Thcipriani has uploaded a new change for review.
https://gerrit.wikimedia.org/r/252887
Change subject: RESTBase configuration for scap3 deployment
......................................................................
RESTBase configuration for scap3 deployment
Creates a RESTBase config class to allow configuration ownership to vary
based on deployment method.
Introduces the `$deployment` class parameter to the main `restbase`
class. That parameter is used to determine:
- Ownership of configuration files (via `restbase::config`)
- Installation of scap (and dependencies on the scap target)
- Creation and ownership of the
`/srv/deployment/restbase/{deploy,deploy-cache}` directories
Change-Id: I0e5b2a76edb45b0f21c42cd3ef2328307f0436dd
---
M hieradata/labs/deployment-prep/common.yaml
M hieradata/role/common/aqs.yaml
A modules/restbase/manifests/config.pp
D modules/restbase/manifests/deploy.pp
A modules/restbase/manifests/deploy/scap.pp
A modules/restbase/manifests/deploy/trebuchet.pp
M modules/restbase/manifests/init.pp
7 files changed, 122 insertions(+), 78 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/87/252887/1
diff --git a/hieradata/labs/deployment-prep/common.yaml
b/hieradata/labs/deployment-prep/common.yaml
index 0235c45..719091b 100644
--- a/hieradata/labs/deployment-prep/common.yaml
+++ b/hieradata/labs/deployment-prep/common.yaml
@@ -65,7 +65,7 @@
restbase::seeds:
- 10.68.17.227
- 10.68.17.189
-restbase::config_template: restbase/config.labs.yaml.erb
+restbase::config::config_template: restbase/config.labs.yaml.erb
restbase::parsoid_uri:
http://deployment-parsoid05.deployment-prep.eqiad.wmflabs:8000
restbase::statsd_host: labmon1001.eqiad.wmnet
restbase::logstash_host: deployment-logstash2.deployment-prep.eqiad.wmflabs
diff --git a/hieradata/role/common/aqs.yaml b/hieradata/role/common/aqs.yaml
index fe4d05a..d16117e 100644
--- a/hieradata/role/common/aqs.yaml
+++ b/hieradata/role/common/aqs.yaml
@@ -39,7 +39,7 @@
- aqs1001.eqiad.wmnet
- aqs1002.eqiad.wmnet
- aqs1003.eqiad.wmnet
-restbase::config_template: restbase/config.aqs.yaml.erb
+restbase::config::config_template: restbase/config.aqs.yaml.erb
restbase::logstash_host: logstash1001.eqiad.wmnet
restbase::cassandra_defaultConsistency: localQuorum
restbase::cassandra_localDc: "%{::site}"
diff --git a/modules/restbase/manifests/config.pp
b/modules/restbase/manifests/config.pp
new file mode 100644
index 0000000..e99864d
--- /dev/null
+++ b/modules/restbase/manifests/config.pp
@@ -0,0 +1,35 @@
+#= Class restbase::config
+#
+# Add configuration files for restbase
+#
+# === Parameters
+#
+# [*owner*]
+# User that should own the configuration directory
+# [*group*]
+# Group that should own the configuration directory
+# [*config_template*]
+# File to use as the configuration file template.
+# Default: restbase/config.yaml.erb
+
+class restbase::config (
+ $owner = 'root',
+ $group = 'root',
+ $config_template = 'restbase/config.yaml.erb',
+) {
+ file { '/etc/restbase':
+ ensure => directory,
+ owner => $owner,
+ group => $group,
+ mode => '0755',
+ before => Service['restbase'],
+ }
+
+ file { '/etc/restbase/config.yaml':
+ content => template($config_template),
+ owner => $owner,
+ group => $group,
+ mode => '0444',
+ tag => 'restbase::config',
+ }
+}
diff --git a/modules/restbase/manifests/deploy.pp
b/modules/restbase/manifests/deploy.pp
deleted file mode 100644
index f5d7d89..0000000
--- a/modules/restbase/manifests/deploy.pp
+++ /dev/null
@@ -1,55 +0,0 @@
-# == Class restbase::deploy
-#
-# Creates user and permissions for deploy user
-# on restbase hosts
-#
-# === Parameters
-#
-# [*public_key*]
-# This is the public_key for the deploy-service user. The private part of
this
-# key should reside in the private puppet repo for the environment. By
default
-# this public key is set to the deploy-service user's public key for
production
-# private puppet—it should be overwritten using hiera in non-production
-# environements.
