[MediaWiki-commits] [Gerrit] Restrict file persmissions on eventlogging mysql consumer - change (operations/puppet)

Ottomata (Code Review) Mon, 13 Apr 2015 07:08:44 -0700

Ottomata has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/203815


Change subject: Restrict file persmissions on eventlogging mysql consumer
......................................................................

Restrict file persmissions on eventlogging mysql consumer

Change-Id: I2f3530bb573e670134abbfce17f3e8e830d2e86d
---
M manifests/role/eventlogging.pp
M modules/eventlogging/manifests/service/consumer.pp
2 files changed, 19 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/15/203815/1

diff --git a/manifests/role/eventlogging.pp b/manifests/role/eventlogging.pp
index b98f206..eb3bc72 100644
--- a/manifests/role/eventlogging.pp
+++ b/manifests/role/eventlogging.pp
@@ -114,6 +114,10 @@
     eventlogging::service::consumer { 'mysql-m4-master':
         input  => "tcp://${processor}:8600",
         output => 
"mysql://${mysql_user}:${mysql_pass}@${mysql_db}?charset=utf8",
+        # Restrict permissions on this config file since it contains a 
password.
+        owner  => 'root',
+        group  => 'eventlogging',
+        mode   => '0640',
     }
 
 
diff --git a/modules/eventlogging/manifests/service/consumer.pp 
b/modules/eventlogging/manifests/service/consumer.pp
index 89fccf6..db3a7ef 100644
--- a/modules/eventlogging/manifests/service/consumer.pp
+++ b/modules/eventlogging/manifests/service/consumer.pp
@@ -29,6 +29,15 @@
 #   Value may be 'present' (provisions the resource; the default) or
 #   'absent' (destroys the resource).
 #
+# [*owner*]
+#   Owner of config file.  Default: root
+#
+# [*group*]
+#   Group owner of config file.  Default: root
+#
+# [*mode*]
+#   File permission mode of config file.  Default: 0644
+#
 # === Examples
 #
 #  eventlogging::service::consumer { 'all events':
@@ -41,6 +50,9 @@
     $output,
     $sid    = $title,
     $ensure = present,
+    $owner  = 'root',
+    $group  = 'root',
+    $mode   = '0644',
 ) {
     include ::eventlogging
 
@@ -49,5 +61,8 @@
         ensure  => $ensure,
         content => template('eventlogging/consumer.erb'),
         notify  => Service['eventlogging/init'],
+        owner   => $owner,
+        group   => $group,
+        mode    => $mode,
     }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/203815
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2f3530bb573e670134abbfce17f3e8e830d2e86d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ottomata <o...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Restrict file persmissions on eventlogging mysql consumer - change (operations/puppet)

Reply via email to