BryanDavis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/284982
Change subject: Add explicit mode to all the file resources I could find
......................................................................
Add explicit mode to all the file resources I could find
Provide an explicit mode parameter to Puppet managed file resources
rather than relying on whatever default umask Puppet may be using.
Bug: T133308
Bug: T133377
Change-Id: Ie87ca6e056383daee75f661cf5f75e8bb3cec909
---
M puppet/modules/3d/manifests/init.pp
M puppet/modules/activemq/manifests/init.pp
M puppet/modules/apache/manifests/env.pp
M puppet/modules/apache/manifests/init.pp
M puppet/modules/apache/manifests/site.pp
M puppet/modules/apache/manifests/site_conf.pp
M puppet/modules/apt/manifests/init.pp
M puppet/modules/cassandra/manifests/init.pp
M puppet/modules/contenttranslation/manifests/cxserver.pp
M puppet/modules/elasticsearch/manifests/init.pp
M puppet/modules/env/manifests/profile_script.pp
M puppet/modules/env/manifests/var.pp
M puppet/modules/eventlogging/manifests/devserver.pp
M puppet/modules/eventlogging/manifests/service.pp
M puppet/modules/git/manifests/clone.pp
M puppet/modules/graphoid/manifests/init.pp
M puppet/modules/hhvm/manifests/init.pp
M puppet/modules/kafka/manifests/init.pp
M puppet/modules/logstash/manifests/conf.pp
M puppet/modules/logstash/manifests/init.pp
M puppet/modules/mediawiki/manifests/apache.pp
M puppet/modules/mediawiki/manifests/composer/require.pp
M puppet/modules/mediawiki/manifests/import/text.pp
M puppet/modules/mediawiki/manifests/init.pp
M puppet/modules/mediawiki/manifests/multiwiki.pp
M puppet/modules/mediawiki/manifests/parsoid.pp
M puppet/modules/mediawiki/manifests/phpsh.pp
M puppet/modules/mediawiki/manifests/settings.pp
M puppet/modules/mediawiki/manifests/wiki.pp
M puppet/modules/memcached/manifests/init.pp
M puppet/modules/misc/manifests/init.pp
M puppet/modules/motd/manifests/init.pp
M puppet/modules/mwv/manifests/init.pp
M puppet/modules/npm/manifests/init.pp
M puppet/modules/phabricator/manifests/init.pp
M puppet/modules/php/manifests/ini.pp
M puppet/modules/redis/manifests/init.pp
M puppet/modules/role/manifests/confirmedit.pp
M puppet/modules/role/manifests/hadoop.pp
M puppet/modules/role/manifests/hive.pp
M puppet/modules/role/manifests/labs_initial_content.pp
M puppet/modules/role/manifests/oauth.pp
M puppet/modules/role/manifests/phragile.pp
M puppet/modules/role/manifests/raita.pp
M puppet/modules/role/manifests/simple_performant.pp
M puppet/modules/ruby/manifests/init.pp
M puppet/modules/smashpig/manifests/init.pp
M puppet/modules/statsd/manifests/init.pp
M puppet/modules/swift/manifests/init.pp
M puppet/modules/thumbor/manifests/init.pp
M puppet/modules/virtualenv/manifests/environment.pp
M puppet/modules/xvfb/manifests/init.pp
M puppet/modules/zotero/manifests/init.pp
M settings.d/puppet-managed/README
54 files changed, 103 insertions(+), 13 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vagrant
refs/changes/82/284982/1
diff --git a/puppet/modules/3d/manifests/init.pp
b/puppet/modules/3d/manifests/init.pp
index 8b6d8eb..38014dd 100644
--- a/puppet/modules/3d/manifests/init.pp
+++ b/puppet/modules/3d/manifests/init.pp
@@ -1,6 +1,7 @@
# == Class: 3d
#
-# This Puppet class installs and configures the binaries needed by the 3d
extensions.
+# This Puppet class installs and configures the binaries needed by the 3d
+# extensions.
