[MediaWiki-commits] [Gerrit] maps: ensure PostgreSQL's logs as maps-admin - change (operations/puppet)
Alexandros Kosiaris has submitted this change and it was merged.
Change subject: maps: ensure PostgreSQL's logs as maps-admin
..
maps: ensure PostgreSQL's logs as maps-admin
Ensure postgresql logs as maps-admin to allow maps-admin to read them
Rely on logrotate's copytruncate policy for postgres for the rest of the
log files in /var/log/postgresql
We should find a better way of doing this. Abandoned efforts include:
* sudo => wait to complex to right a good rule that does not make
people's lives miserable but still works
* adding adm group to maps-admins groups => not really possible with our
current admin module or the puppet group resource. The puppet group
resource provider on linux (groupadd) does not support the
manages_members feature:
https://docs.puppetlabs.com/references/latest/type.html#group-provider-features
The admin module does not allow us to add people in groups on a per host
basis. This means groups are global and that was a design goal back
then.
Bug: T106637
Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22
---
M manifests/role/maps.pp
1 file changed, 14 insertions(+), 0 deletions(-)
Approvals:
Giuseppe Lavagetto: Looks good to me, but someone else must approve
Alexandros Kosiaris: Verified; Looks good to me, approved
diff --git a/manifests/role/maps.pp b/manifests/role/maps.pp
index 518d6e1..cc7e3ec 100644
--- a/manifests/role/maps.pp
+++ b/manifests/role/maps.pp
@@ -69,6 +69,13 @@
mode=> '0400',
content => template('maps/grants.cql.erb'),
}
+# TODO: Figure out a better way to do this
+# Ensure postgresql logs as maps-admin to allow maps-admin to read them
+# Rely on logrotate's copytruncate policy for postgres for the rest of the
+# log file
+file { '/var/log/postgresql/postgresql-9.4-main.log':
+group => 'maps-admin',
+}
}
class role::maps::slave {
@@ -98,4 +105,11 @@
mode => '0444',
source => 'puppet:///files/postgres/tuning.conf',
}
+# TODO: Figure out a better way to do this
+# Ensure postgresql logs as maps-admin to allow maps-admin to read them
+# Rely on logrotate's copytruncate policy for postgres for the rest of the
+# log file
+file { '/var/log/postgresql/postgresql-9.4-main.log':
+group => 'maps-admin',
+}
}
--
To view, visit https://gerrit.wikimedia.org/r/234273
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris
Gerrit-Reviewer: Alexandros Kosiaris
Gerrit-Reviewer: Giuseppe Lavagetto
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] maps: ensure PostgreSQL's logs as maps-admin - change (operations/puppet)
Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/234273
Change subject: maps: ensure PostgreSQL's logs as maps-admin
..
maps: ensure PostgreSQL's logs as maps-admin
Ensure postgresql logs as maps-admin to allow maps-admin to read them
Rely on logrotate's copytruncate policy for postgres for the rest of the
log files in /var/log/postgresql
We should find a better way of doing this. Abandoned efforts include:
* sudo => wait to complex to right a good rule that does not make
people's lives miserable but still works
* adding adm group to maps-admins groups => not really possible with our
current admin module or the puppet group resource. The puppet group
resource provider on linux (groupadd) does not support the
manages_members feature:
https://docs.puppetlabs.com/references/latest/type.html#group-provider-features
The admin module does not allow us to add people in groups on a per host
basis. This means groups are global and that was a design goal back
then.
Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22
---
M manifests/role/maps.pp
1 file changed, 14 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/73/234273/1
diff --git a/manifests/role/maps.pp b/manifests/role/maps.pp
index 518d6e1..cc7e3ec 100644
--- a/manifests/role/maps.pp
+++ b/manifests/role/maps.pp
@@ -69,6 +69,13 @@
mode=> '0400',
content => template('maps/grants.cql.erb'),
}
+# TODO: Figure out a better way to do this
+# Ensure postgresql logs as maps-admin to allow maps-admin to read them
+# Rely on logrotate's copytruncate policy for postgres for the rest of the
+# log file
+file { '/var/log/postgresql/postgresql-9.4-main.log':
+group => 'maps-admin',
+}
}
class role::maps::slave {
@@ -98,4 +105,11 @@
mode => '0444',
source => 'puppet:///files/postgres/tuning.conf',
}
+# TODO: Figure out a better way to do this
+# Ensure postgresql logs as maps-admin to allow maps-admin to read them
+# Rely on logrotate's copytruncate policy for postgres for the rest of the
+# log file
+file { '/var/log/postgresql/postgresql-9.4-main.log':
+group => 'maps-admin',
+}
}
--
To view, visit https://gerrit.wikimedia.org/r/234273
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic27e3248c1357fe9797716a16301f3693c530e22
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
