Andrew Bogott has submitted this change and it was merged.
Change subject: Add a 'generic' module.
......................................................................
Add a 'generic' module.
This is a catch-all for bits of the old manifests/generic-definitions.pp
that had nowhere else to go.
Change-Id: I3a5ef3a200bf0d0722c99ab351ba0be98c1e9de1
---
M manifests/facilities.pp
M manifests/ganglia.pp
M manifests/generic-definitions.pp
M manifests/gerrit.pp
M manifests/lvs.pp
M manifests/mail.pp
M manifests/misc/bugzilla.pp
M manifests/misc/fundraising.pp
M manifests/misc/gitblit.pp
M manifests/misc/icinga.pp
M manifests/misc/install-server.pp
M manifests/misc/logging.pp
M manifests/misc/mwlib.pp
M manifests/misc/parsoid.pp
M manifests/misc/planet.pp
M manifests/misc/statistics.pp
M manifests/misc/wikibugs.pp
M manifests/misc/wikistats.pp
M manifests/nfs.pp
M manifests/openstack.pp
M manifests/role/otrs.pp
M manifests/search.pp
M modules/applicationserver/manifests/pybal_check.pp
M modules/base/manifests/platform.pp
M modules/contint/manifests/testswarm.pp
M modules/coredb_mysql/manifests/base.pp
M modules/deployment/manifests/deployment_server.pp
M modules/dynamicproxy/manifests/api.pp
M modules/ganglia_new/manifests/monitor/aggregator.pp
M modules/ganglia_new/manifests/monitor/service.pp
A modules/generic/README
R modules/generic/files/environment/umask-wikidev-profile-d.sh
R modules/generic/files/locales/local_int
R modules/generic/files/upstart/dynamicproxy-api.conf
R modules/generic/files/upstart/enable-rps.conf
R modules/generic/files/upstart/fcgi-thumb-handler.conf
R modules/generic/files/upstart/manage-nfs-volumes.conf
R modules/generic/files/upstart/manage-volumes.conf
R modules/generic/files/upstart/nfs-noidmap.conf
R modules/generic/files/upstart/rsync-images.conf
R modules/generic/files/upstart/twemproxy.conf
R modules/generic/files/upstart/varnishncsa.conf
A modules/generic/manifests/debconf/set.pp
A modules/generic/manifests/higher_min_free_kbytes.pp
A modules/generic/manifests/locales/international.pp
A modules/generic/manifests/systemuser.pp
A modules/generic/manifests/upstart_job.pp
A modules/generic/manifests/wikidev-umask.pp
M modules/jenkins/manifests/slave.pp
M modules/jenkins/manifests/user.pp
M modules/mediawiki/manifests/twemproxy.pp
M modules/mediawiki/manifests/users/l10nupdate.pp
M modules/mediawiki/manifests/users/mwdeploy.pp
M modules/mysql_multi_instance/manifests/init.pp
54 files changed, 151 insertions(+), 153 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/facilities.pp b/manifests/facilities.pp
index 5205eab..14e485b 100644
--- a/manifests/facilities.pp
+++ b/manifests/facilities.pp
@@ -118,7 +118,7 @@
class facilities::dc-cam-transcoder {
system::role { "misc::dc-cam-transcoder": description => "Data center
camera transcoder" }
- systemuser { video: name => "video", home => "/var/lib/video" }
+ generic::systemuser { video: name => "video", home => "/var/lib/video" }
package { "vlc-nox":
ensure => latest;
diff --git a/manifests/ganglia.pp b/manifests/ganglia.pp
index 0cd601f..10d6fed 100644
--- a/manifests/ganglia.pp
+++ b/manifests/ganglia.pp
@@ -242,7 +242,7 @@
ensure => running;
}
- systemuser { gmetric: name => "gmetric", home => "/home/gmetric",
shell => "/bin/sh" }
+ generic::systemuser { gmetric: name => "gmetric", home =>
"/home/gmetric", shell => "/bin/sh" }
}
# Class for setting up the collector (gmetad)
diff --git a/manifests/generic-definitions.pp b/manifests/generic-definitions.pp