-
-class restbase::deploy(
- $public_key_file = 'puppet:///modules/restbase/servicedeploy_rsa.pub',
-) {
- $user = 'deploy-service'
-
- user { $user:
- ensure => present,
- shell => '/bin/bash',
- home => '/var/lib/scap',
- system => true,
- managehome => true,
- }
-
- ssh::userkey { $user:
- source => $public_key_file,
- }
-
- # Using trebuchet provider while scap service deployment is under
- # development—chicken and egg things
- #
- # This should be removed once scap3 is in a final state
- package { 'scap/scap':
- provider => 'trebuchet',
- }
-
- # Rather than futz with adding new functionality to allow a deployment
- # user set per repository in trebuchet, I'm running an exec here
- $dir = '/srv/deployment/restbase/deploy'
- exec { 'chown deploy-service':
- command => "/bin/chown -R ${user} ${dir}",
- unless => "/usr/bin/test $(/usr/bin/stat -c'%U' ${dir}) = ${user}"
- }
-
- sudo::user { $user:
- privileges => [
- "ALL = (${user}) NOPASSWD: ALL",
- 'ALL = (root) NOPASSWD: /usr/sbin/service restbase restart',
- ]
- }
-
-}
diff --git a/modules/restbase/manifests/deploy/scap.pp
b/modules/restbase/manifests/deploy/scap.pp
new file mode 100644
index 0000000..6f3d272
--- /dev/null
+++ b/modules/restbase/manifests/deploy/scap.pp
@@ -0,0 +1,70 @@
+# == Class restbase::deploy::scap
+#
+# Ensures that restbase target is setup correctly for deployment via Scap3
+#
+# === Parameters
+#
+# [*public_key*]
+# This is the public_key for the deploy-service user. The private part of
this
+# key should reside in the private puppet repo for the environment. By
default
+# this public key is set to the deploy-service user's public key for
+# production private puppet—it should be overwritten using hiera in
+# non-production environments.
+# [*user*]
+# User that should run the scap deployment and own config files
+
+class restbase::deploy::scap (
+ $public_key_file = 'puppet:///modules/restbase/servicedeploy_rsa.pub',
+ $user = 'deploy-service',
+) {
+ include ::scap
+ include ::scap::target
+
+ class { restbase::config:
+ owner => $user,
+ }
+
+ user { $user:
+ ensure => present,
+ shell => '/bin/bash',
+ home => '/var/lib/scap',
+ system => true,
+ managehome => true,
+ }
+
+ ssh::userkey { $user:
+ source => $public_key_file,
+ }
+
+ $dir = '/srv/deployment/restbase'
+
+ file { "${dir}/deploy":
+ ensure => directory,
+ mode => '0775',
+ owner => $user,
+ group => 'wikidev',
+ }
+
+ file { "${dir}/deploy-cache":
+ ensure => directory,
+ mode => '0775',
+ owner => $user,
+ group => 'wikidev',
+ }
+
+ # Rather than futz with adding new functionality to allow a deployment
+ # user set per repository in trebuchet, I'm running an exec here
+ exec { 'chown deploy-service':
+ command => "/bin/chown -R ${user} ${dir}",
+ unless => "/usr/bin/test $(/usr/bin/stat -c'%U' ${dir}) = ${user}",
+ require => [File["${dir}/deploy"], File["${dir}/deploy-cache"]],
+ }
+
+ sudo::user { $user:
+ privileges => [
+ "ALL = (${user}) NOPASSWD: ALL",
+ 'ALL = (root) NOPASSWD: /usr/sbin/service restbase restart',
+ ]
+ }
+
+}
diff --git a/modules/restbase/manifests/deploy/trebuchet.pp
b/modules/restbase/manifests/deploy/trebuchet.pp
new file mode 100644
index 0000000..3fa77eb
--- /dev/null
+++ b/modules/restbase/manifests/deploy/trebuchet.pp
@@ -0,0 +1,10 @@
+# == Class restbase::deploy::trebuchet
+#
+# Ensures that restbase target is setup correctly for deployment via trebuchet
+#
+class restbase::deploy::trebuchet {
+ class { restbase::config:
+ owner => $config_owner,
+ group => $config_group,
+ }
+}
diff --git a/modules/restbase/manifests/init.pp
b/modules/restbase/manifests/init.pp
index 2c4fe07..cd0f36b 100644
--- a/modules/restbase/manifests/init.pp
+++ b/modules/restbase/manifests/init.pp
@@ -21,8 +21,6 @@
# The full list of member datacenters.
# [*port*]
# Port where to run the restbase service. Default: 7231
-# [*config_template*]
-# File to use as the configuration file template. Default:
restbase/config.yaml.erb
# [*parsoid_uri*]
# URI to reach Parsoid. Default: http://parsoid-lb.eqiad.wikimedia.org
# [*logstash_host*]
@@ -56,7 +54,6 @@
$port = 7231,
$salt_key = 'secretkey',
$page_size = 250,
- $config_template = 'restbase/config.yaml.erb',
$parsoid_uri = 'http://parsoid-lb.eqiad.wikimedia.org',
$logstash_host = 'localhost',
$logstash_port = 12201,
@@ -68,9 +65,12 @@
$mathoid_uri = 'http://mathoid.svc.eqiad.wmnet:10042',
$aqs_uri =
'http://aqs.svc.eqiad.wmnet:7232/analytics.wikimedia.org/v1',
+ $deployment = undef,
) {
- if $::realm == 'labs' {
- include restbase::deploy
+ # TODO: remove conditional once scap deploys RESTBase everywhere
+ case $deployment {
+ 'scap': { include restbase::deploy::scap }
+ default: { include restbase::deploy::trebuchet }
}
package { 'restbase/deploy':
@@ -115,22 +115,6 @@
group => 'root',
mode => '0755',
require => File['/etc/default/restbase'],
- }
-
- file { '/etc/restbase':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- before => Service['restbase'],
- }
-
- file { '/etc/restbase/config.yaml':
- content => template($config_template),
- owner => 'root',
- group => 'root',
- mode => '0444',
- tag => 'restbase::config',
}
file { '/usr/lib/restbase':
--
To view, visit https://gerrit.wikimedia.org/r/252887
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0e5b2a76edb45b0f21c42cd3ef2328307f0436dd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Thcipriani <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
