[MediaWiki-commits] [Gerrit] mediawiki: make www-data the default user - change (operations/puppet)

Wed, 10 Jun 2015 06:16:20 -0700 

Giuseppe Lavagetto has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/217265

Change subject: mediawiki: make www-data the default user
......................................................................

mediawiki: make www-data the default user

Also, remove any remaining stanza creating the apache user.

Change-Id: Ia5641ecd206e9e384cc6618167394569851c5f34
---
M hieradata/hosts/silver.yaml
M hieradata/hosts/terbium.yaml
M hieradata/hosts/tin.yaml
M hieradata/labs/deployment-prep/common.yaml
M hieradata/role/common/mediawiki/appserver.yaml
M hieradata/role/common/mediawiki/appserver/api.yaml
M hieradata/role/common/mediawiki/appserver/canary_api.yaml
M hieradata/role/common/mediawiki/canary_appserver.yaml
M hieradata/role/common/mediawiki/imagescaler.yaml
M hieradata/role/common/mediawiki/jobrunner.yaml
M hieradata/role/common/mediawiki/videoscaler.yaml
M modules/mediawiki/manifests/users.pp
12 files changed, 4 insertions(+), 34 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/65/217265/1

diff --git a/hieradata/hosts/silver.yaml b/hieradata/hosts/silver.yaml
index 4e2d615..72fb02b 100644
--- a/hieradata/hosts/silver.yaml
+++ b/hieradata/hosts/silver.yaml
@@ -1,4 +1,3 @@
-mediawiki::users::web: www-data
 cluster: virt
 admin::groups:
   - deployment
diff --git a/hieradata/hosts/terbium.yaml b/hieradata/hosts/terbium.yaml
index bc8a6c6..7c4bb57 100644
--- a/hieradata/hosts/terbium.yaml
+++ b/hieradata/hosts/terbium.yaml
@@ -5,5 +5,4 @@
 base::resolving::domain_search:
   - wikimedia.org
   - eqiad.wmnet
-mediawiki::users::web: www-data
 ganglia_class: "new"
diff --git a/hieradata/hosts/tin.yaml b/hieradata/hosts/tin.yaml
index 13048e6..ab037c0 100644
--- a/hieradata/hosts/tin.yaml
+++ b/hieradata/hosts/tin.yaml
@@ -3,7 +3,6 @@
   - eqiad.wmnet
   - esams.wikimedia.org
   - codfw.wmnet
-mediawiki::users::web: www-data
 admin::groups:
   - deployment
   - parsoid-admin
diff --git a/hieradata/labs/deployment-prep/common.yaml 
b/hieradata/labs/deployment-prep/common.yaml
index 168519a..05778f3 100644
--- a/hieradata/labs/deployment-prep/common.yaml
+++ b/hieradata/labs/deployment-prep/common.yaml
@@ -748,7 +748,6 @@
 "hhvm::base_jit_size": 183500800
 "role::logging::mediawiki::log_directory": /data/project/logs
 "role::mediawiki::webserver::pool": one-pool-to-rule-them-all
-"mediawiki::users::web": www-data
 "beta::syncsiteresources::user": www-data
 "role::url_downloader::url_downloader_ip": 10.68.16.135
 "zotero::http_proxy": 
deployment-urldownloader.deployment-prep.eqiad.wmflabs:8080
diff --git a/hieradata/role/common/mediawiki/appserver.yaml 
b/hieradata/role/common/mediawiki/appserver.yaml
index 468b709..4e8f4a6 100644
--- a/hieradata/role/common/mediawiki/appserver.yaml
+++ b/hieradata/role/common/mediawiki/appserver.yaml
@@ -2,7 +2,6 @@
 role::mediawiki::webserver::pool: apaches
 admin::groups:
   - deployment
-mediawiki::users::web: www-data
 apache::mpm::mpm: worker
 mediawiki::web::mpm_config::mpm: worker
 hhvm::extra::fcgi:
diff --git a/hieradata/role/common/mediawiki/appserver/api.yaml 
b/hieradata/role/common/mediawiki/appserver/api.yaml
index 3a8afd5..0aaeedf 100644
--- a/hieradata/role/common/mediawiki/appserver/api.yaml
+++ b/hieradata/role/common/mediawiki/appserver/api.yaml
@@ -2,7 +2,6 @@
 role::mediawiki::webserver::pool: api
 admin::groups:
   - deployment
-mediawiki::users::web: www-data
 apache::mpm::mpm: worker
 mediawiki::web::mpm_config::mpm: worker
 hhvm::extra::fcgi:
diff --git a/hieradata/role/common/mediawiki/appserver/canary_api.yaml 
b/hieradata/role/common/mediawiki/appserver/canary_api.yaml
index 0c7f240..05612c6 100644
--- a/hieradata/role/common/mediawiki/appserver/canary_api.yaml
+++ b/hieradata/role/common/mediawiki/appserver/canary_api.yaml
@@ -4,7 +4,6 @@
 mediawiki::web::mpm_config::mpm: worker
 admin::groups:
   - deployment
-mediawiki::users::web: www-data
 hhvm::extra::fcgi:
   hhvm:
     mysql:
diff --git a/hieradata/role/common/mediawiki/canary_appserver.yaml 
b/hieradata/role/common/mediawiki/canary_appserver.yaml
index 1d345ee..9b9e0be 100644