index 2e8a7fd..23b3590 100644
--- a/manifests/generic-definitions.pp
+++ b/manifests/generic-definitions.pp
@@ -2,33 +2,6 @@
#
# File that contains generally useful definitions, e.g. for creating system
users
-# Creates a system username with associated group, random uid/gid, and
/bin/false as shell
-define systemuser($name, $home=undef, $managehome=true, $shell="/bin/false",
$groups=undef, $default_group=$name, $ensure=present) {
- # FIXME: deprecate $name parameter in favor of just using $title
-
- if $default_group == $name {
- group { $default_group:
- name => $default_group,
- ensure => present;
- }
- }
-
- user { $name:
- require => Group[$default_group],
- name => $name,
- gid => $default_group,
- home => $home ? {
- undef => "/var/lib/${name}",
- default => $home
- },
- managehome => $managehome,
- shell => $shell,
- groups => $groups,
- system => true,
- ensure => $ensure;
- }
-}
-
# Enables a certain Apache 2 site
define apache_site($name, $prefix="", $ensure="link") {
file { "/etc/apache2/sites-enabled/${prefix}${name}":
@@ -102,30 +75,6 @@
}
-# Create a symlink in /etc/init.d/ to a generic upstart init script
-define upstart_job($install="false", $start="false") {
- # Create symlink
- file { "/etc/init.d/${title}":
- ensure => "/lib/init/upstart-job";
- }
-
- if $install == "true" {
- file { "/etc/init/${title}.conf":
- source => "puppet:///files/upstart/${title}.conf"
- }
- }
-
- if $start == "true" {
- exec { "start $title":
- require => File["/etc/init/${title}.conf"],
- subscribe => File["/etc/init/${title}.conf"],
- refreshonly => true,
- command => "start ${title}",
- path => "/bin:/sbin:/usr/bin:/usr/sbin"
- }
- }
-}
-
class generic::packages::ant18 {
if ($::lsbdistcodename == "lucid") {
@@ -146,68 +95,5 @@
} else {
# Ubuntu post Lucid ship by default with ant 1.8 or later
package { ["ant"]: ensure => installed; }
- }
-}
-
-# this installs a bunch of international locales, f.e. for "planet" on singer
-class generic::locales::international {
-
- package { 'locales':
- ensure => latest;
- }
-
- file { "/var/lib/locales/supported.d/local":
- source => "puppet:///files/locales/local_int",
- owner => "root",
- group => "root",
- mode => 0444;
- }
-
- exec { "/usr/sbin/locale-gen":
- subscribe => File["/var/lib/locales/supported.d/local"],
- refreshonly => true,
- require => File["/var/lib/locales/supported.d/local"];
- }
-}
-
-# Definition: generic::debconf::set
-# Changes a debconf value
-#
-# Parameters:
-# - $title
-# Debconf setting, e.g. mailman/used_languages
-# - $value
-# The value $title should be set to
-define generic::debconf::set($value) {
- exec { "debconf-communicate set $title":
- path => "/usr/bin:/usr/sbin:/bin:/sbin",
- command => "echo set ${title} \"${value}\" |
debconf-communicate",
- unless => "test \"$(echo get ${title} | debconf-communicate)\"
= \"0 ${value}\""
- }
-}
-
-class generic::wikidev-umask {
-
- # set umask to 0002 for wikidev users, per RT-804
- file {
- "/etc/profile.d/umask-wikidev.sh":
- ensure => present,
- owner => root,
- group => root,
- mode => 0444,
- source =>
"puppet:///files/environment/umask-wikidev-profile-d.sh";
- }
-}
-
-
-class generic::higher_min_free_kbytes {
- # Set a high min_free_kbytes watermark.
- # See https://wikitech.wikimedia.org/wiki/Dataset1001#Feb_8_2012
- # FIXME: Is this setting appropriate to the nodes on which it is
applied? Is
- # the value optimal? Investigate.
