Ottomata has uploaded a new change for review.
https://gerrit.wikimedia.org/r/259542
Change subject: Move role::scap::target to scap::target
......................................................................
Move role::scap::target to scap::target
I don'd see any reason for this to be a role class,
especially if it is specifically needed for scap deployment
servers to be able to deploy to a target.
Change-Id: Ia78d44b9b56ea165e9b584f8b30c0395da490f51
TODO: Include ::scap directly from ::scap::target once it is safe (for MW) to
do so?
---
M manifests/role/mediawiki.pp
M modules/role/manifests/deployment/mediawiki.pp
D modules/role/manifests/scap/target.pp
A modules/scap/manifests/target.pp
4 files changed, 20 insertions(+), 13 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/42/259542/1
diff --git a/manifests/role/mediawiki.pp b/manifests/role/mediawiki.pp
index fd12760..ba45a11 100644
--- a/manifests/role/mediawiki.pp
+++ b/manifests/role/mediawiki.pp
@@ -26,7 +26,7 @@
desc => 'Allow incoming SSH for pybal health checks',
}
- include role::scap::target
+ include scap::target
monitoring::service { 'mediawiki-installation DSH group':
description => 'mediawiki-installation DSH group',
diff --git a/modules/role/manifests/deployment/mediawiki.pp
b/modules/role/manifests/deployment/mediawiki.pp
index 4614c49..30ad7a1 100644
--- a/modules/role/manifests/deployment/mediawiki.pp
+++ b/modules/role/manifests/deployment/mediawiki.pp
@@ -10,7 +10,7 @@
include mediawiki
include ::mediawiki::nutcracker
include scap::master
- include role::scap::target
+ include scap::target
if $::realm != 'labs' {
include deployment::wikitech
diff --git a/modules/role/manifests/scap/target.pp
b/modules/role/manifests/scap/target.pp
deleted file mode 100644
index cf1cdd9..0000000
--- a/modules/role/manifests/scap/target.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-# = class: role::scap::master
-#
-# Sets up a scap target, i.e. any host to which scap will deploy
-
-class role::scap::target {
- # allow ssh from deployment hosts
- ferm::rule { 'deployment-ssh':
- ensure => present,
- rule => 'proto tcp dport ssh saddr $DEPLOYMENT_HOSTS ACCEPT;',
- }
-}
diff --git a/modules/scap/manifests/target.pp b/modules/scap/manifests/target.pp
new file mode 100644
index 0000000..b7b0aad
--- /dev/null
+++ b/modules/scap/manifests/target.pp
@@ -0,0 +1,18 @@
+# = class: scap::target
+#
+# Sets up a scap target, i.e. any host to which scap will deploy
+# Currently, this only sets up ferm rules that will allow
+# $DEPLOYMENT_HOSTS to ssh to this host.
+#
+# TODO: Make this class include ::scap when it is
+# safe to do so. That way targets don't have to
+# remember to include the scap package separately
+# from scap::target.
+#
+class scap::target {
+ # allow ssh from deployment hosts
+ ferm::rule { 'deployment-ssh':
+ ensure => present,
+ rule => 'proto tcp dport ssh saddr $DEPLOYMENT_HOSTS ACCEPT;',
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/259542
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia78d44b9b56ea165e9b584f8b30c0395da490f51
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ottomata <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
