe.py index 950b907..81b09d8 100644 --- a/modules/phabricator/files/phab_epipe.py +++ b/modules/phabricator/files/phab_epipe.py @@ -53,6 +53,7 @@ from phabricator import Phabricator +os.environ['PHABRICATOR_ENV'] = 'mail' def extract_direct_task(list_of_dests): """returns a dest ticket number of available diff --git a/modules/phabricator/manifests/tools.pp b/modules/phabricator/manifests/tools.pp index 6e0dc97..085507b 100644 --- a/modules/phabricator/manifests/tools.pp +++ b/modules/phabricator/manifests/tools.pp @@ -27,6 +27,9 @@ file { '/etc/phabtools.conf': content => template('phabricator/phabtools.conf.erb'), require => Package[$deploy_target], + owner => 'root', + group => 'root', + mode => '0660', } $dump_script = "${directory}/public_task_dump.py" diff --git a/modules/role/manifests/phabricator/main.pp b/modules/role/manifests/phabricator/main.pp index 74ad4dc..22cf1bf 100644 --- a/modules/role/manifests/phabricator/main.pp +++ b/modules/role/manifests/phabricator/main.pp @@ -45,6 +45,9 @@ # todo: create a separate phd_user and phd_pass $daemons_user = $passwords::mysql::phabricator::app_user $daemons_pass = $passwords::mysql::phabricator::app_pass + # todo: create a separate mail_user and mail_pass? + $mail_user = $daemons_user + $mail_pass = $daemons_pass $conf_files = { 'www' => { @@ -74,6 +77,15 @@ 'mysql.pass' => $daemons_pass, } }, + 'mail' => { + 'environment' => 'mail', + 'owner' => 'root', + 'group' => 'mail', + 'phab_settings' => { + 'mysql.user' => $mail_user, + 'mysql.pass' => $mail_pass, + } + }, } -- To view, visit https://gerrit.wikimedia.org/r/322791 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idfdb764e36de6fbe28db50c184e1b74bf485ddbd Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: 20after4 <mmod...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits