Yuvipanda has submitted this change and it was merged.
Change subject: apertium: Unify production and beta roles
......................................................................
apertium: Unify production and beta roles
Also remove sudo rule to let jenkins-deploy restart apertium.
This can be handled in wikitech now
Bug: T86633
Change-Id: I0b5dcc76b002b7e9fad6add180ddde1a8102b8d7
---
M hieradata/role/common/apertium/production.yaml
M manifests/role/apertium.pp
M manifests/site.pp
3 files changed, 10 insertions(+), 33 deletions(-)
Approvals:
Yuvipanda: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/role/common/apertium/production.yaml
b/hieradata/role/common/apertium/production.yaml
index 8abd3cf..6fe9c2a 100644
--- a/hieradata/role/common/apertium/production.yaml
+++ b/hieradata/role/common/apertium/production.yaml
@@ -1 +1 @@
-role::apertium::apertium_port: 2737
+role::apertium::port: 2737
diff --git a/manifests/role/apertium.pp b/manifests/role/apertium.pp
index dd178ca..81a5eb2 100644
--- a/manifests/role/apertium.pp
+++ b/manifests/role/apertium.pp
@@ -1,50 +1,27 @@
# vim: set ts=4 et sw=4:
-
-class role::apertium::production {
- system::role { 'role::apertium::production':
+class role::apertium(
+ $port = '2737',
+) {
+ system::role { 'role::apertium':
description => 'Apertium APY server'
}
-
- # Define Apertium port
- $apertium_port = hiera('role::apertium::apertium_port', '2737')
include ::apertium
# We have to explicitly open the apertium port (bug T47868)
ferm::service { 'apertium_http':
proto => 'tcp',
- port => $apertium_port,
+ port => $port,
}
monitoring::service { 'apertium':
description => 'apertium apy',
- check_command =>
"check_http_url_on_port!apertium.svc.eqiad.wmnet!${apertium_port}!/listPairs",
+ check_command =>
"check_http_url_on_port!apertium.svc.eqiad.wmnet!${port}!/listPairs",
}
+
}
-class role::apertium::beta {
- system::role { 'role::apertium::beta':
- description => 'Apertium APY server (on beta)'
- }
-
- # Define Apertium port
- $apertium_port = hiera('role::apertium::apertium_port', '2737')
-
- include ::apertium
-
- # Need to allow jenkins-deploy to reload apertium
- sudo::user { 'jenkins-deploy': privileges => [
- # Since the "root" user is local, we cant add the sudo policy in
- # OpenStack manager interface at wikitech
- 'ALL = (root) NOPASSWD:/usr/sbin/service apertium-apy restart',
- ] }
-
- # We have to explicitly open the apertium port (bug T47868)
- ferm::service { 'apertium_http':
- proto => 'tcp',
- port => $apertium_port,
- }
-
+class role::apertium::jenkins_access {
# Allow ssh access from the Jenkins master to the server where apertium is
# running
include contint::firewall::labs
diff --git a/manifests/site.pp b/manifests/site.pp
index e7a21be..4e4ed0d 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2718,7 +2718,7 @@
include role::mathoid::production
include role::citoid::production
- role apertium::production, cxserver::production
+ role apertium, cxserver::production
class { 'admin':
groups => [
--
To view, visit https://gerrit.wikimedia.org/r/184586
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0b5dcc76b002b7e9fad6add180ddde1a8102b8d7
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
