[MediaWiki-commits] [Gerrit] maps: Add tileratorui service - change (operations/puppet)

Alexandros Kosiaris (Code Review) Thu, 22 Oct 2015 00:08:14 -0700

Alexandros Kosiaris has submitted this change and it was merged.

Change subject: maps: Add tileratorui service
......................................................................



maps: Add tileratorui service

tileratorui is a service to be used to allow a human to view tiles and
schedule build/rebuild/deletes and so on. It shares the same code repo
with tilerator and the only change is the configuration and users

Bug: T116062
Change-Id: Ifd1f3d586bc8794c59c768424f804bcaf445f06e
---
M manifests/role/maps.pp
M modules/tilerator/manifests/init.pp
A modules/tilerator/manifests/ui.pp
A modules/tilerator/templates/config_ui.yaml.erb
M templates/maps/grants.cql.erb
M templates/maps/grants.sql.erb
6 files changed, 50 insertions(+), 1 deletion(-)

Approvals:
  Alexandros Kosiaris: Verified; Looks good to me, approved



diff --git a/manifests/role/maps.pp b/manifests/role/maps.pp
index be85d06..180c4b5 100644
--- a/manifests/role/maps.pp
+++ b/manifests/role/maps.pp
@@ -66,6 +66,7 @@
     # Grants
     $kartotherian_pass = hiera('maps::postgresql_kartotherian_pass')
     $tilerator_pass = hiera('maps::postgresql_tilerator_pass')
+    $tileratorui_pass = hiera('maps::postgresql_tileratorui_pass')
     $osmimporter_pass = hiera('maps::postgresql_osmimporter_pass')
     $osmupdater_pass = hiera('maps::postgresql_osmupdater_pass')
     file { '/usr/local/bin/maps-grants.sql':
@@ -77,6 +78,7 @@
     # Cassandra grants
     $cassandra_kartotherian_pass = hiera('maps::cassandra_kartotherian_pass')
     $cassandra_tilerator_pass = hiera('maps::cassandra_tilerator_pass')
+    $cassandra_tileratorui_pass = hiera('maps::cassandra_tileratorui_pass')
     file { '/usr/local/bin/maps-grants.cql':
         owner   => 'root',
         group   => 'root',
diff --git a/modules/tilerator/manifests/init.pp 
b/modules/tilerator/manifests/init.pp
index 2718d3b..4da5db2 100644
--- a/modules/tilerator/manifests/init.pp
+++ b/modules/tilerator/manifests/init.pp
@@ -6,7 +6,8 @@
 # accomodate future tilerator needs that are not suited for the service module
 # classes as well as conform to a de-facto standard of having a module for 
every
 # service
-class tilerator() {
+class tilerator {
+    include tilerator::ui
 
