Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/179081
Change subject: Add a new squid3 module and replace in-grown use
......................................................................
Add a new squid3 module and replace in-grown use
install-server::caching-proxy and url_downloader both install &
configure squid3 and are *very* similar to each other (in fact they seem
derived from one another, then diverged a bit).
Abstract away the squid3 bits into a simple squid3 module that accepts a
configuration file or template and use it from the two modules.
The new module doesn't have rspec tests but the callsites do. This
should probably be fixed, by someone more knowledgeable in rspec, like
the author of both of these other two modules *cough*.
Change-Id: I86377761019fb65106ce56e99d8ba39f1dc4b10b
---
D modules/install-server/files/squid3-apt-proxy.conf
M modules/install-server/manifests/caching-proxy.pp
M modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
R modules/squid3/files/squid3-logrotate
A modules/squid3/manifests/init.pp
M modules/url_downloader/manifests/init.pp
M modules/url_downloader/spec/classes/urldownloader_spec.rb
7 files changed, 57 insertions(+), 119 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/81/179081/1
diff --git a/modules/install-server/files/squid3-apt-proxy.conf
b/modules/install-server/files/squid3-apt-proxy.conf
deleted file mode 100644
index 6c6a53d..0000000
--- a/modules/install-server/files/squid3-apt-proxy.conf
+++ /dev/null
@@ -1,58 +0,0 @@
-#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-####################################################################
-
-http_port 8080
-hierarchy_stoplist cgi-bin ?
-acl QUERY urlpath_regex cgi-bin \?
-cache deny QUERY
-acl apache rep_header Server ^Apache
-cache_replacement_policy heap LFUDA
-cache_dir aufs /var/spool/squid3 1000 16 256
-access_log none
-cache_store_log none
-hosts_file /etc/hosts
-refresh_pattern ^ftp: 1440 20% 10080
-refresh_pattern ^gopher: 1440 0% 1440
-refresh_pattern . 0 20% 4320
-acl manager proto cache_object
-acl localhost src 127.0.0.1/32
-acl to_localhost dst 127.0.0.0/8
-acl SSL_ports port 443 563 # https, snews
-acl SSL_ports port 873 # rsync
-acl Safe_ports port 80 # http
-acl Safe_ports port 21 # ftp
-acl Safe_ports port 443 563 # https, snews
-acl Safe_ports port 70 # gopher
-acl Safe_ports port 210 # wais
-acl Safe_ports port 1025-65535 # unregistered ports
-acl Safe_ports port 280 # http-mgmt
-acl Safe_ports port 488 # gss-http
-acl Safe_ports port 591 # filemaker
-acl Safe_ports port 777 # multiling http
-acl Safe_ports port 631 # cups
-acl Safe_ports port 873 # rsync
-acl Safe_ports port 901 # SWAT
-acl purge method PURGE
-acl CONNECT method CONNECT
-# TODO: Fix this to use templates and be populated from network.pp
-acl wikimedia src 208.80.152.0/22
-acl wikimedia src 91.198.174.0/24
-acl wikimedia src 198.35.26.0/23
-acl wikimedia src 185.15.56.0/22
-acl wikimedia src 10.0.0.0/8
-acl wikimedia src 2620:0:860::/46
-http_access allow manager localhost
-http_access deny manager
-http_access allow purge localhost
-http_access deny purge
-http_access deny !Safe_ports
-http_access deny CONNECT !SSL_ports
-http_access allow localhost
-http_access allow wikimedia
-http_access deny all
-http_reply_access allow all
-icp_access deny all
-cache_effective_user proxy
-cache_effective_group proxy
-coredump_dir /var/spool/squid3
diff --git a/modules/install-server/manifests/caching-proxy.pp
b/modules/install-server/manifests/caching-proxy.pp
index 2d11da4..9edc50d 100644
--- a/modules/install-server/manifests/caching-proxy.pp
+++ b/modules/install-server/manifests/caching-proxy.pp
@@ -13,31 +13,7 @@
# include install-server::caching-proxy
class install-server::caching-proxy {
- file { '/etc/squid3/squid.conf':
- ensure => present,
- mode => '0444',
- owner => 'root',
- group => 'root',
- source => 'puppet:///modules/install-server/squid3-apt-proxy.conf',
- require => Package['squid3'],
- }
-
- file { '/etc/logrotate.d/squid3':
- ensure => present,
- mode => '0444',
- owner => 'root',
- group => 'root',
- source => 'puppet:///modules/install-server/squid3-logrotate',
- require => Package['squid3'],
- }
-
- package { 'squid3':
- ensure => installed,
- }
-
- service { 'squid3':
- ensure => running,
- require => [ Package['squid3'], File['/etc/squid3/squid.conf'] ],
- subscribe => File['/etc/squid3/squid.conf'],
+ class { 'squid3':
+ config_source =>
'puppet:///modules/install-server/squid3-apt-proxy.conf',
}
}
diff --git
a/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
b/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
index aa3a647..5d61797 100644
--- a/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
+++ b/modules/install-server/spec/classes/install_server_caching_proxy_spec.rb
@@ -11,12 +11,5 @@
'owner' => 'root',
'group' => 'root',
}).without_path()
-
- should contain_file('/etc/logrotate.d/squid').with({
- 'ensure' => 'present',
- 'mode' => '0444',
- 'owner' => 'root',
- 'group' => 'root',
- }).without_path()
end
end
diff --git a/modules/url_downloader/files/squid3-logrotate
b/modules/squid3/files/squid3-logrotate
similarity index 92%
rename from modules/url_downloader/files/squid3-logrotate
rename to modules/squid3/files/squid3-logrotate
index 1d1cfc5..a8131e1 100644
--- a/modules/url_downloader/files/squid3-logrotate
+++ b/modules/squid3/files/squid3-logrotate
@@ -2,7 +2,7 @@
### THIS FILE IS MANAGED BY PUPPET
#####################################################################
#
-# Logrotate fragment for squid.