- sysctl::parameters { 'higher_min_free_kbytes':
- values => {
- 'vm.min_free_kbytes' => 1024 * 256,
- },
}
}
diff --git a/manifests/gerrit.pp b/manifests/gerrit.pp
index 63d6cf2..7238d58 100644
--- a/manifests/gerrit.pp
+++ b/manifests/gerrit.pp
@@ -318,7 +318,7 @@
# Setup the `gerritslave` account on any host that wants to receive
# replication. See role::gerrit::production::replicationdest
class gerrit::replicationdest( $sshkey, $extra_groups = undef, $slaveuser =
"gerritslave" ) {
- systemuser { $slaveuser:
+ generic::systemuser { $slaveuser:
name => $slaveuser,
groups => $extra_groups,
shell => "/bin/bash";
diff --git a/manifests/lvs.pp b/manifests/lvs.pp
index 4cfe345..381853d 100644
--- a/manifests/lvs.pp
+++ b/manifests/lvs.pp
@@ -938,7 +938,7 @@
},
}
- upstart_job { "enable-rps": install => "true", start => "true" }
+ generic::upstart_job { "enable-rps": install => "true", start => "true"
}
}
# Supporting the PyBal RunCommand monitor
diff --git a/manifests/mail.pp b/manifests/mail.pp
index eb46188..10d8102 100644
--- a/manifests/mail.pp
+++ b/manifests/mail.pp
@@ -267,7 +267,7 @@
# /usr/share/doc/clamav-base/README.Debian.gz
class clamav {
- systemuser { "clamav":
+ generic::systemuser { "clamav":
name => "clamav",
groups => "Debian-exim", # needed for exim integration
}
@@ -316,7 +316,7 @@
# this seems broken, especially since /var/spamd is unused
# and spamd's homedir is created as /var/lib/spamd
if ( $spamd_user == "spamd" ) {
- systemuser { "spamd": name => "spamd" }
+ generic::systemuser { "spamd": name => "spamd" }
file { "/var/spamd":
require => Systemuser[spamd],
ensure => directory,
diff --git a/manifests/misc/bugzilla.pp b/manifests/misc/bugzilla.pp
index e818478..222a665 100644
--- a/manifests/misc/bugzilla.pp
+++ b/manifests/misc/bugzilla.pp
@@ -68,7 +68,7 @@
class misc::bugzilla::report {
- systemuser { 'bzreporter': name => 'reporter', home => '/home/reporter',
groups => [ 'reporter' ] }
+ generic::systemuser { 'bzreporter': name => 'reporter', home =>
'/home/reporter', groups => [ 'reporter' ] }
require passwords::bugzilla
diff --git a/manifests/misc/fundraising.pp b/manifests/misc/fundraising.pp
index f2b71ea..d3a0ccd 100644
--- a/manifests/misc/fundraising.pp
+++ b/manifests/misc/fundraising.pp
@@ -307,7 +307,7 @@
class misc::fundraising::backup::backupmover_user {
- systemuser { backupmover: name => 'backupmover', home =>
'/var/lib/backupmover', shell => '/bin/sh' }
+ generic::systemuser { backupmover: name => 'backupmover', home =>
'/var/lib/backupmover', shell => '/bin/sh' }
ssh_authorized_key {
'backupmover/root@boron':
diff --git a/manifests/misc/gitblit.pp b/manifests/misc/gitblit.pp
index a053a03..06f4847 100644
--- a/manifests/misc/gitblit.pp
+++ b/manifests/misc/gitblit.pp
@@ -11,7 +11,7 @@
include webserver::apache
- systemuser { $user: name => $user }
+ generic::systemuser { $user: name => $user }
file {
"/etc/apache2/sites-available/git.wikimedia.org":
diff --git a/manifests/misc/icinga.pp b/manifests/misc/icinga.pp
index 40372fb..9606d06 100644
--- a/manifests/misc/icinga.pp
+++ b/manifests/misc/icinga.pp
@@ -812,7 +812,7 @@
}
# snmp tarp stuff
- systemuser { 'snmptt': name => 'snmptt', home => '/var/spool/snmptt', groups
=> [ 'snmptt', 'nagios' ] }
+ generic::systemuser { 'snmptt': name => 'snmptt', home =>
'/var/spool/snmptt', groups => [ 'snmptt', 'nagios' ] }
package { 'snmpd':
ensure => latest;
diff --git a/manifests/misc/install-server.pp b/manifests/misc/install-server.pp
index 24b3e1e..eea0fe4 100644
--- a/manifests/misc/install-server.pp
+++ b/manifests/misc/install-server.pp
@@ -170,7 +170,7 @@
}
# System user and group for mirroring
- systemuser { 'mirror': name => 'mirror', home => '/var/lib/mirror' }
+ generic::systemuser { 'mirror': name => 'mirror', home =>
'/var/lib/mirror' }
# Mirror update cron entry
cron { 'update-ubuntu-mirror':
diff --git a/manifests/misc/logging.pp b/manifests/misc/logging.pp
index 2a97491..c720a01 100644
--- a/manifests/misc/logging.pp
+++ b/manifests/misc/logging.pp
@@ -62,7 +62,7 @@
# Configure and start the upstart job for
# luanching the socat multicast relay daemon.
- # Note: Not using upstart_job define here since
+ # Note: Not using generic::upstart_job define here since
# it doesn't support using ERb templates.
if $multicast {
diff --git a/manifests/misc/mwlib.pp b/manifests/misc/mwlib.pp
index 8049b81..abd99c0 100644
--- a/manifests/misc/mwlib.pp
+++ b/manifests/misc/mwlib.pp
@@ -13,5 +13,5 @@
}
class misc::mwlib::users {
- systemuser { "pp": name => "pp", home => "/opt/pp", shell =>
"/bin/bash" }
+ generic::systemuser { "pp": name => "pp", home => "/opt/pp", shell =>
"/bin/bash" }
}
diff --git a/manifests/misc/parsoid.pp b/manifests/misc/parsoid.pp
index 046ef2c..fa247a1 100644
--- a/manifests/misc/parsoid.pp
+++ b/manifests/misc/parsoid.pp
@@ -31,7 +31,7 @@
mode => 0555;
}
- systemuser {
+ generic::systemuser {
parsoid:
name => "parsoid",
default_group => "parsoid",
diff --git a/manifests/misc/planet.pp b/manifests/misc/planet.pp
index ef9d646..e48c3b7 100644
--- a/manifests/misc/planet.pp
+++ b/manifests/misc/planet.pp
@@ -9,7 +9,7 @@
ensure => latest;
}
- systemuser { 'planet': name => 'planet', home => '/var/lib/planet', groups
=> [ 'planet' ] }
+ generic::systemuser { 'planet': name => 'planet', home =>
'/var/lib/planet', groups => [ 'planet' ] }
File {
owner => 'planet',
diff --git a/manifests/misc/statistics.pp b/manifests/misc/statistics.pp
index fc9b7a3..a478e87 100644
--- a/manifests/misc/statistics.pp
+++ b/manifests/misc/statistics.pp
@@ -43,7 +43,7 @@
$username = "stats"
$homedir = "/var/lib/$username"
- systemuser { $username:
+ generic::systemuser { $username:
name => $username,
home => $homedir,
groups => "wikidev",
diff --git a/manifests/misc/wikibugs.pp b/manifests/misc/wikibugs.pp
index c86b436..554d890 100644
--- a/manifests/misc/wikibugs.pp
+++ b/manifests/misc/wikibugs.pp
@@ -32,7 +32,7 @@
include misc::ircecho
include misc::irc::wikibugs::packages
- systemuser { 'wikibugs': name => 'wikibugs' }
+ generic::systemuser { 'wikibugs': name => 'wikibugs' }
File {
owner => 'wikibugs',
diff --git a/manifests/misc/wikistats.pp b/manifests/misc/wikistats.pp
index 6e08834..cde1a09 100644
--- a/manifests/misc/wikistats.pp
+++ b/manifests/misc/wikistats.pp
@@ -4,7 +4,7 @@
class misc::wikistats {
system::role { 'misc::wikistats': description => 'wikistats host' }
- systemuser { wikistats: name => 'wikistats', home =>
'/usr/lib/wikistats', groups => [ 'wikistats' ] }
+ generic::systemuser { wikistats: name => 'wikistats', home =>
'/usr/lib/wikistats', groups => [ 'wikistats' ] }
}
# the web UI part (output)
diff --git a/manifests/nfs.pp b/manifests/nfs.pp
index f717330..28ab971 100644
--- a/manifests/nfs.pp
+++ b/manifests/nfs.pp
@@ -161,7 +161,7 @@
}
} # /production
'labs': {
- systemuser { 'wikipediauser':
+ generic::systemuser { 'wikipediauser':
name => 'wikipedia',
home => '/home/wikipedia'
}
diff --git a/manifests/openstack.pp b/manifests/openstack.pp
index e14edfb..6bac80a 100644
--- a/manifests/openstack.pp
+++ b/manifests/openstack.pp
@@ -214,7 +214,7 @@
mode => 0755;
}
- upstart_job{ "manage-volumes":
+ generic::upstart_job{ "manage-volumes":
require => Package["glusterfs-server"],
install => "true";
}
@@ -227,7 +227,7 @@
}
class openstack::project-nfs-storage-service {
- upstart_job{ "manage-nfs-volumes":
+ generic::upstart_job{ "manage-nfs-volumes":
install => "true";
}
@@ -241,7 +241,7 @@
'ALL = NOPASSWD: /bin/rmdir /srv/*',
'ALL = NOPASSWD: /usr/local/sbin/sync-exports' ]
sudo_user { [ "nfsmanager" ]: privileges => $sudo_privs, require =>
Systemuser["nfsmanager"] }
- systemuser { "nfsmanager": name => "nfsmanager", home =>
"/var/lib/nfsmanager", shell => "/bin/bash" }
