[MediaWiki-commits] [Gerrit] Tool Labs: A number of configuration bits - change (operations/puppet)

Sat, 11 May 2013 11:20:16 -0700 

coren has submitted this change and it was merged.

Change subject: Tool Labs: A number of configuration bits
......................................................................


Tool Labs: A number of configuration bits

Additions to the toolabs:: classes to reflect actual current config.

Change-Id: I4ae42cafb9aee3a1e08d526e7c01099fb992604c
---
A modules/toollabs/files/40-tools-bastion-banner
A modules/toollabs/files/40-tools-infrastructure-banner
M modules/toollabs/manifests/bastion.pp
M modules/toollabs/manifests/exec_environ.pp
A modules/toollabs/manifests/infrastructure.pp
M modules/toollabs/manifests/init.pp
M modules/toollabs/manifests/master.pp
M modules/toollabs/manifests/shadow.pp
M modules/toollabs/manifests/webproxy.pp
M modules/toollabs/manifests/webserver.pp
10 files changed, 89 insertions(+), 2 deletions(-)

Approvals:
  coren: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/toollabs/files/40-tools-bastion-banner 
b/modules/toollabs/files/40-tools-bastion-banner
new file mode 100755
index 0000000..bfa5091
--- /dev/null
+++ b/modules/toollabs/files/40-tools-bastion-banner
@@ -0,0 +1,20 @@
+#! /bin/sh
+
+cat <<EOF
+
+         ##########          Wikimedia Tool Labs
+      #####      #####
+    ####   ######   ####     This is a server of the 
tools project, the home
+  *###  ############  ###*   of community-maintained 
external tools supporting
+   #  #####"""".>#####  #    Wikimedia projects and 
their users.
+ #.  ####(   \ ########  .#  
+ ##  #####)   #########  ##  
+ ##  ####'       """###  ##  
+ ##  ### # ###   #<<###  ##  Use of this system is 
subject to the Tool Labs
+  ##  ### ### ,# #####  ##   Terms of Use and Privacy 
Policies:
+   ###  ############  ###    - 
http://tools.wmflabs.org/?Rules
+    ####   ######   ####     
+      #####      #####       General guidance and help can 
be found at:
+         ####  ####          - 
http://tools.wmflabs.org/?Help
+
+EOF
diff --git a/modules/toollabs/files/40-tools-infrastructure-banner 
b/modules/toollabs/files/40-tools-infrastructure-banner
new file mode 100644
index 0000000..0905b34
--- /dev/null
+++ b/modules/toollabs/files/40-tools-infrastructure-banner
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+cat <<EOF
+      ^
+     / \    This server is part of the Tool Labs infrastructure.
+    / ! \
+   /_____\         "No user-serviceable parts inside."
+
+EOF
diff --git a/modules/toollabs/manifests/bastion.pp 
b/modules/toollabs/manifests/bastion.pp
index 4dd3010..406d743 100644
--- a/modules/toollabs/manifests/bastion.pp
+++ b/modules/toollabs/manifests/bastion.pp
@@ -21,8 +21,15 @@
     gridmaster => $gridmaster,
   }
 
+  file { "/etc/motd.d/40-bastion-banner":
+    ensure => file,
+    mode => "0755",
+    owner => "root",
+    group => "root",
+    source => "puppet:///modules/toollabs/40-$instanceproject-bastion-banner",
+  }
+
   # TODO: sshd config
-  # TODO: MOTD
   # TODO: local scripts
   # TODO: j* tools
   # TODO: cron setup
diff --git a/modules/toollabs/manifests/exec_environ.pp 
b/modules/toollabs/manifests/exec_environ.pp
index a93c4cd..8aa7900 100644
--- a/modules/toollabs/manifests/exec_environ.pp
+++ b/modules/toollabs/manifests/exec_environ.pp
@@ -90,6 +90,9 @@
     ensure => present
   }
 
