Giuseppe Lavagetto has uploaded a new change for review. https://gerrit.wikimedia.org/r/217475
Change subject: conftool: create puppet module ...................................................................... conftool: create puppet module This module installs conftool, sets up the configuration, copies the ca file and also creates a small wrapper script. Change-Id: I54eb9feedc3936b70b89913b30cb59eca101901a --- A modules/conftool/files/production.config.yaml A modules/conftool/manifests/init.pp A modules/conftool/templates/conftool-merge.erb 3 files changed, 60 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/75/217475/1 diff --git a/modules/conftool/files/production.config.yaml b/modules/conftool/files/production.config.yaml new file mode 100644 index 0000000..99870d0 --- /dev/null +++ b/modules/conftool/files/production.config.yaml @@ -0,0 +1,6 @@ +hosts: + - https://etcd1001.eqiad.wmnet:2379 + - https://etcd1002.eqiad.wmnet:2379 + - https://etcd1003.eqiad.wmnet:2379 +driver_options: + ca_cert: /etc/conftool/ca.pem diff --git a/modules/conftool/manifests/init.pp b/modules/conftool/manifests/init.pp new file mode 100644 index 0000000..921c5cf --- /dev/null +++ b/modules/conftool/manifests/init.pp @@ -0,0 +1,48 @@ +# == Class conftool +# +# Installs conftool, and creates a wrapper script that can be run in git as +# a post-receive hook. + +class conftool( + $sync_dir_root = '/var/lib/operations/puppet/conftool', + $config_file = 'puppet:///modules/conftool/production.config.yaml', + $ssl_dir = '/var/lib/puppet', + $use_ssl = true, + ) { + require_package 'conftool' + + file { '/usr/local/bin/conftool-merge': + ensure => present, + owner => root, + group => root, + mode => '0500', + content => template('conftool/conftool-merge.erb') + } + + file { '/etc/conftool': + ensure => directory, + owner => root, + group => root, + mode => '0755', + } + + file { '/etc/conftool/config.yaml': + ensure => present, + owner => root, + group => root, + mode => '0444', + source => $config_file, + before => File['/usr/local/bin/conftool-merge'], + } + + if $use_ssl { + file { '/etc/conftool/ca.pem': + ensure => present, + owner => root, + group => root, + mode => '0444', + source => "${ssl_dir}/certs/ca.pem", + before => File['/usr/local/bin/conftool-merge'], + } + } +} diff --git a/modules/conftool/templates/conftool-merge.erb b/modules/conftool/templates/conftool-merge.erb new file mode 100755 index 0000000..d8a1fa9 --- /dev/null +++ b/modules/conftool/templates/conftool-merge.erb @@ -0,0 +1,6 @@ +#!/bin/bash +set -e +set -u +test -d "<%= @sync_root_dir %> || exit 3 +echo "Running conftool-sync on <%= @sync_root_dir %>" +/usr/bin/conftool-sync --config /etc/conftool/config.yaml --directory <%= @sync_root_dir %> -- To view, visit https://gerrit.wikimedia.org/r/217475 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I54eb9feedc3936b70b89913b30cb59eca101901a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits