Alexandros Kosiaris has submitted this change and it was merged. Change subject: maps: Add tileratorui service ......................................................................
maps: Add tileratorui service tileratorui is a service to be used to allow a human to view tiles and schedule build/rebuild/deletes and so on. It shares the same code repo with tilerator and the only change is the configuration and users Bug: T116062 Change-Id: Ifd1f3d586bc8794c59c768424f804bcaf445f06e --- M manifests/role/maps.pp M modules/tilerator/manifests/init.pp A modules/tilerator/manifests/ui.pp A modules/tilerator/templates/config_ui.yaml.erb M templates/maps/grants.cql.erb M templates/maps/grants.sql.erb 6 files changed, 50 insertions(+), 1 deletion(-) Approvals: Alexandros Kosiaris: Verified; Looks good to me, approved diff --git a/manifests/role/maps.pp b/manifests/role/maps.pp index be85d06..180c4b5 100644 --- a/manifests/role/maps.pp +++ b/manifests/role/maps.pp @@ -66,6 +66,7 @@ # Grants $kartotherian_pass = hiera('maps::postgresql_kartotherian_pass') $tilerator_pass = hiera('maps::postgresql_tilerator_pass') + $tileratorui_pass = hiera('maps::postgresql_tileratorui_pass') $osmimporter_pass = hiera('maps::postgresql_osmimporter_pass') $osmupdater_pass = hiera('maps::postgresql_osmupdater_pass') file { '/usr/local/bin/maps-grants.sql': @@ -77,6 +78,7 @@ # Cassandra grants $cassandra_kartotherian_pass = hiera('maps::cassandra_kartotherian_pass') $cassandra_tilerator_pass = hiera('maps::cassandra_tilerator_pass') + $cassandra_tileratorui_pass = hiera('maps::cassandra_tileratorui_pass') file { '/usr/local/bin/maps-grants.cql': owner => 'root', group => 'root', diff --git a/modules/tilerator/manifests/init.pp b/modules/tilerator/manifests/init.pp index 2718d3b..4da5db2 100644 --- a/modules/tilerator/manifests/init.pp +++ b/modules/tilerator/manifests/init.pp @@ -6,7 +6,8 @@ # accomodate future tilerator needs that are not suited for the service module # classes as well as conform to a de-facto standard of having a module for every # service -class tilerator() { +class tilerator { + include tilerator::ui $cassandra_tilerator_user = 'tilerator' $cassandra_tilerator_pass = hiera('maps::cassandra_tilerator_pass') diff --git a/modules/tilerator/manifests/ui.pp b/modules/tilerator/manifests/ui.pp new file mode 100644 index 0000000..f76f890 --- /dev/null +++ b/modules/tilerator/manifests/ui.pp @@ -0,0 +1,23 @@ +# Class: tilerator::ui +# +# This class installs and configures tilerator::ui +# +# While only being a thin wrapper around service::node, this class exists to +# accomodate future tileratorui needs that are not suited for the service module +# classes as well as conform to a de-facto standard of having a module for every +# service +class tilerator::ui { + $cassandra_tileratorui_user = 'tileratorui' + $cassandra_tileratorui_pass = hiera('maps::cassandra_tileratorui_pass') + $pgsql_tileratorui_user = 'tileratorui' + $pgsql_tileratorui_pass = hiera('maps::postgresql_tileratorui_pass') + + # NOTE: tileratorui does not have an LVS service associated with it. It is + # only meant to be used through an SSH tunnel + service::node { 'tileratorui': + port => 6535, + config => template('tilerator/config_ui.yaml.erb'), + no_workers => 0, # 0 on purpose to only have one instance running + repo => 'tilerator/deploy', + } +} diff --git a/modules/tilerator/templates/config_ui.yaml.erb b/modules/tilerator/templates/config_ui.yaml.erb new file mode 100644 index 0000000..5d1ae61 --- /dev/null +++ b/modules/tilerator/templates/config_ui.yaml.erb @@ -0,0 +1,12 @@ +# tileratorui-specific settings + +redis: redis://maps-test2001.codfw.wmnet + +variables: + osmdb-user: '<%= @pgsql_tileratorui_user %>' + osmdb-pswd: '<%= @pgsql_tileratorui_pass %>' + cassandra-user: '<%= @cassandra_tileratorui_user %>' + cassandra-pswd: '<%= @cassandra_tileratorui_pass %>' + +sources: sources.prod.yaml +uiOnly: true diff --git a/templates/maps/grants.cql.erb b/templates/maps/grants.cql.erb index 532bc3a..8a6128e 100644 --- a/templates/maps/grants.cql.erb +++ b/templates/maps/grants.cql.erb @@ -1,17 +1,24 @@ -- Cassandra grants for maps CREATE USER kartotherian WITH PASSWORD '<%= @cassandra_kartotherian_pass %>'; CREATE USER tilerator WITH PASSWORD '<%= @cassandra_tilerator_pass %>'; +CREATE USER tileratorui WITH PASSWORD '<%= @cassandra_tileratorui_pass %>'; -- Also alter the roles to ensure password consistency ALTER USER kartotherian WITH PASSWORD '<%= @cassandra_kartotherian_pass %>'; ALTER USER tilerator WITH PASSWORD '<%= @cassandra_tilerator_pass %>'; +ALTER USER tileratorui WITH PASSWORD '<%= @cassandra_tileratorui_pass %>'; -- First revoking all permissions to maintain consistency REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM kartotherian; REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM tilerator; +REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM tileratorui; -- kartotherian read only GRANT SELECT ON ALL KEYSPACES to kartotherian; -- tilerator should be able to update tiles GRANT SELECT ON ALL KEYSPACES to tilerator; GRANT MODIFY ON ALL KEYSPACES to tilerator; GRANT CREATE ON ALL KEYSPACES to tilerator; +-- tileratorui should be able to update tiles +GRANT SELECT ON ALL KEYSPACES to tileratorui; +GRANT MODIFY ON ALL KEYSPACES to tileratorui; +GRANT CREATE ON ALL KEYSPACES to tileratorui; -- TODO: Admin account to create indexes, alter tables? diff --git a/templates/maps/grants.sql.erb b/templates/maps/grants.sql.erb index 2205881..1ab8f4e 100644 --- a/templates/maps/grants.sql.erb +++ b/templates/maps/grants.sql.erb @@ -1,10 +1,14 @@ CREATE ROLE kartotherian WITH LOGIN PASSWORD '<%= @kartotherian_pass %>'; CREATE ROLE tilerator WITH LOGIN PASSWORD '<%= @tilerator_pass %>'; +CREATE ROLE tileratorui WITH LOGIN PASSWORD '<%= @tileratorui_pass %>'; + CREATE ROLE osmupdater WITH LOGIN PASSWORD '<%= @osmupdater_pass %>'; CREATE ROLE osmimporter WITH LOGIN PASSWORD '<%= @osmimporter_pass %>'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO kartotherian; GRANT SELECT ON ALL TABLES IN SCHEMA public TO tilerator; +GRANT SELECT ON ALL TABLES IN SCHEMA public TO tileratorui; + GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA public TO osmupdater; GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA public TO osmimporter; GRANT CREATE,TEMPORARY ON DATABASE gis TO osmimporter; -- To view, visit https://gerrit.wikimedia.org/r/244436 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ifd1f3d586bc8794c59c768424f804bcaf445f06e Gerrit-PatchSet: 10 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org> Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org> Gerrit-Reviewer: Yurik <yu...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits