[MediaWiki-commits] [Gerrit] mediawiki/vagrant[master]: User a separate swift user for thumbor

Gilles (Code Review) Wed, 06 Sep 2017 06:07:37 -0700

Gilles has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/376253 )


Change subject: User a separate swift user for thumbor
......................................................................

User a separate swift user for thumbor

Bug: T144479

Change-Id: Ib27131f2be87070b2ed15fada69f0b2798ca18ef
Depends-On: I0f81a013ec994eee3f156a89f29f4fcfc37c42b7
---
M puppet/hieradata/common.yaml
M puppet/modules/swift/templates/conf.php.erb
M puppet/modules/swift/templates/proxy-server.conf.erb
M puppet/modules/thumbor/manifests/init.pp
M puppet/modules/thumbor/templates/20-thumbor-wikimedia.conf.erb
5 files changed, 20 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vagrant 
refs/changes/53/376253/1

diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index ee908e8..6fd4d37 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -491,6 +491,9 @@
 thumbor::log_dir: /srv/thumbor
 thumbor::tmp_dir: /tmp/thumbor
 thumbor::statsd_port: "%{hiera('statsd::port')}"
+thumbor::swift_project: testproj
+thumbor::swift_user: thumbor
+thumbor::swift_key: thumborpwd
 
 wikilabels::deploy_dir: "%{hiera('mwv::services_dir')}/wikilabels"
 wikilabels::db_name: 'wikilabels'
diff --git a/puppet/modules/swift/templates/conf.php.erb 
b/puppet/modules/swift/templates/conf.php.erb
index e1c09bc..0c60e6b 100644
--- a/puppet/modules/swift/templates/conf.php.erb
+++ b/puppet/modules/swift/templates/conf.php.erb
@@ -5,6 +5,7 @@
        'swiftAuthUrl'       => '127.0.0.1:<%= scope['::swift::port'] %>/auth',
        'swiftUser'          => '<%= scope['::swift::project'] %>:<%= 
scope['::swift::user'] %>',
        'swiftKey'           => '<%= scope['::swift::key'] %>',
+       'thumborUser'        => '<%= 
scope.function_hiera(['thumbor::swift_project']) %>:<%= 
scope.function_hiera(['thumbor::swift_user']) %>',
        'wikiId'             => 'wiki-dev',
        'shardViaHashLevels' => array(
                'local-public' => array( 'levels' => 2, 'base' => 16, 'repeat' 
=> 1 ),
diff --git a/puppet/modules/swift/templates/proxy-server.conf.erb 
b/puppet/modules/swift/templates/proxy-server.conf.erb
index 6d35dfc..5ea28e9 100644
--- a/puppet/modules/swift/templates/proxy-server.conf.erb
+++ b/puppet/modules/swift/templates/proxy-server.conf.erb
@@ -18,6 +18,7 @@
 use = egg:swift#tempauth
 user_admin_admin = admin .admin .reseller_admin
 user_<%= @project %>_<%= @user %> = <%= @key %> .admin
+user_<%= scope.function_hiera(['thumbor::swift_project']) %>_<%= 
scope.function_hiera(['thumbor::swift_user']) %> = <%= 
scope.function_hiera(['thumbor::swift_key']) %>
 # Force a very low token life to surface reauth issues (default is 24 hours)
 token_life = 60
 
diff --git a/puppet/modules/thumbor/manifests/init.pp 
b/puppet/modules/thumbor/manifests/init.pp
index d27ef9b..381836f 100644
--- a/puppet/modules/thumbor/manifests/init.pp
+++ b/puppet/modules/thumbor/manifests/init.pp
@@ -19,11 +19,23 @@
 # [*statsd_port*]
 #   Port the statsd instance runs on.
 #
+# [*swift_project*]
+#   Swift project.
+#
+# [*swift_user*]
+#   Swift user.
+#
+# [*swift_key*]
+#   Swift key.
+#
 class thumbor (
     $cfg_dir,
     $log_dir,
     $tmp_dir,
     $statsd_port,
+    $swift_project,
+    $swift_user,
+    $swift_key
 ) {
 
     $packages = [
@@ -153,15 +165,12 @@
     }
 
     $port = $::swift::port
-    $project = $::swift::project
-    $user = $::swift::user
-    $key = $::swift::key
 
     # Since thumbor doesn't have the ability to create swift containers, we 
have to
     # create the sharded thumbnail containers ahead of time.
     exec { 'create-swift-thumbnail-containers':
         command   => '/usr/local/bin/mwscript 
extensions/WikimediaMaintenance/filebackend/setZoneAccess.php --wiki wiki 
--backend swift-backend',
-        unless    => "swift -A http://127.0.0.1:${port}/auth/v1.0 -U 
${project}:${user} -K ${key} stat wiki-dev-local-thumb.ff | grep -q 
wiki-dev-local-thumb.ff",
+        unless    => "swift -A http://127.0.0.1:${port}/auth/v1.0 -U 
${swift_project}:${swift_user} -K ${swift_key} stat wiki-dev-local-thumb.ff | 
grep -q wiki-dev-local-thumb.ff",
         require   => [
             Service[
                 'swift-account-server',
diff --git a/puppet/modules/thumbor/templates/20-thumbor-wikimedia.conf.erb 
b/puppet/modules/thumbor/templates/20-thumbor-wikimedia.conf.erb
index 0934735..537ee6d 100644
--- a/puppet/modules/thumbor/templates/20-thumbor-wikimedia.conf.erb
+++ b/puppet/modules/thumbor/templates/20-thumbor-wikimedia.conf.erb
@@ -37,8 +37,8 @@
 SWIFT_HOST = 'http://127.0.0.1:<%= scope['::swift::port'] %>'
 SWIFT_API_PATH = '/v1/AUTH_<%= scope['::swift::project'] %>'
 SWIFT_AUTH_PATH = '/auth/v1.0'
-SWIFT_USER = '<%= scope['::swift::project'] %>:<%= scope['::swift::user'] %>'
-SWIFT_KEY = '<%= scope['::swift::key'] %>'
+SWIFT_USER = '<%= @swift_project %>:<%= @swift_user %>'
+SWIFT_KEY = '<%= @swift_key %>'
 SWIFT_SHARDED_CONTAINERS = [
     'wiki-dev-local-public',
     'wiki-dev-local-thumb'

-- 
To view, visit https://gerrit.wikimedia.org/r/376253
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib27131f2be87070b2ed15fada69f0b2798ca18ef
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: Gilles <gdu...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/vagrant[master]: User a separate swift user for thumbor

Reply via email to