     $cassandra_tilerator_user = 'tilerator'
     $cassandra_tilerator_pass = hiera('maps::cassandra_tilerator_pass')
diff --git a/modules/tilerator/manifests/ui.pp 
b/modules/tilerator/manifests/ui.pp
new file mode 100644
index 0000000..f76f890
--- /dev/null
+++ b/modules/tilerator/manifests/ui.pp
@@ -0,0 +1,23 @@
+# Class: tilerator::ui
+#
+# This class installs and configures tilerator::ui
+#
+# While only being a thin wrapper around service::node, this class exists to
+# accomodate future tileratorui needs that are not suited for the service 
module
+# classes as well as conform to a de-facto standard of having a module for 
every
+# service
+class tilerator::ui {
+    $cassandra_tileratorui_user = 'tileratorui'
+    $cassandra_tileratorui_pass = hiera('maps::cassandra_tileratorui_pass')
+    $pgsql_tileratorui_user = 'tileratorui'
+    $pgsql_tileratorui_pass = hiera('maps::postgresql_tileratorui_pass')
+
+    # NOTE: tileratorui does not have an LVS service associated with it. It is
+    # only meant to be used through an SSH tunnel
+    service::node { 'tileratorui':
+        port       => 6535,
+        config     => template('tilerator/config_ui.yaml.erb'),
+        no_workers => 0, # 0 on purpose to only have one instance running
+        repo       => 'tilerator/deploy',
+    }
+}
diff --git a/modules/tilerator/templates/config_ui.yaml.erb 
b/modules/tilerator/templates/config_ui.yaml.erb
new file mode 100644
index 0000000..5d1ae61
--- /dev/null
+++ b/modules/tilerator/templates/config_ui.yaml.erb
@@ -0,0 +1,12 @@
+# tileratorui-specific settings
+
+redis: redis://maps-test2001.codfw.wmnet
+
+variables:
+  osmdb-user: '<%= @pgsql_tileratorui_user %>'
+  osmdb-pswd: '<%= @pgsql_tileratorui_pass %>'
+  cassandra-user: '<%= @cassandra_tileratorui_user %>'
+  cassandra-pswd: '<%= @cassandra_tileratorui_pass %>'
+
+sources: sources.prod.yaml
+uiOnly: true
diff --git a/templates/maps/grants.cql.erb b/templates/maps/grants.cql.erb
index 532bc3a..8a6128e 100644
--- a/templates/maps/grants.cql.erb
+++ b/templates/maps/grants.cql.erb
@@ -1,17 +1,24 @@
 -- Cassandra grants for maps
 CREATE USER kartotherian  WITH PASSWORD '<%= @cassandra_kartotherian_pass %>';
 CREATE USER tilerator  WITH PASSWORD '<%= @cassandra_tilerator_pass %>';
+CREATE USER tileratorui  WITH PASSWORD '<%= @cassandra_tileratorui_pass %>';
 -- Also alter the roles to ensure password consistency
 ALTER USER kartotherian  WITH PASSWORD '<%= @cassandra_kartotherian_pass %>';
 ALTER USER tilerator  WITH PASSWORD '<%= @cassandra_tilerator_pass %>';
+ALTER USER tileratorui  WITH PASSWORD '<%= @cassandra_tileratorui_pass %>';
 
 -- First revoking all permissions to maintain consistency
 REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM kartotherian;
 REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM tilerator;
+REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM tileratorui;
 -- kartotherian read only
 GRANT SELECT ON ALL KEYSPACES to kartotherian;
 -- tilerator should be able to update tiles
 GRANT SELECT ON ALL KEYSPACES to tilerator;
 GRANT MODIFY ON ALL KEYSPACES to tilerator;
 GRANT CREATE ON ALL KEYSPACES to tilerator;
+-- tileratorui should be able to update tiles
+GRANT SELECT ON ALL KEYSPACES to tileratorui;
+GRANT MODIFY ON ALL KEYSPACES to tileratorui;
+GRANT CREATE ON ALL KEYSPACES to tileratorui;
 -- TODO: Admin account to create indexes, alter tables?
diff --git a/templates/maps/grants.sql.erb b/templates/maps/grants.sql.erb
index 2205881..1ab8f4e 100644
--- a/templates/maps/grants.sql.erb
+++ b/templates/maps/grants.sql.erb
@@ -1,10 +1,14 @@
 CREATE ROLE kartotherian  WITH LOGIN PASSWORD '<%= @kartotherian_pass %>';
 CREATE ROLE tilerator  WITH LOGIN PASSWORD '<%= @tilerator_pass %>';
+CREATE ROLE tileratorui  WITH LOGIN PASSWORD '<%= @tileratorui_pass %>';
+
 CREATE ROLE osmupdater WITH LOGIN PASSWORD '<%= @osmupdater_pass %>';
 CREATE ROLE osmimporter WITH LOGIN PASSWORD '<%= @osmimporter_pass %>';
 
 GRANT SELECT ON ALL TABLES IN SCHEMA public TO kartotherian;
 GRANT SELECT ON ALL TABLES IN SCHEMA public TO tilerator;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO tileratorui;
+
 GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA public TO osmupdater;
 GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA public TO 
osmimporter;
 GRANT CREATE,TEMPORARY ON DATABASE gis TO osmimporter;

-- 
To view, visit https://gerrit.wikimedia.org/r/244436
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifd1f3d586bc8794c59c768424f804bcaf445f06e
Gerrit-PatchSet: 10
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Yurik <yu...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] maps: Add tileratorui service - change (operations/puppet)

Reply via email to