+ generic::systemuser { "nfsmanager": name => "nfsmanager", home =>
"/var/lib/nfsmanager", shell => "/bin/bash" }
}
class openstack::project-storage {
@@ -256,7 +256,7 @@
ensure => present;
}
- systemuser { "glustermanager": name => "glustermanager", home =>
"/var/lib/glustermanager", shell => "/bin/bash" }
+ generic::systemuser { "glustermanager": name => "glustermanager", home
=> "/var/lib/glustermanager", shell => "/bin/bash" }
ssh_authorized_key {
"glustermanager":
ensure => present,
diff --git a/manifests/role/otrs.pp b/manifests/role/otrs.pp
index 4635e73..0581466 100644
--- a/manifests/role/otrs.pp
+++ b/manifests/role/otrs.pp
@@ -10,7 +10,7 @@
webserver::apache,
nrpe
- systemuser { 'otrs':
+ generic::systemuser { 'otrs':
name => 'otrs',
home => '/var/lib/otrs',
groups => 'www-data',
diff --git a/manifests/search.pp b/manifests/search.pp
index c610378..ea445be 100644
--- a/manifests/search.pp
+++ b/manifests/search.pp
@@ -133,7 +133,7 @@
class users {
include groups::search
- systemuser { "lsearch": name => "lsearch", default_group =>
"search"}
+ generic::systemuser { "lsearch": name => "lsearch",
default_group => "search"}
}
class indexer {
diff --git a/modules/applicationserver/manifests/pybal_check.pp
b/modules/applicationserver/manifests/pybal_check.pp
index 0ab7734..634ca0f 100644
--- a/modules/applicationserver/manifests/pybal_check.pp
+++ b/modules/applicationserver/manifests/pybal_check.pp
@@ -3,7 +3,7 @@
$authorized_key = 'command="uptime; touch /var/tmp/pybal-check.stamp"
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAwyiL/ImTNOjoP/8k1UFQRM9pcspHp3yIsH/8TYXH/HJ1rQVjMleq6IQ6ZwAXhKfw/v1xV28SbkctB8pISZoR4rcCqOIN+osXkCB419JydCEb5abPS4mB5Gkn2bZAF43DGr5kaW+HYIsgtZ+QEC+nS4j3NA/Bjb7lAbHUtHVuC6BCOaZfGf+Q2FO4Z6xC7zc/1ngaDgvrXYzyCvXzTAQmcZH0d2/GoS1DQoLdLzqu66aZK1dmn9TAHV4a3R4gp7El7OzVHqDp1E6y0sopd+qKNAw/3GgXC91XJ3XO22h+ZnVovIpIS01CJ6GiBig/55Xrh//9Wuw5GFQuCptYbPQr4Q==
root@lvs4'
# Create pybal-check user account
- systemuser { "pybal-check": name => "pybal-check", home =>
"/var/lib/pybal-check", shell => "/bin/sh" }
+ generic::systemuser { "pybal-check": name => "pybal-check", home =>
"/var/lib/pybal-check", shell => "/bin/sh" }
file {
"/var/lib/pybal-check/.ssh":
diff --git a/modules/base/manifests/platform.pp
b/modules/base/manifests/platform.pp
index 2d8dcb4..b1d3db6 100644
--- a/modules/base/manifests/platform.pp
+++ b/modules/base/manifests/platform.pp
@@ -50,7 +50,7 @@
mode => '0444',
content => $console_upstart_file;
}
- upstart_job { $lom_serial_port: require =>
File["/etc/init/${lom_serial_port}.conf"] }
+ generic::upstart_job { $lom_serial_port: require =>
File["/etc/init/${lom_serial_port}.conf"] }
}
}
diff --git a/modules/contint/manifests/testswarm.pp
b/modules/contint/manifests/testswarm.pp
index 1e007c5..fc21ade 100644
--- a/modules/contint/manifests/testswarm.pp
+++ b/modules/contint/manifests/testswarm.pp
@@ -7,7 +7,7 @@
class contint::testswarm {
# Create a user to run the cronjob with
- systemuser { 'testswarm':
+ generic::systemuser { 'testswarm':
name => 'testswarm',
home => '/var/lib/testswarm',
shell => '/bin/false',
diff --git a/modules/coredb_mysql/manifests/base.pp
b/modules/coredb_mysql/manifests/base.pp
index f19b679..387619b 100644
--- a/modules/coredb_mysql/manifests/base.pp
+++ b/modules/coredb_mysql/manifests/base.pp
@@ -2,7 +2,7 @@
class coredb_mysql::base {
require coredb_mysql::packages
- systemuser { 'mysql':
+ generic::systemuser { 'mysql':
name => 'mysql',
shell => '/bin/sh',
home => '/home/mysql',
diff --git a/modules/deployment/manifests/deployment_server.pp
b/modules/deployment/manifests/deployment_server.pp
index 1b1fec6..e4667bd 100644
--- a/modules/deployment/manifests/deployment_server.pp
+++ b/modules/deployment/manifests/deployment_server.pp
@@ -119,7 +119,7 @@
value => 'sartoris',
replace => true;
}
- systemuser {
+ generic::systemuser {
'sartoris': name => 'sartoris', shell => '/bin/false', home =>
