coren has uploaded a new change for review.
https://gerrit.wikimedia.org/r/167852
Change subject: Tool Labs: major cleanup of classes and roles
......................................................................
Tool Labs: major cleanup of classes and roles
As part of the groundwork towards gridengine puppetization, this
cleans up and splits roles according to proper function so that
they can start including queue and hostgroup configuration, as
well as have tunable node config.
Major changes:
role::labs::tools::{execnode,webnode,tomcatnode} are made obsolete
in favor of role::labs::tools::compute followed by one or more of
toollabs::node::* specific roles that manage queues et. al.
The $gridmaster paramemer has been removed from the toollabs roles
in favor of explicitly including the gridengine class from
role::labs::tools::common; in practice this might add gridengine
base class to a very few instances that didn't strictly need it
previously; but it's harmless because it does not include submit
or execution roles.
Some toollabs classes have been refactored to reduce code
duplication.
Change-Id: Ib75c18f75a8b8048fb9900e7f74accabb13d1f96
---
M manifests/role/labstools.pp
M modules/toollabs/manifests/bastion.pp
A modules/toollabs/manifests/compute.pp
D modules/toollabs/manifests/execnode.pp
D modules/toollabs/manifests/gridnode.pp
M modules/toollabs/manifests/hba.pp
M modules/toollabs/manifests/infrastructure.pp
M modules/toollabs/manifests/init.pp
M modules/toollabs/manifests/mailrelay.pp
M modules/toollabs/manifests/master.pp
A modules/toollabs/manifests/node/compute/general.pp
A modules/toollabs/manifests/node/web.pp
A modules/toollabs/manifests/node/web/lighttpd.pp
A modules/toollabs/manifests/node/web/tomcat.pp
M modules/toollabs/manifests/shadow.pp
M modules/toollabs/manifests/submit.pp
D modules/toollabs/manifests/webnode.pp
17 files changed, 286 insertions(+), 338 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/52/167852/1
diff --git a/manifests/role/labstools.pp b/manifests/role/labstools.pp
index e1c9789..4d451c6 100644
--- a/manifests/role/labstools.pp
+++ b/manifests/role/labstools.pp
@@ -1,94 +1,91 @@
class role::labs::tools {
- class config {
- if $::site != 'eqiad' {
- include role::labsnfs::client # temporary measure
- }
+ class common {
+ $gridmaster = "${::instanceproject}-master.${::site}.wmflabs";
- $grid_master = $::site? {
- 'eqiad' => "${::instanceproject}-master.eqiad.wmflabs",
- default => "${::instanceproject}-master.pmtpa.wmflabs",
- }
+ class { 'gridengine': gridmaster => $gridmaster }
}
- class bastion inherits role::labs::tools::config {
+ class bastion inherits role::labs::tools::common {
+ include toollabs::bastion
+
system::role { 'role::labs::tools::bastion': description => 'Tool Labs
bastion' }
- class { 'toollabs::bastion':
- gridmaster => $grid_master,
- }
}
- class execnode inherits role::labs::tools::config {
- system::role { 'role::labs::tools::execnode': description => 'Tool
Labs execution host' }
- class { 'toollabs::execnode':
- gridmaster => $grid_master,
- }
+ class compute inherits role::labs::tools::common {
+ include toollabs::compute
+
+ system::role { 'role::labs::tools::common': description => 'Tool Labs
compute node' }
}
- class webnode inherits role::labs::tools::config {
- system::role { 'role::labs::tools::webnode': description => 'Tool Labs
clustered web host' }
- class { 'toollabs::webnode':
- gridmaster => $grid_master,
- type => 'lighttpd',
- }
- }
+ class master inherits role::labs::tools::common {
+ inlcude toollabs::master
- class tomcatnode inherits role::labs::tools::config {
- system::role { 'role::labs::tools::tomcatnode': description => 'Tool
Labs clustered tomcat host' }
- class { 'toollabs::webnode':
- gridmaster => $grid_master,
- type => 'tomcat',
- }
- }
-
- class master inherits role::labs::tools::config {
system::role { 'role::labs::tools::master': description => 'Tool Labs
gridengine master' }
- class { 'toollabs::master': }
}
- class shadow inherits role::labs::tools::config {
+ class shadow inherits role::labs::tools::common {
+ include toollabs::shadow
+
system::role { 'role::labs::tools::shadow': description => 'Tool Labs
gridengine shadow (backup) master' }
- class { 'toollabs::shadow':
- gridmaster => $grid_master,
- }
}
- class submit inherits role::labs::tools::config {
+ class submit inherits role::labs::tools::common {
+ include toollabs::submit
+
system::role { 'role::labs::tools::submit': description => 'Tool Labs
job submit (cron) host' }
- class { 'toollabs::submit':
- gridmaster => $grid_master,
- }
}
- class proxy inherits role::labs::tools::config {
- system::role { 'role::labs::tools::proxy': description => 'Tool labs
generic web proxy' }
+ class proxy inherits role::labs::tools::common {
include toollabs::proxy
+
+ system::role { 'role::labs::tools::proxy': description => 'Tool labs
generic web proxy' }
}
- class mailrelay inherits role::labs::tools::config {
+ class mailrelay inherits role::labs::tools::common {
system::role { 'role::labs::tools::mailrelay': description => 'Tool
Labs mail relay' }
+
class { 'toollabs::mailrelay':
maildomain => $::instanceproject ? {
'toolsbeta' => 'tools-beta.wmflabs.org',
default => 'tools.wmflabs.org',
},
- gridmaster => $grid_master,
}
}
- class redis inherits role::labs::tools::config {
+ class redis inherits role::labs::tools::common {
system::role { 'role::labs::tools::redis': description => 'Server that
hosts shared Redis instance' }
+
class { 'toollabs::redis':
maxmemory => $::redis_maxmemory
}
}
- class mongo inherits role::labs::tools::config {
+ class mongo inherits role::labs::tools::common {
+ include toollabs::mongo::master
+
system::role { 'role::labs::tools::mongo':
description => 'Server that hosts shared MongoDB instance'
}
-
- class { 'toollabs::mongo::master':}
}
+
+ ##
+ ## NOTE: Those roles are transitional, and should be removed
+ ## from Wikitech entirely in favor of role::labs::compute
+ ## followed by explicit toollabs::node::*
+ ##
+
+ class execnode inherits role::labs::tools::compute {
+ include toollabs::node::compute::general
+ }
+
+ class webnode inherits role::labs::tools::compute {
+ include toollabs::node::web::lighttpd
+ }
+
+ class tomcatnode inherits role::labs::tools::compute {
+ include toollabs::node::web::tomcat
+ }
+
} # class role::labs::tools
diff --git a/modules/toollabs/manifests/bastion.pp
b/modules/toollabs/manifests/bastion.pp
index 2234846..427f073 100644
--- a/modules/toollabs/manifests/bastion.pp
+++ b/modules/toollabs/manifests/bastion.pp
@@ -3,7 +3,6 @@
# This role sets up an bastion/dev instance in the Tool Labs model.
#
# Parameters:
-# gridmaster => FQDN of the gridengine master
#
# Actions:
#
@@ -11,15 +10,11 @@
#
# Sample Usage:
#
-class toollabs::bastion($gridmaster) inherits toollabs {
- class { 'gridengine':
- gridmaster => $gridmaster,
- }
+class toollabs::bastion inherits toollabs {
- include toollabs::exec_environ,
- toollabs::dev_environ,
- toollabs::gridnode,
- gridengine::submit_host
+ include gridengine::submit_host,
+ toollabs::exec_environ,
+ toollabs::dev_environ
file { '/etc/ssh/ssh_config':
ensure => file,
@@ -72,9 +67,4 @@
source => 'puppet:///modules/toollabs/crontab',
}
- # Don't collect active user metrics this way, is useless, clogs graphite
- # Should be removed in a day or two
- diamond::collector{ 'Users':
- ensure => absent
- }
}
diff --git a/modules/toollabs/manifests/compute.pp
b/modules/toollabs/manifests/compute.pp
new file mode 100644
index 0000000..d235540
--- /dev/null
+++ b/modules/toollabs/manifests/compute.pp
@@ -0,0 +1,40 @@
+# Class: toollabs::compute
+#
+# This role sets up a grid compute node in the Tool Labs model.
+#
+# On its own, this sets up a working node of the grid, but it is
+# useless without a more specific role from toollabs::node::* that
+# will add functionality and place it on queues or hostgroups.
