[MediaWiki-commits] [Gerrit] Labs: Have fileservers no longer nsswitch to LDAP - change (operations/puppet)

Mon, 23 Nov 2015 08:14:05 -0800 

coren has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/254881

Change subject: Labs: Have fileservers no longer nsswitch to LDAP
......................................................................

Labs: Have fileservers no longer nsswitch to LDAP

This adds a minor tweak to ldap::manifests::client so that a
hiera value can force the system nsswitch.conf to be the distro
default (rather than ours which adds the ldap source); and
sets that variable to true for the labstores.

Bug: T87870
Change-Id: I76d7365e54c63f0668ebda4d7f9a252043be4438
---
M hieradata/eqiad/labstore/fileserver.yaml
M modules/ldap/manifests/client/nss.pp
2 files changed, 9 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/81/254881/1

diff --git a/hieradata/eqiad/labstore/fileserver.yaml 
b/hieradata/eqiad/labstore/fileserver.yaml
index 09e3390..620e069 100644
--- a/hieradata/eqiad/labstore/fileserver.yaml
+++ b/hieradata/eqiad/labstore/fileserver.yaml
@@ -1 +1,2 @@
 use_ldap: true
+nsswitch_use_default: true
diff --git a/modules/ldap/manifests/client/nss.pp 
b/modules/ldap/manifests/client/nss.pp
index 2007e3f..7f5731f 100644
--- a/modules/ldap/manifests/client/nss.pp
+++ b/modules/ldap/manifests/client/nss.pp
@@ -38,9 +38,16 @@
         source  => $nscd_conf,
     }
 
+    # Allow hiera to prevent systemwide nsswitch.conf change
+    # (more specifically, force the distro default)
+    $default_nsswitch = hiera('nsswitch_use_default', false)
+
     file { '/etc/nsswitch.conf':
         notify => Service['nscd'],
-        source => 'puppet:///modules/ldap/nsswitch.conf',
+        source => $default_nsswitch ? {
+            true    => 'file:///usr/share/base-files/nsswitch.conf',
+            default => 'puppet:///modules/ldap/nsswitch.conf',
+        }
     }
 
     # Allow labs projects to give people custom shells

-- 
To view, visit https://gerrit.wikimedia.org/r/254881
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I76d7365e54c63f0668ebda4d7f9a252043be4438
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <mpellet...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to