'/nonexistent', groups => $deployer_groups
}
}
diff --git a/modules/dynamicproxy/manifests/api.pp
b/modules/dynamicproxy/manifests/api.pp
index d0bc8c4..bc07dc6 100644
--- a/modules/dynamicproxy/manifests/api.pp
+++ b/modules/dynamicproxy/manifests/api.pp
@@ -9,7 +9,7 @@
require => Package['python-flask'],
}
- upstart_job{ 'dynamicproxy-api':
+ generic::upstart_job{ 'dynamicproxy-api':
require => Package['python-invisible-unicorn',
'python-flask-sqlalchemy', 'redis', 'python-flask'],
install => 'true',
start => 'true'
diff --git a/modules/ganglia_new/manifests/monitor/aggregator.pp
b/modules/ganglia_new/manifests/monitor/aggregator.pp
index d69adf8..4d4cd10 100644
--- a/modules/ganglia_new/manifests/monitor/aggregator.pp
+++ b/modules/ganglia_new/manifests/monitor/aggregator.pp
@@ -18,7 +18,7 @@
mode => 0444;
}
- upstart_job { "ganglia-monitor-aggregator-instance": }
+ generic::upstart_job { "ganglia-monitor-aggregator-instance": }
define site_instances() {
# Instantiate aggregators for all clusters for this site
($title)
diff --git a/modules/ganglia_new/manifests/monitor/service.pp
b/modules/ganglia_new/manifests/monitor/service.pp
index efc57d6..8159539 100644
--- a/modules/ganglia_new/manifests/monitor/service.pp
+++ b/modules/ganglia_new/manifests/monitor/service.pp
@@ -6,7 +6,7 @@
mode => 0444
}
- upstart_job { "ganglia-monitor": }
+ generic::upstart_job { "ganglia-monitor": }
service { "ganglia-monitor":
require => File["/etc/init/ganglia-monitor.conf"],
diff --git a/modules/generic/README b/modules/generic/README
new file mode 100644
index 0000000..498c45f
--- /dev/null
+++ b/modules/generic/README
@@ -0,0 +1,5 @@
+This is an OK place for one-off classes that are used only at WMF.
+
+Still, it's kind of a hack to have a 'generic' module, so please try your
+best to fit your class into another better-organized module before dumping
+it here.
diff --git a/files/environment/umask-wikidev-profile-d.sh
b/modules/generic/files/environment/umask-wikidev-profile-d.sh
similarity index 100%
rename from files/environment/umask-wikidev-profile-d.sh
rename to modules/generic/files/environment/umask-wikidev-profile-d.sh
diff --git a/files/locales/local_int b/modules/generic/files/locales/local_int
similarity index 100%
rename from files/locales/local_int
rename to modules/generic/files/locales/local_int
diff --git a/files/upstart/dynamicproxy-api.conf
b/modules/generic/files/upstart/dynamicproxy-api.conf
similarity index 100%
rename from files/upstart/dynamicproxy-api.conf
rename to modules/generic/files/upstart/dynamicproxy-api.conf
diff --git a/files/upstart/enable-rps.conf
b/modules/generic/files/upstart/enable-rps.conf
similarity index 100%
rename from files/upstart/enable-rps.conf
rename to modules/generic/files/upstart/enable-rps.conf
diff --git a/files/upstart/fcgi-thumb-handler.conf
b/modules/generic/files/upstart/fcgi-thumb-handler.conf
similarity index 100%
rename from files/upstart/fcgi-thumb-handler.conf
rename to modules/generic/files/upstart/fcgi-thumb-handler.conf
diff --git a/files/upstart/manage-nfs-volumes.conf
b/modules/generic/files/upstart/manage-nfs-volumes.conf
similarity index 100%
rename from files/upstart/manage-nfs-volumes.conf
rename to modules/generic/files/upstart/manage-nfs-volumes.conf
diff --git a/files/upstart/manage-volumes.conf
b/modules/generic/files/upstart/manage-volumes.conf
similarity index 100%
rename from files/upstart/manage-volumes.conf
rename to modules/generic/files/upstart/manage-volumes.conf
diff --git a/files/upstart/nfs-noidmap.conf
b/modules/generic/files/upstart/nfs-noidmap.conf
similarity index 100%
rename from files/upstart/nfs-noidmap.conf
rename to modules/generic/files/upstart/nfs-noidmap.conf
diff --git a/files/upstart/rsync-images.conf
b/modules/generic/files/upstart/rsync-images.conf
similarity index 100%
rename from files/upstart/rsync-images.conf