#
# === Parameters
#
@@ -16,11 +17,6 @@
require_package('libxi-dev')
require_package('libglu1-mesa-dev')
require_package('libglew-dev')
-
- file { $3d2png_dir:
- ensure => directory,
- owner => 'vagrant',
- }
git::clone { '3d2png':
directory => $3d2png_dir,
diff --git a/puppet/modules/activemq/manifests/init.pp
b/puppet/modules/activemq/manifests/init.pp
index 4d2f4b1..69ebe03 100644
--- a/puppet/modules/activemq/manifests/init.pp
+++ b/puppet/modules/activemq/manifests/init.pp
@@ -26,6 +26,7 @@
file { $config:
owner => root,
group => root,
+ mode => '0444',
content => template('activemq/activemq.xml.erb'),
}
diff --git a/puppet/modules/apache/manifests/env.pp
b/puppet/modules/apache/manifests/env.pp
index 325a301..154de4d 100644
--- a/puppet/modules/apache/manifests/env.pp
+++ b/puppet/modules/apache/manifests/env.pp
@@ -43,6 +43,7 @@
file { "/etc/apache2/env-available/${title_safe}":
ensure => $ensure,
+ mode => '0444',
content => $content,
source => $source,
require => File['/etc/apache2/envvars'],
diff --git a/puppet/modules/apache/manifests/init.pp
b/puppet/modules/apache/manifests/init.pp
index 3c9569b..b0ac866 100644
--- a/puppet/modules/apache/manifests/init.pp
+++ b/puppet/modules/apache/manifests/init.pp
@@ -19,6 +19,7 @@
include apache::mod::version
file { '/etc/apache2/ports.conf':
+ mode => '0444',
content => template('apache/ports.conf.erb'),
require => Package['apache2'],
notify => Service['apache2'],
@@ -52,12 +53,14 @@
recurse => true,
purge => true,
force => true,
+ mode => '0755',
notify => Service['apache2'],
require => Package['apache2'],
}
file { '/etc/apache2/envvars':
ensure => present,
+ mode => '0444',
source => 'puppet:///modules/apache/envvars',
require => Package['apache2'],
notify => Service['apache2'],
@@ -71,6 +74,7 @@
file { $docroot:
ensure => directory,
+ mode => '0755',
}
# compatibility with old location
diff --git a/puppet/modules/apache/manifests/site.pp
b/puppet/modules/apache/manifests/site.pp
index a568f9d..d579b04 100644
--- a/puppet/modules/apache/manifests/site.pp
+++ b/puppet/modules/apache/manifests/site.pp
@@ -51,6 +51,7 @@
recurse => true,
purge => true,
force => true,
+ mode => '0755',
}
file { "/etc/apache2/site-confs/${title_safe}/00-default.conf":
diff --git a/puppet/modules/apache/manifests/site_conf.pp
b/puppet/modules/apache/manifests/site_conf.pp
index 16a5971..30d535c 100644
--- a/puppet/modules/apache/manifests/site_conf.pp
+++ b/puppet/modules/apache/manifests/site_conf.pp
@@ -42,6 +42,7 @@
ensure => $ensure,
content => $content,
source => $source,
+ mode => '0444',
notify => Service['apache2'],
}
}
diff --git a/puppet/modules/apt/manifests/init.pp
b/puppet/modules/apt/manifests/init.pp
index 8cdafb3..3537d2c 100644
--- a/puppet/modules/apt/manifests/init.pp
+++ b/puppet/modules/apt/manifests/init.pp
@@ -28,6 +28,7 @@
}
file { '/etc/apt/sources.list.d/wikimedia.list':
+ mode => '0444',
content => template('apt/wikimedia.list.erb'),
before => Exec['apt-get update'],
}
@@ -59,6 +60,7 @@
if $::shared_apt_cache {
file { '/etc/apt/apt.conf.d/20shared-cache':
+ mode => '0444',
content => "Dir::Cache::archives \"${::shared_apt_cache}\";\n",
}
diff --git a/puppet/modules/cassandra/manifests/init.pp
b/puppet/modules/cassandra/manifests/init.pp
index 937549c..ec83af0 100644
--- a/puppet/modules/cassandra/manifests/init.pp
+++ b/puppet/modules/cassandra/manifests/init.pp
@@ -18,10 +18,11 @@