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class toollabs::compute inherits toollabs {
+
+ include gridengine::exec_host,
+ toollabs::exec_environ,
+ toollabs::hba
+
+ file { '/etc/update-motd.d/40-exechost-banner':
+ ensure => file,
+ mode => '0755',
+ owner => 'root',
+ group => 'root',
+ source =>
"puppet:///modules/toollabs/40-${::instanceproject}-exechost-banner",
+ }
+
+ file { "${toollabs::store}/execnode-${::fqdn}":
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ require => File[$toollabs::store],
+ content => "${::ipaddress}\n",
+ }
+
+}
diff --git a/modules/toollabs/manifests/execnode.pp
b/modules/toollabs/manifests/execnode.pp
deleted file mode 100644
index 665f629..0000000
--- a/modules/toollabs/manifests/execnode.pp
+++ /dev/null
@@ -1,45 +0,0 @@
-# Class: toollabs::execnode
-#
-# This role sets up an execution node in the Tool Labs model.
-#
-# Parameters:
-# gridmaster => FQDN of the gridengine master
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-class toollabs::execnode($gridmaster) inherits toollabs {
- class { 'gridengine':
- gridmaster => $gridmaster,
- }
-
- include toollabs::exec_environ,
- toollabs::gridnode,
- gridengine::exec_host
-
- class { 'toollabs::hba':
- store => $toollabs::store,
- }
-
- file { '/etc/update-motd.d/40-exechost-banner':
- ensure => file,
- mode => '0755',
- owner => 'root',
- group => 'root',
- source =>
"puppet:///modules/toollabs/40-${::instanceproject}-exechost-banner",
- }
-
- file { "${toollabs::store}/execnode-${::fqdn}":
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0444',
- require => File[$toollabs::store],
- content => "${::ipaddress}\n",
- }
-
- # TODO: grid node setup
-}
diff --git a/modules/toollabs/manifests/gridnode.pp
b/modules/toollabs/manifests/gridnode.pp
deleted file mode 100644
index 3f336b7..0000000
--- a/modules/toollabs/manifests/gridnode.pp
+++ /dev/null
@@ -1,35 +0,0 @@
-# Class: toollabs::execnode
-#
-# This class applies to all grid-related node roles
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-class toollabs::gridnode inherits toollabs {
-
- class { 'toollabs::hostgroup': groups => [ 'general' ] }
-
- file { "${toollabs::sysdir}/gridengine":
- ensure => directory,
- require => File[$toollabs::sysdir],
- }
-
- file { '/var/lib/gridengine':
- ensure => directory,
- }
-
- mount { '/var/lib/gridengine':
- ensure => mounted,
- atboot => False,
- device => "${toollabs::sysdir}/gridengine",
- fstype => none,
- options => 'rw,bind',
- require => File["${toollabs::sysdir}/gridengine",
- '/var/lib/gridengine'],
- before => Package['gridengine-common'],
- }
-
-}
diff --git a/modules/toollabs/manifests/hba.pp
b/modules/toollabs/manifests/hba.pp
index c044ab6..2d0ff38 100644
--- a/modules/toollabs/manifests/hba.pp
+++ b/modules/toollabs/manifests/hba.pp
@@ -10,7 +10,7 @@
#
# Sample Usage:
#
-class toollabs::hba($store) {
+class toollabs::hba {
file { '/usr/local/sbin/project-make-shosts':
ensure => file,
@@ -22,7 +22,7 @@
exec { 'make-shosts':
command => '/usr/local/sbin/project-make-shosts
>/etc/ssh/shosts.equiv~',
- require => File['/usr/local/sbin/project-make-shosts', $store],
+ require => File['/usr/local/sbin/project-make-shosts'],
}
file { '/etc/ssh/shosts.equiv':
@@ -44,7 +44,7 @@
exec { 'make-access':