+# Logrotate fragment for squid3.
#
/var/log/squid3/*.log {
daily
diff --git a/modules/squid3/manifests/init.pp b/modules/squid3/manifests/init.pp
new file mode 100644
index 0000000..bfa9633
--- /dev/null
+++ b/modules/squid3/manifests/init.pp
@@ -0,0 +1,52 @@
+# Class: squid3
+#
+# This class installs squid3 and configures it
+#
+# Parameters:
+#
+# Actions:
+# Install squid3 and configure it as a caching forward proxy
+#
+# Requires:
+#
+# Sample Usage:
+# class { 'squid3': config_source => 'puppet:///modules/foo/squid3-foo.conf'
}
+# class { 'squid3': config_content => template('foo/squid3-foo.conf.erb') }
+
+
+class squid3(
+ $ensure = present,
+ $config_content = undef,
+ $config_source = undef,
+) {
+ validate_re($ensure, '^(present|absent)$')
+
+ file { '/etc/squid3/squid.conf':
+ ensure => $ensure,
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ source => $config_source,
+ content => $config_content,
+ require => Package['squid3'],
+ }
+
+ file { '/etc/logrotate.d/squid3':
+ ensure => $ensure,
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ source => 'puppet:///modules/squid3/squid3-logrotate',
+ require => Package['squid3'],
+ }
+
+ package { 'squid3':
+ ensure => $ensure,
+ }
+
+ service { 'squid3':
+ ensure => ensure_service($ensure),
+ require => File['/etc/squid3/squid.conf'],
+ subscribe => File['/etc/squid3/squid.conf'],
+ }
+}
diff --git a/modules/url_downloader/manifests/init.pp
b/modules/url_downloader/manifests/init.pp
index 00d551f..5a6cee1 100644
--- a/modules/url_downloader/manifests/init.pp
+++ b/modules/url_downloader/manifests/init.pp
@@ -16,31 +16,7 @@
# service_ip => '10.10.10.10' # Probably a public ip though
# }
class url_downloader($service_ip) {
- file { '/etc/squid3/squid.conf':
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => template('url_downloader/squid.conf.erb'),
+ class { 'squid3':
+ config_content => template('url_downloader/squid.conf.erb'),
}
-
- file { '/etc/logrotate.d/squid3':
- ensure => present,
- mode => '0444',
- owner => 'root',
- group => 'root',
- source => 'puppet:///modules/url_downloader/squid3-logrotate',
- }
-
- package { 'squid3':
- ensure => installed,
- }
-
- service { 'squid3':
- ensure => running,
- }
-
- Package['squid3'] -> Service['squid3']
- Package['squid3'] -> File['/etc/logrotate.d/squid3']
- Package['squid3'] -> File['/etc/squid3/squid.conf']
- File['/etc/squid3/squid.conf'] ~> Service['squid3'] # also notify
}
diff --git a/modules/url_downloader/spec/classes/urldownloader_spec.rb
b/modules/url_downloader/spec/classes/urldownloader_spec.rb
index 282df0c..eb49c19 100644
--- a/modules/url_downloader/spec/classes/urldownloader_spec.rb
+++ b/modules/url_downloader/spec/classes/urldownloader_spec.rb
@@ -9,7 +9,6 @@
it { should contain_package('squid3') }
it { should contain_service('squid3') }
- it { should contain_file('/etc/logrotate.d/squid3') }
it { should contain_file('/etc/squid3/squid.conf').
with_content(/10.10.10.10/).
with_content(/^acl (?! all src)/)
--
To view, visit https://gerrit.wikimedia.org/r/179081
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I86377761019fb65106ce56e99d8ba39f1dc4b10b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