rename to modules/generic/files/upstart/rsync-images.conf
diff --git a/files/upstart/twemproxy.conf
b/modules/generic/files/upstart/twemproxy.conf
similarity index 100%
rename from files/upstart/twemproxy.conf
rename to modules/generic/files/upstart/twemproxy.conf
diff --git a/files/upstart/varnishncsa.conf
b/modules/generic/files/upstart/varnishncsa.conf
similarity index 100%
rename from files/upstart/varnishncsa.conf
rename to modules/generic/files/upstart/varnishncsa.conf
diff --git a/modules/generic/manifests/debconf/set.pp
b/modules/generic/manifests/debconf/set.pp
new file mode 100644
index 0000000..5004408
--- /dev/null
+++ b/modules/generic/manifests/debconf/set.pp
@@ -0,0 +1,15 @@
+# Definition: generic::debconf::set
+# Changes a debconf value
+#
+# Parameters:
+# - $title
+# Debconf setting, e.g. mailman/used_languages
+# - $value
+# The value $title should be set to
+define generic::debconf::set($value) {
+ exec { "debconf-communicate set $title":
+ path => "/usr/bin:/usr/sbin:/bin:/sbin",
+ command => "echo set ${title} \"${value}\" |
debconf-communicate",
+ unless => "test \"$(echo get ${title} | debconf-communicate)\"
= \"0 ${value}\""
+ }
+}
diff --git a/modules/generic/manifests/higher_min_free_kbytes.pp
b/modules/generic/manifests/higher_min_free_kbytes.pp
new file mode 100644
index 0000000..c26968d
--- /dev/null
+++ b/modules/generic/manifests/higher_min_free_kbytes.pp
@@ -0,0 +1,11 @@
+class generic::higher_min_free_kbytes {
+ # Set a high min_free_kbytes watermark.
+ # See https://wikitech.wikimedia.org/wiki/Dataset1001#Feb_8_2012
+ # FIXME: Is this setting appropriate to the nodes on which it is
applied? Is
+ # the value optimal? Investigate.
+ sysctl::parameters { 'higher_min_free_kbytes':
+ values => {
+ 'vm.min_free_kbytes' => 1024 * 256,
+ },
+ }
+}
diff --git a/modules/generic/manifests/locales/international.pp
b/modules/generic/manifests/locales/international.pp
new file mode 100644
index 0000000..54ab949
--- /dev/null
+++ b/modules/generic/manifests/locales/international.pp
@@ -0,0 +1,20 @@
+# this installs a bunch of international locales, f.e. for "planet" on singer
+class generic::locales::international {
+
+ package { 'locales':
+ ensure => latest;
+ }
+
+ file { "/var/lib/locales/supported.d/local":
+ source => "puppet:///modules/generic/locales/local_int",
+ owner => "root",
+ group => "root",
+ mode => 0444;
+ }
+
+ exec { "/usr/sbin/locale-gen":
+ subscribe => File["/var/lib/locales/supported.d/local"],
+ refreshonly => true,
+ require => File["/var/lib/locales/supported.d/local"];
+ }
+}
diff --git a/modules/generic/manifests/systemuser.pp
b/modules/generic/manifests/systemuser.pp
new file mode 100644
index 0000000..a9761b9
--- /dev/null
+++ b/modules/generic/manifests/systemuser.pp
@@ -0,0 +1,26 @@
+# Creates a system username with associated group, random uid/gid, and
/bin/false as shell
+define generic::systemuser($name, $home=undef, $managehome=true,
$shell="/bin/false", $groups=undef, $default_group=$name, $ensure=present) {
+ # FIXME: deprecate $name parameter in favor of just using $title
+
+ if $default_group == $name {
+ group { $default_group:
+ name => $default_group,
+ ensure => present;
+ }
+ }
+
+ user { $name:
+ require => Group[$default_group],
+ name => $name,
+ gid => $default_group,
+ home => $home ? {
+ undef => "/var/lib/${name}",
+ default => $home
+ },
+ managehome => $managehome,
+ shell => $shell,
+ groups => $groups,
+ system => true,
+ ensure => $ensure;
+ }
+}
diff --git a/modules/generic/manifests/upstart_job.pp
b/modules/generic/manifests/upstart_job.pp
new file mode 100644
index 0000000..a2e5b46
--- /dev/null
+++ b/modules/generic/manifests/upstart_job.pp
@@ -0,0 +1,23 @@
+# Create a symlink in /etc/init.d/ to a generic upstart init script
+define generic::upstart_job($install="false", $start="false") {
+ # Create symlink
+ file { "/etc/init.d/${title}":
