Tim Landscheidt has uploaded a new change for review. https://gerrit.wikimedia.org/r/198116
Change subject: Ignore warnings about URLs without modules for private repository ...................................................................... Ignore warnings about URLs without modules for private repository In most cases, the warnings generated by puppet-lint about "puppet://" URLs without "modules/" (cf. https://integration.wikimedia.org/ci/job/operations-puppet-puppetlint-strict/) are caused by manifests that have not been converted to modules yet. An exception are URLs that refer to the private repository; these are here to stay. This change marks them so that they are ignored by puppet-lint. In addition, it splits two cases of condensed resources into individual ones in accordance with our style guide (cf. https://wikitech.wikimedia.org/wiki/Puppet_coding#Resources). Bug: T87132 Change-Id: I76d788f86f14bcf008b7ac4c06bcd53eac7b5a32 --- M manifests/mail.pp M manifests/nfs.pp M manifests/role/access_new_install.pp M manifests/role/cache.pp M manifests/role/ci.pp M manifests/role/deployment.pp M manifests/role/mha.pp M modules/authdns/manifests/account.pp M modules/gerrit/manifests/jetty.pp M modules/icinga/manifests/init.pp M modules/icinga/manifests/nsca/client.pp M modules/icinga/manifests/nsca/daemon.pp M modules/mailman/manifests/webui.pp M modules/mw-rc-irc/manifests/ircserver.pp M modules/puppet/manifests/self/gitclone.pp M modules/puppetmaster/manifests/gitpuppet.pp M modules/releases/manifests/reprepro.pp M modules/scap/manifests/l10nupdate.pp M modules/statistics/manifests/sites/stats.pp M modules/subversion/manifests/viewvc.pp 20 files changed, 91 insertions(+), 27 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/16/198116/1 diff --git a/manifests/mail.pp b/manifests/mail.pp index 22957e4..0681339 100644 --- a/manifests/mail.pp +++ b/manifests/mail.pp @@ -97,7 +97,9 @@ exim4::dkim { 'wikimedia.org': domain => 'wikimedia.org', selector => 'wikimedia', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/dkim/wikimedia.org-wikimedia.key', + # lint:endignore } } @@ -113,7 +115,9 @@ exim4::dkim { 'lists.wikimedia.org': domain => 'lists.wikimedia.org', selector => 'wikimedia', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/dkim/lists.wikimedia.org-wikimedia.key', + # lint:endignore } } @@ -121,7 +125,9 @@ exim4::dkim { 'wiki-mail': domain => 'wikimedia.org', selector => 'wiki-mail', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/dkim/wikimedia.org-wiki-mail.key', + # lint:endignore } } diff --git a/manifests/nfs.pp b/manifests/nfs.pp index f24f571..e1654b0 100644 --- a/manifests/nfs.pp +++ b/manifests/nfs.pp @@ -217,7 +217,9 @@ owner => 'root', group => 'root', mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/backup/ssh-keys/home-rsync', + # lint:endignore } } diff --git a/manifests/role/access_new_install.pp b/manifests/role/access_new_install.pp index ab761dd..866e5c2 100644 --- a/manifests/role/access_new_install.pp +++ b/manifests/role/access_new_install.pp @@ -6,12 +6,16 @@ owner => 'root', group => 'root', mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/new_install/new_install', + # lint:endignore } file { '/root/.ssh/new_install.pub': owner => 'root', group => 'root', mode => '0444', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/new_install/new_install.pub', + # lint:endignore } } diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index 224398f..54ddf52 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -1428,7 +1428,9 @@ class { 'varnish::zero_update': site => $zero_site, + # lint:ignore:puppet_url_without_modules auth_src => 'puppet:///private/misc/zerofetcher.auth', + # lint:endignore } $storage_conf = $::realm ? { diff --git a/manifests/role/ci.pp b/manifests/role/ci.pp index 7da38a3..efac6d3 100644 --- a/manifests/role/ci.pp +++ b/manifests/role/ci.pp @@ -116,7 +116,9 @@ owner => 'jenkins', group => 'jenkins', mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/ci/jenkins-mwext-sync_id_rsa', + # lint:endignore require => User['jenkins'], } @@ -223,7 +225,9 @@ ensure => present, owner => 'npmtravis', mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/ci/npmtravis_id_rsa', + # lint:endignore require => File['/home/npmtravis/.ssh'], } diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp index e9c5d8c..df4fe08 100644 --- a/manifests/role/deployment.pp +++ b/manifests/role/deployment.pp @@ -127,7 +127,9 @@ class role::deployment::server( # Source of the key, change this if not in production, with hiera. + # lint:ignore:puppet_url_without_modules $key_source = 'puppet:///private/ssh/tin/mwdeploy_rsa', + # lint:endignore $apache_fqdn = $::fqdn, $deployment_group = 'wikidev', ) { diff --git a/manifests/role/mha.pp b/manifests/role/mha.pp index 674fe2c..27056c0 100644 --- a/manifests/role/mha.pp +++ b/manifests/role/mha.pp @@ -15,7 +15,9 @@ owner => 'mysql', group => 'mysql', mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/mysql/mysql.key', + # lint:endignore } ssh_authorized_key { 'mha4mysql': diff --git a/modules/authdns/manifests/account.pp b/modules/authdns/manifests/account.pp index fd1b4dc..29f64a4 100644 --- a/modules/authdns/manifests/account.pp +++ b/modules/authdns/manifests/account.pp @@ -34,17 +34,23 @@ owner => $user, group => $group, mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/authdns/id_rsa', + # lint:endignore } file { "${home}/.ssh/id_rsa.pub": ensure => 'present', owner => $user, group => $group, mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/authdns/id_rsa.pub', + # lint:endignore } ssh::userkey { $user: + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/authdns/id_rsa.pub', + # lint:endignore } file { "${home}/git-shell-commands": diff --git a/modules/gerrit/manifests/jetty.pp b/modules/gerrit/manifests/jetty.pp index 4254492..58cda82 100644 --- a/modules/gerrit/manifests/jetty.pp +++ b/modules/gerrit/manifests/jetty.pp @@ -62,7 +62,9 @@ group => 'gerrit2', mode => '0600', require => File['/var/lib/gerrit2/.ssh'], + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/gerrit/id_rsa', + # lint:endignore } file { '/var/lib/gerrit2/review_site': diff --git a/modules/icinga/manifests/init.pp b/modules/icinga/manifests/init.pp index 7beb4b8..97625fd 100644 --- a/modules/icinga/manifests/init.pp +++ b/modules/icinga/manifests/init.pp @@ -60,7 +60,9 @@ } file { '/etc/icinga/nsca_frack.cfg': + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/nagios/nsca_frack.cfg', + # lint:endignore owner => 'icinga', group => 'icinga', mode => '0644', @@ -78,7 +80,9 @@ } class { 'nagios_common::contacts': + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/nagios/contacts.cfg', + # lint:endignore require => Package['icinga'], notify => Service['icinga'], } diff --git a/modules/icinga/manifests/nsca/client.pp b/modules/icinga/manifests/nsca/client.pp index 9754fac..4d230a1 100644 --- a/modules/icinga/manifests/nsca/client.pp +++ b/modules/icinga/manifests/nsca/client.pp @@ -8,7 +8,9 @@ } file { '/etc/send_nsca.cfg': + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/icinga/send_nsca.cfg', + # lint:endignore owner => 'root', mode => '0400', require => Package['nsca-client'], diff --git a/modules/icinga/manifests/nsca/daemon.pp b/modules/icinga/manifests/nsca/daemon.pp index 96a180b..f5cb11d 100644 --- a/modules/icinga/manifests/nsca/daemon.pp +++ b/modules/icinga/manifests/nsca/daemon.pp @@ -11,7 +11,9 @@ } file { '/etc/nsca.cfg': + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/icinga/nsca.cfg', + # lint:endignore owner => 'root', mode => '0400', require => Package['nsca'], diff --git a/modules/mailman/manifests/webui.pp b/modules/mailman/manifests/webui.pp index cf7fcc3..2750120 100644 --- a/modules/mailman/manifests/webui.pp +++ b/modules/mailman/manifests/webui.pp @@ -16,7 +16,9 @@ # htdigest file for private list archives file { '/etc/apache2/arbcom-l.htdigest': + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/mailman/arbcom-l.htdigest', + # lint:endignore owner => 'root', group => 'www-data', mode => '0440', diff --git a/modules/mw-rc-irc/manifests/ircserver.pp b/modules/mw-rc-irc/manifests/ircserver.pp index 4196952..637172d 100644 --- a/modules/mw-rc-irc/manifests/ircserver.pp +++ b/modules/mw-rc-irc/manifests/ircserver.pp @@ -5,19 +5,24 @@ class mw-rc-irc::ircserver { - file { - '/usr/etc/ircd.conf': - mode => '0444', - owner => 'irc', - group => 'irc', - source => 'puppet:///private/misc/ircd.conf'; - '/usr/etc/ircd.motd': - mode => '0444', - owner => 'irc', - group => 'irc', - content => template('mw-rc-irc/motd.erb'); - '/etc/init/ircd.conf': - source => 'puppet:///modules/mw-rc-irc/upstart/ircd.conf', + file { '/usr/etc/ircd.conf': + mode => '0444', + owner => 'irc', + group => 'irc', + # lint:ignore:puppet_url_without_modules + source => 'puppet:///private/misc/ircd.conf', + # lint:endignore + } + + file { '/usr/etc/ircd.motd': + mode => '0444', + owner => 'irc', + group => 'irc', + content => template('mw-rc-irc/motd.erb'), + } + + file { '/etc/init/ircd.conf': + source => 'puppet:///modules/mw-rc-irc/upstart/ircd.conf', } service { 'ircd': diff --git a/modules/puppet/manifests/self/gitclone.pp b/modules/puppet/manifests/self/gitclone.pp index 90a1508..facef9f 100644 --- a/modules/puppet/manifests/self/gitclone.pp +++ b/modules/puppet/manifests/self/gitclone.pp @@ -37,7 +37,9 @@ owner => 'root', group => 'root', mode => '0600', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/labs-puppet-key', + # lint:endignore } file { $volatiledir: ensure => directory, diff --git a/modules/puppetmaster/manifests/gitpuppet.pp b/modules/puppetmaster/manifests/gitpuppet.pp index 3c425db..b6a03c2 100644 --- a/modules/puppetmaster/manifests/gitpuppet.pp +++ b/modules/puppetmaster/manifests/gitpuppet.pp @@ -12,22 +12,25 @@ owner => 'gitpuppet', group => 'gitpuppet', mode => '0700', - require => User['gitpuppet']; + require => User['gitpuppet'], } - file { - '/home/gitpuppet/.ssh/id_rsa': - owner => 'gitpuppet', - group => 'gitpuppet', - mode => '0400', - source => 'puppet:///private/ssh/gitpuppet/gitpuppet.key'; - '/home/gitpuppet/.ssh/gitpuppet-private-repo': - owner => 'gitpuppet', - group => 'gitpuppet', - mode => '0400', - source => 'puppet:///private/ssh/gitpuppet/gitpuppet-private.key'; + file { '/home/gitpuppet/.ssh/id_rsa': + owner => 'gitpuppet', + group => 'gitpuppet', + mode => '0400', + # lint:ignore:puppet_url_without_modules + source => 'puppet:///private/ssh/gitpuppet/gitpuppet.key', + # lint:endignore + } + file { '/home/gitpuppet/.ssh/gitpuppet-private-repo': + owner => 'gitpuppet', + group => 'gitpuppet', + mode => '0400', + # lint:ignore:puppet_url_without_modules + source => 'puppet:///private/ssh/gitpuppet/gitpuppet-private.key', + # lint:endignore } ssh::userkey { 'gitpuppet': source => 'puppet:///modules/puppetmaster/git/gitpuppet_authorized_keys', } } - diff --git a/modules/releases/manifests/reprepro.pp b/modules/releases/manifests/reprepro.pp index a7b7857..50988c3 100644 --- a/modules/releases/manifests/reprepro.pp +++ b/modules/releases/manifests/reprepro.pp @@ -24,7 +24,9 @@ homedir => $homedir, options => ["outdir ${outdir}"], gpg_pubring => 'puppet:///modules/releases/pubring.gpg', + # lint:ignore:puppet_url_without_modules gpg_secring => 'puppet:///private/releases/secring.gpg', + # lint:endignore incomingdir => $incomingdir, authorized_keys => ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIRN3017QJUoewK7PIKwMo2ojSl4Mu/YxDZC4NsryXmi4kKlCTN0DTeyVSlnDei56EngwYP1crshCCDZAzFECRMV5Hr3NmS/J+ICR0z6GQztd7bQEORot38wxOkOCXBtmqMgztAqyYv6SH3Qfn9qmjrw6/yW0lLqg6cejmYXF61YEYrXyZJm+hjOD1oaYsCdjkuE+3Ob+8t6KvTcvjxarr99RRcuKp67j+7g/HRzxDKGi8/Z8/wFIBu50W/6idhjyPzYIunU5ThFmcpHUdry4jTB1/whuec70wsgcdC6EKPVVp00BfSwBaRJKlVCMWvI1VilLpMC2WtLZXpSQ5iTJ1'], } @@ -79,7 +81,9 @@ } class releases::reprepro::upload ( + # lint:ignore:puppet_url_without_modules $private_key = 'puppet:///private/releases/id_rsa.upload', + # lint:endignore $user = 'releases', $group = 'releases', $sudo_user = '%wikidev', diff --git a/modules/scap/manifests/l10nupdate.pp b/modules/scap/manifests/l10nupdate.pp index 52763b8..73995d0 100644 --- a/modules/scap/manifests/l10nupdate.pp +++ b/modules/scap/manifests/l10nupdate.pp @@ -29,13 +29,17 @@ owner => 'l10nupdate', group => 'l10nupdate', mode => '0400', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/tin/l10nupdate/id_rsa', + # lint:endignore } file { '/home/l10nupdate/.ssh/id_rsa.pub': owner => 'l10nupdate', group => 'l10nupdate', mode => '0444', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/ssh/tin/l10nupdate/id_rsa.pub', + # lint:endignore } # Make sure the log directory exists and has adequate permissions. diff --git a/modules/statistics/manifests/sites/stats.pp b/modules/statistics/manifests/sites/stats.pp index 2eb9843..4f8ac44 100644 --- a/modules/statistics/manifests/sites/stats.pp +++ b/modules/statistics/manifests/sites/stats.pp @@ -14,7 +14,9 @@ owner => 'root', group => 'root', mode => '0644', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/apache/htpasswd.stats', + # lint:endignore } # add htpasswd file for private geowiki data @@ -22,7 +24,9 @@ owner => 'root', group => 'www-data', mode => '0640', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/apache/htpasswd.stats-geowiki', + # lint:endignore } # link geowiki checkout from docroot @@ -45,4 +49,4 @@ group => 'root', source => 'puppet:///files/apache/ports.conf.ssl', } -} \ No newline at end of file +} diff --git a/modules/subversion/manifests/viewvc.pp b/modules/subversion/manifests/viewvc.pp index 067ce5f..b520ad1 100644 --- a/modules/subversion/manifests/viewvc.pp +++ b/modules/subversion/manifests/viewvc.pp @@ -10,7 +10,9 @@ owner => 'root', group => 'root', mode => '0444', + # lint:ignore:puppet_url_without_modules source => 'puppet:///private/svn/svn-authz', + # lint:endignore } file { '/etc/viewvc/viewvc.conf': -- To view, visit https://gerrit.wikimedia.org/r/198116 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I76d788f86f14bcf008b7ac4c06bcd53eac7b5a32 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits