Filippo Giunchedi has submitted this change and it was merged.
Change subject: scap: Create wrapper script for master-master rsync
......................................................................
scap: Create wrapper script for master-master rsync
The rsync of the staging directory between scap master hosts needs to be
run as root so that mtimes and other permissions can propagate from
master to master and back without requiring that all files be owned by
the user performing the sync. Unix does not allow the mtime of
a directory to be set by a user that does not directly own the inode.
Bug: T117016
Change-Id: Ided423d063bbd4e0812a27031d6bafba4f14e6ad
---
A modules/scap/files/scap-master-sync
M modules/scap/manifests/master.pp
2 files changed, 28 insertions(+), 2 deletions(-)
Approvals:
Filippo Giunchedi: Verified; Looks good to me, approved
20after4: Looks good to me, but someone else must approve
diff --git a/modules/scap/files/scap-master-sync
b/modules/scap/files/scap-master-sync
new file mode 100755
index 0000000..b0dc544
--- /dev/null
+++ b/modules/scap/files/scap-master-sync
@@ -0,0 +1,18 @@
+#!/bin/bash
+# Rsync the common module from the given deployment master to the local
+# staging directory (/srv/mediawiki-staging)
+
+set -eu
+
+MASTER=${1:?No master provided}
+
+if [[ $EUID -ne 0 ]]; then
+ echo "$0 must be run as root" 1>&2
+ exit 2
+fi
+
+exec /usr/bin/rsync \
+ --archive --delete-delay --delay-updates --compress --delete \
+ --exclude="**/cache/l10n/*.cdb" \
+ --exclude="*.swp" \
+ "${MASTER}::common" /srv/mediawiki-staging
diff --git a/modules/scap/manifests/master.pp b/modules/scap/manifests/master.pp
index e033ca4..78b278a 100644
--- a/modules/scap/manifests/master.pp
+++ b/modules/scap/manifests/master.pp
@@ -38,12 +38,20 @@
deployment_group => $deployment_group,
}
- # Allow rsync of common module to mediawiki-staging as GID=wikidev
+ file { '/usr/local/bin/scap-master-sync':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///modules/scap/scap-master-sync',
+ }
+
+ # Allow rsync of common module to mediawiki-staging as root.
# This is for master-master sync of /srv/mediawiki-staging
sudo::user { 'scap-master-sync':
user => 'mwdeploy',
privileges => [
- 'ALL = (mwdeploy:wikidev) NOPASSWD: /usr/bin/rsync *\:\:common
/srv/mediawiki-staging',
+ 'ALL = (root) NOPASSWD: /usr/local/bin/scap-master-sync',
]
}
}
--
To view, visit https://gerrit.wikimedia.org/r/253040
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ided423d063bbd4e0812a27031d6bafba4f14e6ad
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: 20after4 <mmod...@wikimedia.org>
Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Dduvall <dduv...@wikimedia.org>
Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: Thcipriani <tcipri...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