+ ensure => "/lib/init/upstart-job";
+ }
+
+ if $install == "true" {
+ file { "/etc/init/${title}.conf":
+ source =>
"puppet:///modules/generic/upstart/${title}.conf"
+ }
+ }
+
+ if $start == "true" {
+ exec { "start $title":
+ require => File["/etc/init/${title}.conf"],
+ subscribe => File["/etc/init/${title}.conf"],
+ refreshonly => true,
+ command => "start ${title}",
+ path => "/bin:/sbin:/usr/bin:/usr/sbin"
+ }
+ }
+}
diff --git a/modules/generic/manifests/wikidev-umask.pp
b/modules/generic/manifests/wikidev-umask.pp
new file mode 100644
index 0000000..0c1d9e7
--- /dev/null
+++ b/modules/generic/manifests/wikidev-umask.pp
@@ -0,0 +1,12 @@
+class generic::wikidev-umask {
+
+ # set umask to 0002 for wikidev users, per RT-804
+ file {
+ "/etc/profile.d/umask-wikidev.sh":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0444,
+ source =>
"puppet:///modules/generic/environment/umask-wikidev-profile-d.sh";
+ }
+}
diff --git a/modules/jenkins/manifests/slave.pp
b/modules/jenkins/manifests/slave.pp
index 0612824..e23d2e9 100644
--- a/modules/jenkins/manifests/slave.pp
+++ b/modules/jenkins/manifests/slave.pp
@@ -10,7 +10,7 @@
include jenkins::slave::requisites
- systemuser { $user:
+ generic::systemuser { $user:
ensure => present,
name => $user,
shell => '/bin/bash',
diff --git a/modules/jenkins/manifests/user.pp
b/modules/jenkins/manifests/user.pp
index 486c601..f2f4877 100644
--- a/modules/jenkins/manifests/user.pp
+++ b/modules/jenkins/manifests/user.pp
@@ -2,7 +2,7 @@
include jenkins::group
- # We do not use systemuser{} since we would like to keep
+ # We do not use generic::systemuser{} since we would like to keep
# the group definition in the jenkins module.
user { 'jenkins':
name => 'jenkins',
diff --git a/modules/mediawiki/manifests/twemproxy.pp
b/modules/mediawiki/manifests/twemproxy.pp
index 0bb15f8..4dadcd3 100644
--- a/modules/mediawiki/manifests/twemproxy.pp
+++ b/modules/mediawiki/manifests/twemproxy.pp
@@ -3,7 +3,7 @@
ensure => latest;
}
- upstart_job { "twemproxy": install => "true", start => "true" }
+ generic::upstart_job { "twemproxy": install => "true", start => "true" }
service { twemproxy:
require => [ Package[twemproxy], Upstart_job[twemproxy] ],
diff --git a/modules/mediawiki/manifests/users/l10nupdate.pp
b/modules/mediawiki/manifests/users/l10nupdate.pp
index f724369..af0447a 100644
--- a/modules/mediawiki/manifests/users/l10nupdate.pp
+++ b/modules/mediawiki/manifests/users/l10nupdate.pp
@@ -5,7 +5,7 @@
require groups::l10nupdate
- systemuser { 'l10nupdate': name => 'l10nupdate', home =>
'/home/l10nupdate', default_group => 10002, shell => '/bin/bash' }
+ generic::systemuser { 'l10nupdate': name => 'l10nupdate', home =>
'/home/l10nupdate', default_group => 10002, shell => '/bin/bash' }
file {
"/home/l10nupdate/.ssh":
diff --git a/modules/mediawiki/manifests/users/mwdeploy.pp
b/modules/mediawiki/manifests/users/mwdeploy.pp
index c32a50a..6b9f204 100644
--- a/modules/mediawiki/manifests/users/mwdeploy.pp
+++ b/modules/mediawiki/manifests/users/mwdeploy.pp
@@ -1,5 +1,5 @@
# mediawiki base mw deploy user
class mediawiki::users::mwdeploy {
## mwdeploy user
- systemuser { 'mwdeploy': name => 'mwdeploy' }
+ generic::systemuser { 'mwdeploy': name => 'mwdeploy' }
}
diff --git a/modules/mysql_multi_instance/manifests/init.pp
b/modules/mysql_multi_instance/manifests/init.pp
index d2a6bcc..717ba33 100644
--- a/modules/mysql_multi_instance/manifests/init.pp
+++ b/modules/mysql_multi_instance/manifests/init.pp
@@ -23,7 +23,7 @@
ensure => latest,
}
- systemuser {
+ generic::systemuser {
"mysql": name => "mysql", shell => "/bin/sh", home => "/home/mysql"
}
--
To view, visit https://gerrit.wikimedia.org/r/92339
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I3a5ef3a200bf0d0722c99ab351ba0be98c1e9de1
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Mark Bergsma <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