) {
# set up the repo pubkey
- file { '/usr/local/share/datastax-pubkey.asc':
+ file { '/usr/local/share/datastax-pubkey.asc':
source => 'puppet:///modules/cassandra/datastax-pubkey.asc',
owner => 'root',
group => 'root',
+ mode => '0444',
before => File['/etc/apt/sources.list.d/datastax.sources.list'],
notify => Exec['add_datastax_apt_key'],
}
@@ -38,6 +39,7 @@
source => 'puppet:///modules/cassandra/datastax.sources.list',
owner => 'root',
group => 'root',
+ mode => '0444',
notify => Exec['apt-get update'],
}
@@ -46,6 +48,7 @@
content => template('cassandra/cassandra-env.sh.erb'),
owner => 'root',
group => 'root',
+ mode => '0555',
require => Package['cassandra'],
notify => Service['cassandra'],
}
@@ -55,6 +58,7 @@
source => 'puppet:///modules/cassandra/cassandra.yaml',
owner => 'root',
group => 'root',
+ mode => '0444',
require => Package['cassandra'],
notify => Service['cassandra'],
}
@@ -64,6 +68,7 @@
content => template('cassandra/logback.xml.erb'),
owner => 'root',
group => 'root',
+ mode => '0444',
require => Package['cassandra'],
notify => Service['cassandra'],
}
diff --git a/puppet/modules/contenttranslation/manifests/cxserver.pp
b/puppet/modules/contenttranslation/manifests/cxserver.pp
index 283eaf2..65ddc81 100644
--- a/puppet/modules/contenttranslation/manifests/cxserver.pp
+++ b/puppet/modules/contenttranslation/manifests/cxserver.pp
@@ -93,11 +93,13 @@
}
file { "${dir}/src/config.js":
+ mode => '0444',
content => template('contenttranslation/cxserver.config.js.erb'),
require => Git::Clone['mediawiki/services/cxserver/deploy'],
}
file { '/etc/init/cxserver.conf':
+ mode => '0444',
content => template('contenttranslation/cxserver.conf.erb'),
}
diff --git a/puppet/modules/elasticsearch/manifests/init.pp
b/puppet/modules/elasticsearch/manifests/init.pp
index fd18dc1..073f8f5 100644
--- a/puppet/modules/elasticsearch/manifests/init.pp
+++ b/puppet/modules/elasticsearch/manifests/init.pp
@@ -14,6 +14,7 @@
# Temporary and poor work around for
# https://github.com/elastic/elasticsearch/issues/11594
ensure => 'directory'
+ mode => '0755',
}
service { 'elasticsearch':
@@ -26,12 +27,14 @@
}
file { '/etc/default/elasticsearch':
+ mode => '0444',
source => 'puppet:///modules/elasticsearch/defaults',
require => Package['elasticsearch'],
notify => Service['elasticsearch'],
}
file { '/etc/elasticsearch/elasticsearch.yml':
+ mode => '0444',
source => 'puppet:///modules/elasticsearch/elasticsearch.yml',
require => Package['elasticsearch'],
notify => Service['elasticsearch'],
@@ -41,8 +44,8 @@
ensure => file,
owner => 'root',
group => 'root',
- content => template('elasticsearch/logging.yml.erb'),
mode => '0444',
+ content => template('elasticsearch/logging.yml.erb'),
require => Package['elasticsearch'],
}
diff --git a/puppet/modules/env/manifests/profile_script.pp
b/puppet/modules/env/manifests/profile_script.pp
index 886f3d0..490b806 100644
--- a/puppet/modules/env/manifests/profile_script.pp
+++ b/puppet/modules/env/manifests/profile_script.pp
@@ -48,6 +48,7 @@
file { "/etc/profile.d/${script_file}.sh":
ensure => $ensure,
+ mode => '0444',
content => $content,
source => $source,
}
diff --git a/puppet/modules/env/manifests/var.pp
b/puppet/modules/env/manifests/var.pp
index 8f81430..f6b0df4 100644
--- a/puppet/modules/env/manifests/var.pp
+++ b/puppet/modules/env/manifests/var.pp
@@ -23,6 +23,7 @@
) {
file { "/etc/profile.d/set_${title}.sh":
ensure => $ensure,
+ mode => '0444',
content => template('env/set_var.erb'),
}
}
diff --git a/puppet/modules/eventlogging/manifests/devserver.pp
b/puppet/modules/eventlogging/manifests/devserver.pp
index 42560ad..286a6f6 100644
--- a/puppet/modules/eventlogging/manifests/devserver.pp
+++ b/puppet/modules/eventlogging/manifests/devserver.pp
@@ -8,6 +8,7 @@
# Local variable for ease of use in service.upstart.erb template.
$eventlogging_path = $::eventlogging::path
file { '/etc/init/eventlogging-devserver.conf':
+ mode => '0444',
content => template('eventlogging/devserver.upstart.erb'),
}
diff --git a/puppet/modules/eventlogging/manifests/service.pp
b/puppet/modules/eventlogging/manifests/service.pp
index 4b5941c..5fcf0a5 100644
--- a/puppet/modules/eventlogging/manifests/service.pp
+++ b/puppet/modules/eventlogging/manifests/service.pp
@@ -44,10 +44,12 @@
# Python argparse config file for eventlogging-service
file { $config_file:
+ mode => '0444',
content => template('eventlogging/service.erb'),
}
file { "/etc/init/${service_name}.conf":
+ mode => '0444',
content => template('eventlogging/service.upstart.erb'),
}
diff --git a/puppet/modules/git/manifests/clone.pp
b/puppet/modules/git/manifests/clone.pp
index b2c6334..5641125 100644
--- a/puppet/modules/git/manifests/clone.pp
+++ b/puppet/modules/git/manifests/clone.pp
@@ -93,6 +93,7 @@
ensure => 'directory',
owner => $owner,
group => $group,
+ mode => '0755',
before => Exec["git_clone_${title}"],
}
}
diff --git a/puppet/modules/graphoid/manifests/init.pp
b/puppet/modules/graphoid/manifests/init.pp
index c7c9164..2b538fa 100644
--- a/puppet/modules/graphoid/manifests/init.pp
+++ b/puppet/modules/graphoid/manifests/init.pp
@@ -39,6 +39,7 @@
file { $conf_path:
ensure => present,
+ mode => '0444',
content => template('graphoid/config.erb'),
}
diff --git a/puppet/modules/hhvm/manifests/init.pp
b/puppet/modules/hhvm/manifests/init.pp
index 3a11022..c845440 100644
--- a/puppet/modules/hhvm/manifests/init.pp
+++ b/puppet/modules/hhvm/manifests/init.pp
@@ -83,14 +83,17 @@
file { '/etc/hhvm':
ensure => directory,
+ mode => '0755',
}
file { '/etc/hhvm/php.ini':
+ mode => '0444',
content => php_ini($common_settings),
before => Env::Alternative['hhvm_as_default_php'],
}
file { '/etc/hhvm/fcgi.ini':
+ mode => '0444',
content => php_ini($common_settings, $fcgi_settings),
notify => Service['hhvm'],
}
diff --git a/puppet/modules/kafka/manifests/init.pp
b/puppet/modules/kafka/manifests/init.pp
index 9c90e3a..fe08d5f 100644
--- a/puppet/modules/kafka/manifests/init.pp
+++ b/puppet/modules/kafka/manifests/init.pp
@@ -25,6 +25,7 @@
require => Package['kafka-server'],
owner => 'root',
group => 'root',
+ mode => '0444',
}
service { 'kafka':
