Gehel has submitted this change and it was merged. Change subject: Fixes issues with nginx package on logstash. ......................................................................
Fixes issues with nginx package on logstash. As part of T124444, nginx has been added to elasticsearch to provide SSL termination. In the case of Logstash, we do not need SSL, so all this should be deactivated. The deactivation part was not tested enough (and was broken). This fixes it by ensuring that nginx is completely removed when not needed. This change is dependant on https://gerrit.wikimedia.org/r/#/c/277476/ Bug: T129934 Change-Id: Ib85e12ef8195058287bd70c9d2bad70e6f8f51c1 --- A modules/elasticsearch/.rspec M modules/elasticsearch/manifests/https.pp M modules/elasticsearch/spec/defines/https_rspec.rb M modules/wmflib/README.md A modules/wmflib/lib/puppet/parser/functions/ensure_mounted.rb A modules/wmflib/spec/functions/ensure_mounted_spec.rb 6 files changed, 120 insertions(+), 9 deletions(-) Approvals: Gehel: Looks good to me, approved Filippo Giunchedi: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/modules/elasticsearch/.rspec b/modules/elasticsearch/.rspec new file mode 100644 index 0000000..f449dae --- /dev/null +++ b/modules/elasticsearch/.rspec @@ -0,0 +1,2 @@ +--format doc +--color diff --git a/modules/elasticsearch/manifests/https.pp b/modules/elasticsearch/manifests/https.pp index 85260af..249d159 100644 --- a/modules/elasticsearch/manifests/https.pp +++ b/modules/elasticsearch/manifests/https.pp @@ -8,8 +8,8 @@ $ensure = 'absent', ){ - class { 'nginx::ssl': - ensure => $ensure, + class { [ 'nginx', 'nginx::ssl' ]: + ensure => $ensure, } ::base::expose_puppet_certs { '/etc/nginx': diff --git a/modules/elasticsearch/spec/defines/https_rspec.rb b/modules/elasticsearch/spec/defines/https_rspec.rb index 6bf3608..49b94da 100644 --- a/modules/elasticsearch/spec/defines/https_rspec.rb +++ b/modules/elasticsearch/spec/defines/https_rspec.rb @@ -6,17 +6,28 @@ :fqdn => 'host.example.net' } } - describe 'certificates are absent by default' do - it { should contain_file('/etc/nginx/ssl/cert.pem').with({ 'ensure' => 'absent' }) } - it { should contain_file('/etc/nginx/ssl/server.key').with({ 'ensure' => 'absent' }) } + context 'with default parameters' do + it 'should ensure that certificates are absent' do + should contain_file('/etc/nginx/ssl/cert.pem').with({ 'ensure' => 'absent' }) + should contain_file('/etc/nginx/ssl/server.key').with({ 'ensure' => 'absent' }) + end + + it 'should ensure that nginx package is absent' do + should contain_package('nginx-full').with({ 'ensure' => 'absent' }) + end end - describe 'When enabled, nginx is installed and certificates are available' do + context 'with ensure => present' do let(:params) { { :ensure => 'present' } } - it { should contain_package('nginx-full') } - it { should contain_file('/etc/nginx/ssl/cert.pem').with({ 'ensure' => 'present' }) } - it { should contain_file('/etc/nginx/ssl/server.key').with({ 'ensure' => 'present' }) } + it 'should ensure that certificates are present' do + should contain_file('/etc/nginx/ssl/cert.pem').with({ 'ensure' => 'present' }) + should contain_file('/etc/nginx/ssl/server.key').with({ 'ensure' => 'present' }) + end + + it 'should ensure that nginx package is installed' do + should contain_package('nginx-full').with({ 'ensure' => 'present' }) + end end end diff --git a/modules/wmflib/README.md b/modules/wmflib/README.md index 277a541..fd3fe6d 100644 --- a/modules/wmflib/README.md +++ b/modules/wmflib/README.md @@ -78,6 +78,33 @@ } +## ensure_mounted + +`ensure_mounted( string|bool $ensure )` + +Takes a generic `ensure` parameter value and convert it to an +appropriate value for use with a mount declaration. + +If `$ensure` is `true` or `present`, the return value is `mounted`. +Otherwise, the return value is the unmodified `$ensure` parameter. + +### Examples + + # Sample class which mounts or unmounts '/var/lib/nginx' + # based on the class's generic $ensure parameter: + class nginx ( $ensure = present ) { + package { 'nginx-full': + ensure => $ensure, + } + mount { '/var/lib/nginx': + ensure => ensure_mounted($ensure), + device => 'tmpfs', + fstype => 'tmpfs', + options => 'defaults,noatime,uid=0,gid=0,mode=755,size=1g', + } + } + + ## ensure_service `ensure_service( string|bool $ensure )` diff --git a/modules/wmflib/lib/puppet/parser/functions/ensure_mounted.rb b/modules/wmflib/lib/puppet/parser/functions/ensure_mounted.rb new file mode 100644 index 0000000..7a5e321 --- /dev/null +++ b/modules/wmflib/lib/puppet/parser/functions/ensure_mounted.rb @@ -0,0 +1,35 @@ +# == Function: ensure_mounted( string|bool $ensure ) +# +# Takes a generic 'ensure' parameter value and convert it to an +# appropriate value for use with a mount declaration. +# +# If $ensure is 'true' or 'present', the return value is 'mounted'. +# Otherwise, the return value is the unmodified $ensure parameter. +# +# === Examples +# +# # Sample class which mounts or unmounts '/var/lib/nginx' +# # based on the class's generic $ensure parameter: +# class nginx ( $ensure = present ) { +# package { 'nginx-full': +# ensure => $ensure, +# } +# mount { '/var/lib/nginx': +# ensure => ensure_mounted($ensure), +# device => 'tmpfs', +# fstype => 'tmpfs', +# options => 'defaults,noatime,uid=0,gid=0,mode=755,size=1g', +# } +# } +# +module Puppet::Parser::Functions + newfunction(:ensure_mounted, :type => :rvalue, :arity => 1) do |args| + + ensure_param = args.first + case ensure_param + when 'present', 'true', true then 'mounted' + when 'absent', 'false', false then ensure_param + else fail(ArgumentError, "ensure_directory(): invalid argument: '#{ensure_param}'.") + end + end +end diff --git a/modules/wmflib/spec/functions/ensure_mounted_spec.rb b/modules/wmflib/spec/functions/ensure_mounted_spec.rb new file mode 100644 index 0000000..a5d0fd5 --- /dev/null +++ b/modules/wmflib/spec/functions/ensure_mounted_spec.rb @@ -0,0 +1,36 @@ +require 'spec_helper' + +describe "the ensure_mounted function" do + it "should exist" do + Puppet::Parser::Functions.function("ensure_mounted").should == "function_ensure_mounted" + end + + it "should raise a ParseError if there are less than 1 arguments" do + ->{ scope.function_ensure_mounted([]) }.should(raise_error(ArgumentError)) + end + + it "should raise a ParseError if there are more than 1 arguments" do + ->{ scope.function_ensure_mounted(['a', 'b']) }.should(raise_error(ArgumentError)) + end + + it "should return 'mounted' for param 'present'" do + result = scope.function_ensure_mounted(['present']) + result.should(eq('mounted')) + end + + it "should return 'mounted' for param 'true'" do + result = scope.function_ensure_mounted([true]) + result.should(eq('mounted')) + end + + it "should return 'absent' for param 'absent'" do + result = scope.function_ensure_mounted(['absent']) + result.should(eq('absent')) + end + + it "should return 'false' for param 'false'" do + result = scope.function_ensure_mounted([false]) + result.should(eq(false)) + end + +end -- To view, visit https://gerrit.wikimedia.org/r/277478 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib85e12ef8195058287bd70c9d2bad70e6f8f51c1 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Gehel <[email protected]> Gerrit-Reviewer: Dzahn <[email protected]> Gerrit-Reviewer: EBernhardson <[email protected]> Gerrit-Reviewer: Filippo Giunchedi <[email protected]> Gerrit-Reviewer: Gehel <[email protected]> Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]> Gerrit-Reviewer: Muehlenhoff <[email protected]> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