command => '/usr/local/sbin/project-make-access
>/etc/security/access.conf~',
- require => File['/usr/local/sbin/project-make-access', $store],
+ require => File['/usr/local/sbin/project-make-access'],
}
File <| title == '/etc/security/access.conf' |> {
diff --git a/modules/toollabs/manifests/infrastructure.pp
b/modules/toollabs/manifests/infrastructure.pp
index a13bfda..7bf3fc5 100644
--- a/modules/toollabs/manifests/infrastructure.pp
+++ b/modules/toollabs/manifests/infrastructure.pp
@@ -26,6 +26,6 @@
# service group and root.
File <| title == '/etc/security/access.conf' |> {
- content => "-:ALL EXCEPT (tools.admin) root:ALL\n",
+ content => "-:ALL EXCEPT (${::instanceproject}.admin) root:ALL\n",
}
}
diff --git a/modules/toollabs/manifests/init.pp
b/modules/toollabs/manifests/init.pp
index 09e9b0e..f5af018 100644
--- a/modules/toollabs/manifests/init.pp
+++ b/modules/toollabs/manifests/init.pp
@@ -68,6 +68,31 @@
group => 'root',
}
+ # This is atrocious, but the only way to make certain
+ # that the gridengine system directory is properly shared
+ # between all grid nodes for proper access to accounting
+ # and scheduling. Yes, this uses before.
+
+ file { "${sysdir}/gridengine":
+ ensure => directory,
+ require => File[$toollabs::sysdir],
+ }
+
+ file { '/var/lib/gridengine':
+ ensure => directory,
+ }
+
+ mount { '/var/lib/gridengine':
+ ensure => mounted,
+ atboot => False,
+ device => "${sysdir}/gridengine",
+ fstype => none,
+ options => 'rw,bind',
+ require => File["${sysdir}/gridengine",
+ '/var/lib/gridengine'],
+ before => Package['gridengine-common'],
+ }
+
# this is a link to shared folder
file { '/shared':
ensure => link,
@@ -141,4 +166,5 @@
diamond::collector { 'MountStats':
ensure => absent,
}
+
}
diff --git a/modules/toollabs/manifests/mailrelay.pp
b/modules/toollabs/manifests/mailrelay.pp
index 2b314a6..3a83b9b 100644
--- a/modules/toollabs/manifests/mailrelay.pp
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -10,16 +10,10 @@
#
# Sample Usage:
#
-class toollabs::mailrelay($maildomain,
- $gridmaster) inherits toollabs
+class toollabs::mailrelay($maildomain) inherits toollabs
{
- class { 'gridengine':
- gridmaster => $gridmaster,
- }
-
- include toollabs::infrastructure,
- toollabs::gridnode,
- gridengine::submit_host
+ include gridengine::submit_host,
+ toollabs::infrastructure
# FIXME: -ugly-, we need to have a better way for this
Package <| title == 'exim4-daemon-light' |> {
diff --git a/modules/toollabs/manifests/master.pp
b/modules/toollabs/manifests/master.pp
index 75d7fac..8a22605 100644
--- a/modules/toollabs/manifests/master.pp
+++ b/modules/toollabs/manifests/master.pp
@@ -1,6 +1,6 @@
# Class: toollabs::master
#
-# This role sets up a grid master in the Tool Labs model.
+# This role sets up the grid master in the Tool Labs model.
#
# Parameters:
#
@@ -12,12 +12,11 @@
#
class toollabs::master inherits toollabs {
include gridengine::master,
- toollabs::infrastructure,
- toollabs::exec_environ,
- toollabs::gridnode,
- toollabs::hostgroup,
- toollabs::queue::task,
- toollabs::queue::continuous
+ toollabs::infrastructure,
+ toollabs::exec_environ,
+ toollabs::hostgroup,
+ toollabs::queue::task,
+ toollabs::queue::continuous
file { '/etc/gridengine/local/bin/gethgrp':
ensure => file,
diff --git a/modules/toollabs/manifests/node/compute/general.pp
b/modules/toollabs/manifests/node/compute/general.pp
new file mode 100644
index 0000000..0102f5c
--- /dev/null
+++ b/modules/toollabs/manifests/node/compute/general.pp
@@ -0,0 +1,19 @@
+# Class: toollabs::node::compute::general
+#
+# This configures the compute node as a general node
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class toollabs::node:compute::general {
+
+ system::role { 'toollabs::node::compute::general': description => 'General
computation node' }
+