@@ -46,6 +47,7 @@
# Install handy env vars in all shells so we don't have to specify
# broker and zookeeper args every time using kafka CLI.
file { '/etc/profile.d/kafka.sh':
+ mode => '0444',
source => 'puppet:///modules/kafka/kafka.profile.sh',
}
}
diff --git a/puppet/modules/logstash/manifests/conf.pp
b/puppet/modules/logstash/manifests/conf.pp
index 9f6aedd..fa296c2 100644
--- a/puppet/modules/logstash/manifests/conf.pp
+++ b/puppet/modules/logstash/manifests/conf.pp
@@ -34,6 +34,7 @@
file { "/etc/logstash/conf.d/${conf_file}.conf":
ensure => $ensure,
+ mode => '0444',
content => $content,
source => $source,
notify => Service['logstash'],
diff --git a/puppet/modules/logstash/manifests/init.pp
b/puppet/modules/logstash/manifests/init.pp
index 0e30ec2..a31cafe 100644
--- a/puppet/modules/logstash/manifests/init.pp
+++ b/puppet/modules/logstash/manifests/init.pp
@@ -27,6 +27,7 @@
}
file { '/etc/default/logstash':
+ mode => '0755',
content => template('logstash/default.erb'),
require => Package['logstash'],
notify => Service['logstash'],
@@ -37,6 +38,7 @@
recurse => true,
purge => true,
force => true,
+ mode => '0755',
source => 'puppet:///modules/logstash/conf.d',
require => Package['logstash'],
}
diff --git a/puppet/modules/mediawiki/manifests/apache.pp
b/puppet/modules/mediawiki/manifests/apache.pp
index 003e397..6133636 100644
--- a/puppet/modules/mediawiki/manifests/apache.pp
+++ b/puppet/modules/mediawiki/manifests/apache.pp
@@ -47,20 +47,23 @@
file { "${docroot}/favicon.ico":
ensure => file,
- require => Package['apache2'],
+ mode => '0444',
source => 'puppet:///modules/mediawiki/favicon.ico',
+ require => Package['apache2'],
}
file { "${docroot}/info.php":
ensure => file,
- require => Package['apache2'],
+ mode => '0444',
source => 'puppet:///modules/mediawiki/info.php',
+ require => Package['apache2'],
}
# Define a default robots.txt file but let it be changed locally
file { "${docroot}/robots.txt":
ensure => present,
- source => 'puppet:///modules/mediawiki/robots.txt',
+ mode => '0444',
replace => false,
+ source => 'puppet:///modules/mediawiki/robots.txt',
}
}
diff --git a/puppet/modules/mediawiki/manifests/composer/require.pp
b/puppet/modules/mediawiki/manifests/composer/require.pp
index 081a5fc..3bc34d4 100644
--- a/puppet/modules/mediawiki/manifests/composer/require.pp
+++ b/puppet/modules/mediawiki/manifests/composer/require.pp
@@ -52,6 +52,7 @@
$safe_title = regsubst($title, '\W', '-', 'G')
file { "${::mediawiki::composer_fragment_dir}/${safe_title}.json":
+ mode => '0444',
content => template('mediawiki/composer-require.json.erb'),
notify => Exec["composer update ${::mediawiki::dir}"],
}
diff --git a/puppet/modules/mediawiki/manifests/import/text.pp
b/puppet/modules/mediawiki/manifests/import/text.pp
index 9582c41..b4cfc8d 100644
--- a/puppet/modules/mediawiki/manifests/import/text.pp
+++ b/puppet/modules/mediawiki/manifests/import/text.pp
@@ -52,6 +52,7 @@
$path = "${::mediawiki::page_dir}/wiki/${db_name}/${page_title}"
file { $path:
+ mode => '0444',
source => $source,
content => $content,
notify => Exec["add page ${wiki}/${page_title}"],
diff --git a/puppet/modules/mediawiki/manifests/init.pp
b/puppet/modules/mediawiki/manifests/init.pp
index 15cfc3b..a846e1e 100644
--- a/puppet/modules/mediawiki/manifests/init.pp
+++ b/puppet/modules/mediawiki/manifests/init.pp
@@ -86,6 +86,7 @@
file { 'mediawiki_upstart_bridge':
path => '/etc/init/mediawiki-bridge.conf',
+ mode => '0444',
content => template('mediawiki/mediawiki-bridge.conf.erb'),
require => Git::Clone['mediawiki/core'],
}
@@ -94,6 +95,7 @@
ensure => directory,
owner => $::share_owner,
group => $::share_group,
+ mode => '0755',
}
file { $cache_dir:
@@ -107,7 +109,7 @@
ensure => directory,
owner => $::share_owner,
group => $::share_group,
- mode => undef,
+ mode => '0755',
recurse => true,
purge => true,
force => true,
@@ -117,6 +119,7 @@
# Needed by ::mediawiki::import::text
file { [$page_dir, "${page_dir}/wiki"]:
ensure => directory,
+ mode => '0755',
}
mediawiki::wiki { $wiki_name:
@@ -162,6 +165,7 @@
file { "${mediawiki::apache::docroot}/mediawiki-vagrant.png":
source => 'puppet:///modules/mediawiki/mediawiki-vagrant.png',
+ mode => '0444',
}
file { '/usr/local/bin/run-mediawiki-tests':
@@ -204,6 +208,7 @@
# Needed by mediawiki::composer::require
file { $composer_fragment_dir:
ensure => directory,
+ mode => '0755',
recurse => true,
purge => true,
notify => Exec["composer update ${dir}"],
diff --git a/puppet/modules/mediawiki/manifests/multiwiki.pp
b/puppet/modules/mediawiki/manifests/multiwiki.pp
index a48ee1f..e7788dd 100644
--- a/puppet/modules/mediawiki/manifests/multiwiki.pp
+++ b/puppet/modules/mediawiki/manifests/multiwiki.pp
@@ -216,6 +216,7 @@
ensure => directory,
owner => $::share_owner,
group => $::share_group,
+ mode => '0755',
recurse => true,
purge => true,
force => true,
diff --git a/puppet/modules/mediawiki/manifests/parsoid.pp
b/puppet/modules/mediawiki/manifests/parsoid.pp
index 830d262..b7ec094 100644
--- a/puppet/modules/mediawiki/manifests/parsoid.pp
+++ b/puppet/modules/mediawiki/manifests/parsoid.pp
@@ -52,11 +52,13 @@
file { 'parsoid-localsettings.js':
path => "${dir}/src/localsettings.js",
+ mode => '0444',
content => template('mediawiki/parsoid.localsettings.js.erb'),
require => Git::Clone['mediawiki/services/parsoid/deploy'],
}
file { '/etc/init/parsoid.conf':
+ mode => '0444',
content => template('mediawiki/parsoid.conf.erb'),
}
diff --git a/puppet/modules/mediawiki/manifests/phpsh.pp
b/puppet/modules/mediawiki/manifests/phpsh.pp
index 7fb8343..d8c1166 100644
--- a/puppet/modules/mediawiki/manifests/phpsh.pp
+++ b/puppet/modules/mediawiki/manifests/phpsh.pp
@@ -20,14 +20,17 @@
file { '/etc/phpsh':
ensure => directory,
+ mode => '0755',
}
file { '/etc/phpsh/config':
ensure => present,
+ mode => '0444',
source => 'puppet:///modules/mediawiki/phpsh/config'
}
file { '/etc/phpsh/rc.php':
+ mode => '0444',
content => template('mediawiki/rc.php.erb'),
require => Package['phpsh'],
}
diff --git a/puppet/modules/mediawiki/manifests/settings.pp
b/puppet/modules/mediawiki/manifests/settings.pp
index b78293b..3fd54d8 100644
--- a/puppet/modules/mediawiki/manifests/settings.pp
+++ b/puppet/modules/mediawiki/manifests/settings.pp
@@ -134,6 +134,7 @@
content => template('mediawiki/settings.php.erb'),
owner => $::share_owner,
group => $::share_group,
+ mode => '0444',
}
if $wiki_name {
diff --git a/puppet/modules/mediawiki/manifests/wiki.pp
b/puppet/modules/mediawiki/manifests/wiki.pp
index dc0fab8..d24113a 100644
--- a/puppet/modules/mediawiki/manifests/wiki.pp
+++ b/puppet/modules/mediawiki/manifests/wiki.pp
@@ -187,6 +187,7 @@
file { $settings_root:
ensure => directory,
+ mode => '0755',
}
# $wgDebugLogFile
@@ -207,6 +208,7 @@
file { $settings_dir:
ensure => directory,
+ mode => '0755',
}
file { "${settings_dir}/puppet-managed":