+  sysctl { "vm.overcommit_memory": value => 2 }
+  sysctl { "vm.overcommit_ratio": value => 95 }
+
   # TODO: autofs overrides
   # TODO: PAM config
   # TODO: quotas
diff --git a/modules/toollabs/manifests/infrastructure.pp 
b/modules/toollabs/manifests/infrastructure.pp
new file mode 100644
index 0000000..ba38e19
--- /dev/null
+++ b/modules/toollabs/manifests/infrastructure.pp
@@ -0,0 +1,29 @@
+# Class: toollabs::infrastructure
+#
+# This role configures the instance as part of the infrastructure
+# where endusers are not expected to log in.  This class is not intended
+# to be used directly, but is included from some other classes.
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class toollabs::infrastructure {
+  file { "/etc/motd.d/40-infrastructure-banner":
+    ensure => file,
+    mode => "0755",
+    owner => "root",
+    group => "root",
+    source => 
"puppet:///modules/toollabs/40-$instanceproject-infrastructure-banner",
+  }
+
+  # Can you do this?
+  # $::restricted_from = 'local-admin'
+  # Nope.  Will this be visible from the template, then?
+  $restricted_from = 'local-admin'
+}
+
diff --git a/modules/toollabs/manifests/init.pp 
b/modules/toollabs/manifests/init.pp
index d75018d..fb5fc1a 100644
--- a/modules/toollabs/manifests/init.pp
+++ b/modules/toollabs/manifests/init.pp
@@ -52,5 +52,20 @@
     owner => "root",
     group => "root",
   }
+
+  # Tool Labs is enduser-facing, so we want to control the motd
+  # properly (most things make no sense for community users: they
+  # don't care that packages need updating, or that filesystems
+  # will be checked, for instance)
+
+  file { "/etc/motd.d":
+    ensure => directory,
+    mode => "0755",
+    owner => "root",
+    group => "root",
+    force => true,
+    recurse => true,
+    pruge => true,
+  }
 }
 
diff --git a/modules/toollabs/manifests/master.pp 
b/modules/toollabs/manifests/master.pp
index 335594c..2a996fc 100644
--- a/modules/toollabs/manifests/master.pp
+++ b/modules/toollabs/manifests/master.pp
@@ -13,6 +13,7 @@
 class toollabs::master {
   include toollabs,
     gridengine::master,
+    toollabs::infrastructure,
     toollabs::exec_environ
 
   # TODO: Grid config
diff --git a/modules/toollabs/manifests/shadow.pp 
b/modules/toollabs/manifests/shadow.pp
index 6bd24e4..ce6fab0 100644
--- a/modules/toollabs/manifests/shadow.pp
+++ b/modules/toollabs/manifests/shadow.pp
@@ -13,6 +13,7 @@
 #
 class toollabs::shadow($gridmaster) {
   include toollabs,
+    toollabs::infrastructure,
     toollabs::exec_environ
 
   class { 'gridengine::shadow_master':
diff --git a/modules/toollabs/manifests/webproxy.pp 
b/modules/toollabs/manifests/webproxy.pp
index b034611..f69599f 100644
--- a/modules/toollabs/manifests/webproxy.pp
+++ b/modules/toollabs/manifests/webproxy.pp
@@ -11,7 +11,8 @@
 # Sample Usage:
 #
 class toollabs::webproxy {
-  include toollabs
+  include toollabs,
+    toollabs::infrastructure
 
   #TODO: apache config
   #TODO: sshd config
diff --git a/modules/toollabs/manifests/webserver.pp 
b/modules/toollabs/manifests/webserver.pp
index 53dda51..b2d2eea 100644
--- a/modules/toollabs/manifests/webserver.pp
+++ b/modules/toollabs/manifests/webserver.pp
@@ -13,6 +13,7 @@
 #
 class toollabs::webserver($gridmaster) {
   include toollabs,
+    toollabs::infrastructure,
     toollabs::exec_environ
 
   class { 'gridengine::submit_host':

-- 
To view, visit https://gerrit.wikimedia.org/r/63283
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4ae42cafb9aee3a1e08d526e7c01099fb992604c
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to