--- a/hieradata/role/common/mediawiki/canary_appserver.yaml
+++ b/hieradata/role/common/mediawiki/canary_appserver.yaml
@@ -2,7 +2,6 @@
 role::mediawiki::webserver::pool: apaches
 apache::mpm::mpm: worker
 mediawiki::web::mpm_config::mpm: worker
-mediawiki::users::web: www-data
 admin::groups:
   - deployment
 hhvm::extra::fcgi:
diff --git a/hieradata/role/common/mediawiki/imagescaler.yaml 
b/hieradata/role/common/mediawiki/imagescaler.yaml
index 17d3089..d5a465f 100644
--- a/hieradata/role/common/mediawiki/imagescaler.yaml
+++ b/hieradata/role/common/mediawiki/imagescaler.yaml
@@ -1,4 +1,4 @@
 cluster: imagescaler
 role::mediawiki::webserver::pool: rendering
 mediawiki::web::mpm_config::workers_limit: 30
-mediawiki::users::web: www-data
+
diff --git a/hieradata/role/common/mediawiki/jobrunner.yaml 
b/hieradata/role/common/mediawiki/jobrunner.yaml
index 961cbe1..0fd3586 100644
--- a/hieradata/role/common/mediawiki/jobrunner.yaml
+++ b/hieradata/role/common/mediawiki/jobrunner.yaml
@@ -7,4 +7,4 @@
 mediawiki::jobrunner::runners_restbase: 3
 mediawiki::jobrunner::runners_translate: 1
 mediawiki::jobrunner::runners_upload: 7
-mediawiki::users::web: www-data
+
diff --git a/hieradata/role/common/mediawiki/videoscaler.yaml 
b/hieradata/role/common/mediawiki/videoscaler.yaml
index 4bdd8a0..9577816 100644
--- a/hieradata/role/common/mediawiki/videoscaler.yaml
+++ b/hieradata/role/common/mediawiki/videoscaler.yaml
@@ -2,4 +2,4 @@
 admin::groups:
   - deployment
 mediawiki::jobrunner::runners_transcode: 5
-mediawiki::users::web: www-data
+
diff --git a/modules/mediawiki/manifests/users.pp 
b/modules/mediawiki/manifests/users.pp
index b5f6fbe..98163af4 100644
--- a/modules/mediawiki/manifests/users.pp
+++ b/modules/mediawiki/manifests/users.pp
@@ -4,33 +4,11 @@
 # MediaWiki.
 #
 class mediawiki::users(
-    $web = 'apache',
+    $web = 'www-data',
     $mwdeploy_pub_key = 'ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAACAQC/81k2eXC0lM00+kg+5+p3kAHoOwAcbBjktlM7DENrrWdvkSlJasPDtHsU0+7woyGz2hHpI0SA8eBAEngl1X7uX4w1HU/VcG6np/kVMVrXPtn+sy4JtYTEVLuGzUstoc8PNxEDKvEQS7WGNLZtrgY0xWYsd7grt5tI/8qvhHd7coT6EWOcisRVnGY20r+/IWgsREZarbiW+0CSdQS0UzBbKQX/Hv+1asfZ24Qmq+yvXc2GuP+ewAm5gh0+5dUBHt69Ocq3PwCvqEypOrwpaqTGJbjvGLyaRN+YBNwoVwwl3EICYOJVDnNr/UxmzBT9RAJMHcpj6XrYiCTL1P9MUXyP54nZGOeqodSVn/L62lCwlh92D+E9qa6QFk8ikjKUr34vSI5jmQnscfaVz0k96YZP9B3J6+FDZOC8E/3SGRONrf4Fd4EAZGLQnoSdmwDHGGiHs8cjKnj4SinMabFzE3ReMV5k+Kdp999ne/vC2aryDSgc+EIXz731FmjPFmG5mdb/obGWHtU58kAbTSxPGV38uh1xvOSaSshfhYqK14G57x0ieUxV3zSZmJ5BuN5JbthgVNkAlMEATT2S6Cw+bBY7xgsE/0Wv139y0ChmatFyNv3uVbnMMTtJTBQGz+9Qb4xWTw1mxCxR5PmNmEaNI9+o/uk8M7fNd1muQfOUQPQkBQ==
 Mediawiki deployment key',
     $l10nupdate_pub_key = 'ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEAzcA/wB0uoU+XgiYN/scGczrAGuN99O8L7m8TviqxgX9s+RexhPtn8FHss1GKi8oxVO1V+ssABVb2q0fGza4wqrHOlZadcFEGjQhZ4IIfUwKUo78mKhQsUyTd5RYMR0KlcjB4UyWSDX5tFHK6FE7/tySNTX7Tihau7KZ9R0Ax//KySCG0skKyI1BK4Ufb82S8wohrktBO6W7lag0O2urh9dKI0gM8EuP666DGnaNBFzycKLPqLaURCeCdB6IiogLHiR21dyeHIIAN0zD6SUyTGH2ZNlZkX05hcFUEWcsWE49+Ve/rdfu1wWTDnourH/Xm3IBkhVGqskB+yp3Jkz2D3Q==
 l10nupdate@fenari',
 
 ) {
-
-    if ($web == 'apache') {
-        # For legacy reasons, we used to run Apache / MediaWiki using an 
'apache' user
-        # rather than use the Debian default 'www-data'. The name, gid, home,
-        # and shell of the apache user are set to conform with the postinst
-        # script of the wikimedia-task-appserver package, which provisioned it
-        # historically. These values can and should be modernized.
-        group { 'apache':
-            ensure => present,
-            gid    => 48,
-            system => true,
-        }
-
-        user { 'apache':
-            ensure     => present,
-            gid        => 48,
-            shell      => '/sbin/nologin',
-            home       => '/var/www',
-            system     => true,
-            managehome => false,
-        }
-    }
 
     # The mwdeploy account is used by various scripts in the MediaWiki
     # deployment process to run rsync.

-- 
To view, visit https://gerrit.wikimedia.org/r/217265
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia5641ecd206e9e384cc6618167394569851c5f34
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to