[MediaWiki-commits] [Gerrit] maps: ensure PostgreSQL's logs as maps-admin - change (operations/puppet)
Alexandros Kosiaris has submitted this change and it was merged. Change subject: maps: ensure PostgreSQL's logs as maps-admin .. maps: ensure PostgreSQL's logs as maps-admin Ensure postgresql logs as maps-admin to allow maps-admin to read them Rely on logrotate's copytruncate policy for postgres for the rest of the log files in /var/log/postgresql We should find a better way of doing this. Abandoned efforts include: * sudo => wait to complex to right a good rule that does not make people's lives miserable but still works * adding adm group to maps-admins groups => not really possible with our current admin module or the puppet group resource. The puppet group resource provider on linux (groupadd) does not support the manages_members feature: https://docs.puppetlabs.com/references/latest/type.html#group-provider-features The admin module does not allow us to add people in groups on a per host basis. This means groups are global and that was a design goal back then. Bug: T106637 Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22 --- M manifests/role/maps.pp 1 file changed, 14 insertions(+), 0 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, but someone else must approve Alexandros Kosiaris: Verified; Looks good to me, approved diff --git a/manifests/role/maps.pp b/manifests/role/maps.pp index 518d6e1..cc7e3ec 100644 --- a/manifests/role/maps.pp +++ b/manifests/role/maps.pp @@ -69,6 +69,13 @@ mode=> '0400', content => template('maps/grants.cql.erb'), } +# TODO: Figure out a better way to do this +# Ensure postgresql logs as maps-admin to allow maps-admin to read them +# Rely on logrotate's copytruncate policy for postgres for the rest of the +# log file +file { '/var/log/postgresql/postgresql-9.4-main.log': +group => 'maps-admin', +} } class role::maps::slave { @@ -98,4 +105,11 @@ mode => '0444', source => 'puppet:///files/postgres/tuning.conf', } +# TODO: Figure out a better way to do this +# Ensure postgresql logs as maps-admin to allow maps-admin to read them +# Rely on logrotate's copytruncate policy for postgres for the rest of the +# log file +file { '/var/log/postgresql/postgresql-9.4-main.log': +group => 'maps-admin', +} } -- To view, visit https://gerrit.wikimedia.org/r/234273 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22 Gerrit-PatchSet: 6 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Alexandros Kosiaris Gerrit-Reviewer: Alexandros Kosiaris Gerrit-Reviewer: Giuseppe Lavagetto Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] maps: ensure PostgreSQL's logs as maps-admin - change (operations/puppet)
Alexandros Kosiaris has uploaded a new change for review. https://gerrit.wikimedia.org/r/234273 Change subject: maps: ensure PostgreSQL's logs as maps-admin .. maps: ensure PostgreSQL's logs as maps-admin Ensure postgresql logs as maps-admin to allow maps-admin to read them Rely on logrotate's copytruncate policy for postgres for the rest of the log files in /var/log/postgresql We should find a better way of doing this. Abandoned efforts include: * sudo => wait to complex to right a good rule that does not make people's lives miserable but still works * adding adm group to maps-admins groups => not really possible with our current admin module or the puppet group resource. The puppet group resource provider on linux (groupadd) does not support the manages_members feature: https://docs.puppetlabs.com/references/latest/type.html#group-provider-features The admin module does not allow us to add people in groups on a per host basis. This means groups are global and that was a design goal back then. Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22 --- M manifests/role/maps.pp 1 file changed, 14 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/73/234273/1 diff --git a/manifests/role/maps.pp b/manifests/role/maps.pp index 518d6e1..cc7e3ec 100644 --- a/manifests/role/maps.pp +++ b/manifests/role/maps.pp @@ -69,6 +69,13 @@ mode=> '0400', content => template('maps/grants.cql.erb'), } +# TODO: Figure out a better way to do this +# Ensure postgresql logs as maps-admin to allow maps-admin to read them +# Rely on logrotate's copytruncate policy for postgres for the rest of the +# log file +file { '/var/log/postgresql/postgresql-9.4-main.log': +group => 'maps-admin', +} } class role::maps::slave { @@ -98,4 +105,11 @@ mode => '0444', source => 'puppet:///files/postgres/tuning.conf', } +# TODO: Figure out a better way to do this +# Ensure postgresql logs as maps-admin to allow maps-admin to read them +# Rely on logrotate's copytruncate policy for postgres for the rest of the +# log file +file { '/var/log/postgresql/postgresql-9.4-main.log': +group => 'maps-admin', +} } -- To view, visit https://gerrit.wikimedia.org/r/234273 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Alexandros Kosiaris ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits