puppet)

20after4 (Code Review) Wed, 02 Mar 2016 13:57:31 -0800

20after4 has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/274502


Change subject: Add a deployment source for phabricator deployment from tin/mira
......................................................................

Add a deployment source for phabricator deployment from tin/mira

Refs T125851

Bug: T114363
Change-Id: I06eee23c338840fbba8ca81270f5ec0c81e02869
---
A modules/phabricator/manifests/deployment/source.pp
1 file changed, 40 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/02/274502/1

diff --git a/modules/phabricator/manifests/deployment/source.pp 
b/modules/phabricator/manifests/deployment/source.pp
new file mode 100644
index 0000000..2698c68
--- /dev/null
+++ b/modules/phabricator/manifests/deployment/source.pp
@@ -0,0 +1,40 @@
+# == Class phabricator::deployment::source
+# Include this class on a scap3 deployment server,
+# e.g. tin, deployment-bastion, etc.
+# It sets up private keys and adds them to keyholder,
+# allowing certain groups to deploy via ssh using
+# the configured ssh key for the deploy user.
+#
+class phabricator::deployment::source {
+    require ::keyholder
+    require ::keyholder::monitoring
+
+    $key_fingerprint = $::realm ? {
+        'labs'       => $::labsproject ? {
+            'phabricator' => '36:75:c2:fa:34:02:c8:8c:ff:30:09:aa:f7:77:96:41',
+            default           => undef,
+        },
+        'production' => '39:b3:2c:a7:b2:80:65:ff:0c:97:e1:22:88:6c:59:10',
+        default      => undef,
+    }
+
+    if !$key_fingerprint {
+        fail('Could not determine keyholder key_fingerprint for scap when 
setting up deployment source for phabricator.')
+    }
+
+    # Use phabricator-admins group for deployment in production,
+    # and just the current labs project group in labs.
+    $trusted_group = $::realm ? {
+        'labs'  => "project-${::labsproject}",
+        default => 'phabricator-roots',
+    }
+
+    # the phabricator private key has been added to
+    # deploy.phabricator.eqiad.wmflabs:/var/lib/git/labs/private/files/ssh/tin
+    keyholder::agent { 'phabricator':
+        trusted_group   => $trusted_group,
+        key_fingerprint => $key_fingerprint,
+        key_file        => 'phabricator_rsa',
+    }
+}
+

-- 
To view, visit https://gerrit.wikimedia.org/r/274502
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I06eee23c338840fbba8ca81270f5ec0c81e02869
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Add a deployment source for phabricator deployment from tin/... - change (operations/puppet)

Reply via email to