+ class { 'toollabs::hostgroup': groups => [ 'general' ] }
+
+}
diff --git a/modules/toollabs/manifests/node/web.pp
b/modules/toollabs/manifests/node/web.pp
new file mode 100644
index 0000000..3bfdb63
--- /dev/null
+++ b/modules/toollabs/manifests/node/web.pp
@@ -0,0 +1,44 @@
+# Class: toollabs::node::web
+#
+# Common settings for all toollabs::node::web::* classes
+#
+# THIS SHOULD NOT BE INCLUDED DIRECTLY
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class toollabs::node::web inherits toollabs {
+
+ include gridengine::submit_host,
+ toollabs::infrastructure
+
+ file { '/usr/local/bin/portgrabber':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///modules/toollabs/portgrabber',
+ }
+
+ file { '/usr/local/sbin/portgranter':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///modules/toollabs/portgranter',
+ }
+
+ file { '/etc/init/portgranter.conf':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///modules/toollabs/portgranter.conf',
+ }
+}
+
diff --git a/modules/toollabs/manifests/node/web/lighttpd.pp
b/modules/toollabs/manifests/node/web/lighttpd.pp
new file mode 100644
index 0000000..4507151
--- /dev/null
+++ b/modules/toollabs/manifests/node/web/lighttpd.pp
@@ -0,0 +1,50 @@
+# Class: toollabs::node::web::lighttpd
+#
+# This configures the compute node as a lighttpd web server
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class toollabs::node::web::lighttpd inherits toollabs::node::web {
+
+ package { 'php5-cgi':
+ ensure => latest,
+ }
+
+ package { [
+ 'lighttpd',
+ 'lighttpd-mod-magnet', #Bug 68614
+ ]:
+ ensure => latest,
+ require => File['/var/run/lighttpd'],
+ }
+
+ file { '/var/run/lighttpd':
+ ensure => directory,
+ owner => 'www-data',
+ group => 'www-data',
+ mode => '1777',
+ }
+
+ file { "/usr/local/bin/tool-lighttpd":
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => "puppet:///modules/toollabs/tool-lighttpd",
+ }
+
+ file { "/usr/local/bin/lighttpd-starter":
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => "puppet:///modules/toollabs/lighttpd-starter",
+ }
+
+}
diff --git a/modules/toollabs/manifests/node/web/tomcat.pp
b/modules/toollabs/manifests/node/web/tomcat.pp
new file mode 100644
index 0000000..9848efc
--- /dev/null
+++ b/modules/toollabs/manifests/node/web/tomcat.pp
@@ -0,0 +1,36 @@
+# Class: toollabs::node::web::lighttpd
+#
+# This configures the compute node as a tomcat web server
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class toollabs::node::web::tomcat inherits toollabs::node::web {
+
+ package { [ 'tomcat7-user', 'xmlstarlet' ]:
+ ensure => latest,
+ }
+
+ file { "/usr/local/bin/tool-tomcat":
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => "puppet:///modules/toollabs/tool-tomcat",
+ }
+
+ file { "/usr/local/bin/tomcat-starter":
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => "puppet:///modules/toollabs/tomcat-starter",
+ require => Package['xmlstarlet'],
+ }
+
+}
diff --git a/modules/toollabs/manifests/shadow.pp
b/modules/toollabs/manifests/shadow.pp
index 8479020..bdbe6b8 100644
--- a/modules/toollabs/manifests/shadow.pp
+++ b/modules/toollabs/manifests/shadow.pp
@@ -13,8 +13,7 @@
#
class toollabs::shadow($gridmaster) inherits toollabs {
include toollabs::infrastructure,
- toollabs::exec_environ,
- toollabs::gridnode
+ toollabs::exec_environ
class { 'gridengine::shadow_master':
gridmaster => $gridmaster,
diff --git a/modules/toollabs/manifests/submit.pp
b/modules/toollabs/manifests/submit.pp
index 93ce1f2..16d70f3 100644
--- a/modules/toollabs/manifests/submit.pp
+++ b/modules/toollabs/manifests/submit.pp
@@ -1,9 +1,10 @@
# Class: toollabs::submit
#
# This role sets up an submit host instance in the Tool Labs model.
+# (A host that can only be used to submit jobs; presently used by
+# tools-submit which runs bigbrother and the gridwide cron.
#
# Parameters:
-# gridmaster => FQDN of the gridengine master
#
# Actions:
#
@@ -11,14 +12,11 @@
#
# Sample Usage:
#
-class toollabs::submit($gridmaster) inherits toollabs {
- class { 'gridengine':
- gridmaster => $gridmaster,
- }
+class toollabs::submit inherits toollabs {
- include toollabs::exec_environ,
- toollabs::gridnode,
- gridengine::submit_host
+ include gridengine::submit_host,
+ toollabs::exec_environ,
+ toollabs::hba
file { '/etc/ssh/ssh_config':
ensure => file,
@@ -26,10 +24,6 @@
owner => 'root',
group => 'root',
source => 'puppet:///modules/toollabs/submithost-ssh_config',
- }
-
- class { 'toollabs::hba':
- store => $toollabs::store,
}
file { '/etc/update-motd.d/40-bastion-banner':
diff --git a/modules/toollabs/manifests/webnode.pp
b/modules/toollabs/manifests/webnode.pp
deleted file mode 100644
index a6da6c3..0000000
--- a/modules/toollabs/manifests/webnode.pp
+++ /dev/null
@@ -1,160 +0,0 @@
-# Class: toollabs::webnode
-#
-# This role sets up an web node in the Tool Labs model.
-#
-# Parameters:
-# gridmaster => FQDN of the gridengine master
-# type => What kind of web server to set up
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-class toollabs::webnode($gridmaster, $type) inherits toollabs {
- class { 'gridengine':
- gridmaster => $gridmaster,
- }
-
- include toollabs::exec_environ,
- toollabs::infrastructure,
- toollabs::gridnode,
- gridengine::exec_host,
- gridengine::submit_host
-
- class { 'toollabs::hostgroup': groups => [ 'webgrid' ] }
-
- file { "${toollabs::store}/execnode-${::fqdn}":
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0444',
- require => File[$toollabs::store],
- content => "${::ipaddress}\n",
- }
-
- # Execution hosts have funky access requirements; they need to be ssh-able
- # by service accounts, and they need to use host-based authentication.
-
- # We override /etc/ssh/shosts.equiv and /etc/security/access.conf
- # accordingly from information collected from the project store.
-
- file { '/usr/local/sbin/project-make-shosts':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0755',
- source => 'puppet:///modules/toollabs/project-make-shosts',
- }
-
- exec { 'make-shosts':
- command => '/usr/local/sbin/project-make-shosts
>/etc/ssh/shosts.equiv~',
- require => File['/usr/local/sbin/project-make-shosts',
- $toollabs::store],
- }
-
- file { '/etc/ssh/shosts.equiv':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => '/etc/ssh/shosts.equiv~',
- require => Exec['make-shosts'],
- }
-
- file { '/usr/local/sbin/project-make-access':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0755',
- source => 'puppet:///modules/toollabs/project-make-access',
- }
-
- exec { 'make-access':
- command => '/usr/local/sbin/project-make-access
>/etc/security/access.conf~',
- require => File['/usr/local/sbin/project-make-access',
- $toollabs::store],
- }
-
- File <| title == '/etc/security/access.conf' |> {
- content => undef,
- source => '/etc/security/access.conf~',
- require => Exec['make-access'],
- }
-
- case $type {
- lighttpd: {
- package { 'php5-cgi':
- ensure => latest,
- }
-
- package { [
- 'lighttpd',
- 'lighttpd-mod-magnet', #Bug 68614
- ]:
- ensure => latest,
- require => File['/var/run/lighttpd'],
- }
-
- file { '/var/run/lighttpd':
- ensure => directory,
- owner => 'www-data',
- group => 'www-data',
- mode => '1777',
- }
- }
- tomcat: {
- package { 'tomcat7-user':
- ensure => latest,
- }
- package { 'xmlstarlet':
- ensure => latest,
- before => File['/usr/local/bin/tomcat-starter'],
- }
- }
- default: {
- fail("toollabs::webnode: Unknown type ${type}")
- }
- }
-
- file { "/usr/local/bin/tool-${type}":
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0555',
- source => "puppet:///modules/toollabs/tool-${type}",
- }
-
- file { "/usr/local/bin/${type}-starter":
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0555',
- source => "puppet:///modules/toollabs/${type}-starter",
- }
-
- file { '/usr/local/bin/portgrabber':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0555',
- source => 'puppet:///modules/toollabs/portgrabber',
- }
-
- file { '/usr/local/sbin/portgranter':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0555',
- source => 'puppet:///modules/toollabs/portgranter',
- }
-
- file { '/etc/init/portgranter.conf':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/toollabs/portgranter.conf',
- }
-}
--
To view, visit https://gerrit.wikimedia.org/r/167852
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib75c18f75a8b8048fb9900e7f74accabb13d1f96
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
