Ori.livneh has uploaded a new change for review.
https://gerrit.wikimedia.org/r/136129
Change subject: dissolve mediawiki::pybal_check into mediawiki::users
......................................................................
dissolve mediawiki::pybal_check into mediawiki::users
mediawiki::pybal_check sets up the user account and SSH key used by PyBal for
its SSH-based server health check. Strictly speaking, it is only required on
the web appservers that are behind LVS. By moving it to mediawiki::users, it
will be applied on all app servers. I think this is a boon: simplicity /
uniformity is desirable in this case.
Change-Id: I05c3830fd0d8270bc8ef5356c5816be4b32647a8
---
M manifests/role/mediawiki.pp
D modules/mediawiki/manifests/pybal_check.pp
M modules/mediawiki/manifests/users.pp
3 files changed, 32 insertions(+), 29 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/29/136129/1
diff --git a/manifests/role/mediawiki.pp b/manifests/role/mediawiki.pp
index c7ca75f..6aacc3c 100644
--- a/manifests/role/mediawiki.pp
+++ b/manifests/role/mediawiki.pp
@@ -87,7 +87,6 @@
# This class installs everything necessary for an apache webserver
class webserver($maxclients="40") {
include ::mediawiki,
- ::mediawiki::pybal_check,
role::mediawiki::common
class { '::mediawiki::web':
diff --git a/modules/mediawiki/manifests/pybal_check.pp
b/modules/mediawiki/manifests/pybal_check.pp
deleted file mode 100644
index 8c47ee0..0000000
--- a/modules/mediawiki/manifests/pybal_check.pp
+++ /dev/null
@@ -1,28 +0,0 @@
-class mediawiki::pybal_check {
- group { 'pybal-check':
- ensure => present,
- }
-
- user { 'pybal-check':
- ensure => present,
- gid => 'pybal-check',
- shell => '/bin/sh',
- home => '/var/lib/pybal-check',
- system => true,
- managehome => true,
- }
-
- file { '/var/lib/pybal-check/.ssh':
- ensure => directory,
- owner => 'pybal-check',
- group => 'pybal-check',
- mode => '0550',
- }
-
- file { '/var/lib/pybal-check/.ssh/authorized_keys':
- owner => 'pybal-check',
- group => 'pybal-check',
- mode => '0440',
- source => 'puppet:///modules/mediawiki/pybal_key',
- }
-}
diff --git a/modules/mediawiki/manifests/users.pp
b/modules/mediawiki/manifests/users.pp
index c33ccfb..7d920f1 100644
--- a/modules/mediawiki/manifests/users.pp
+++ b/modules/mediawiki/manifests/users.pp
@@ -26,6 +26,7 @@
managehome => false,
}
+
# The mwdeploy account is used by various scripts in the MediaWiki
# deployment process to run rsync.
@@ -88,4 +89,35 @@
require => User['l10nupdate', 'mwdeploy'],
privileges => ['ALL = (mwdeploy) NOPASSWD: ALL'],
}
+
+
+ # The pybal-check account is used by PyBal to monitor server health
+ # See <https://wikitech.wikimedia.org/wiki/LVS#SSH_checking>
+
+ group { 'pybal-check':
+ ensure => present,
+ }
+
+ user { 'pybal-check':
+ ensure => present,
+ gid => 'pybal-check',
+ shell => '/bin/sh',
+ home => '/var/lib/pybal-check',
+ system => true,
+ managehome => true,
+ }
+
+ file { '/var/lib/pybal-check/.ssh':
+ ensure => directory,
+ owner => 'pybal-check',
+ group => 'pybal-check',
+ mode => '0550',
+ }
+
+ file { '/var/lib/pybal-check/.ssh/authorized_keys':
+ owner => 'pybal-check',
+ group => 'pybal-check',
+ mode => '0440',
+ source => 'puppet:///modules/mediawiki/pybal_key',
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/136129
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I05c3830fd0d8270bc8ef5356c5816be4b32647a8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ori.livneh <o...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