@@ -214,12 +216,14 @@
recurse => true,
purge => true,
force => true,
+ mode => '0755',
source => 'puppet:///modules/mediawiki/wiki/settings.d-empty',
}
# used by ::mediawiki::import::text
file { "${::mediawiki::page_dir}/wiki/${db_name}":
ensure => directory,
+ mode => '0755',
}
apache::site_conf { "${title}_images":
diff --git a/puppet/modules/memcached/manifests/init.pp
b/puppet/modules/memcached/manifests/init.pp
index 57e8cd1..d1ccbeb 100644
--- a/puppet/modules/memcached/manifests/init.pp
+++ b/puppet/modules/memcached/manifests/init.pp
@@ -30,6 +30,7 @@
}
file { '/etc/memcached.conf':
+ mode => '0444',
content => template('memcached/memcached.conf.erb'),
notify => Service['memcached'],
}
diff --git a/puppet/modules/misc/manifests/init.pp
b/puppet/modules/misc/manifests/init.pp
index 1f0bf54..48a9d48 100644
--- a/puppet/modules/misc/manifests/init.pp
+++ b/puppet/modules/misc/manifests/init.pp
@@ -10,6 +10,7 @@
recurse => true,
purge => true,
force => true,
+ mode => '0755',
source => 'puppet:///modules/misc/etc_profile.d',
}
@@ -35,6 +36,7 @@
}
file { '/etc/ackrc':
+ mode => '0444',
require => Package['ack-grep'],
source => 'puppet:///modules/misc/ackrc',
}
@@ -52,6 +54,7 @@
# Initialize PHPStorm environment from common template
file { '/vagrant/.idea':
+ mode => '0644', # puppet will automatically set +x for directories
source => '/vagrant/support/idea-dist',
recurse => true,
replace => false,
diff --git a/puppet/modules/motd/manifests/init.pp
b/puppet/modules/motd/manifests/init.pp
index 0bcf1b7..058559e 100644
--- a/puppet/modules/motd/manifests/init.pp
+++ b/puppet/modules/motd/manifests/init.pp
@@ -8,6 +8,7 @@
recurse => true,
ignore => '9*',
purge => true,
+ mode => '0775',
notify => Exec['update_motd'],
}
diff --git a/puppet/modules/mwv/manifests/init.pp
b/puppet/modules/mwv/manifests/init.pp
index 9cac68f..3acce09 100644
--- a/puppet/modules/mwv/manifests/init.pp
+++ b/puppet/modules/mwv/manifests/init.pp
@@ -86,6 +86,7 @@
}
file { '/etc/default/cachefilesd':
+ mode => '0444',
content => "RUN=yes\nSTARTTIME=5\n",
require => Package['cachefilesd'],
}
diff --git a/puppet/modules/npm/manifests/init.pp
b/puppet/modules/npm/manifests/init.pp
index 7f47e6d..cb520a6 100644
--- a/puppet/modules/npm/manifests/init.pp
+++ b/puppet/modules/npm/manifests/init.pp
@@ -19,6 +19,7 @@
source => 'puppet:///modules/npm/nodesource-pubkey.asc',
owner => 'root',
group => 'root',
+ mode => '0444',
before => File['/etc/apt/sources.list.d/nodesource.list'],
notify => Exec['add_nodesource_apt_key'],
}
@@ -39,6 +40,7 @@
source => 'puppet:///modules/npm/nodesource.sources.list',
owner => 'root',
group => 'root',
+ mode => '0444',
require => Exec['ins-apt-transport-https'],
notify => Exec['apt-get update'],
}
diff --git a/puppet/modules/phabricator/manifests/init.pp
b/puppet/modules/phabricator/manifests/init.pp
index be8eccf..59c7e5c 100644
--- a/puppet/modules/phabricator/manifests/init.pp
+++ b/puppet/modules/phabricator/manifests/init.pp
@@ -84,6 +84,7 @@
file { '/var/repo':
ensure => directory,
+ mode => '0755',
}
# Setup databases
diff --git a/puppet/modules/php/manifests/ini.pp
b/puppet/modules/php/manifests/ini.pp
index 8665464..46bb699 100644
--- a/puppet/modules/php/manifests/ini.pp
+++ b/puppet/modules/php/manifests/ini.pp
@@ -42,6 +42,7 @@
$conffile = "/etc/php5/mods-available/${basename}.ini"
file { $conffile:
+ mode => '0444',
content => template('php/conffile.ini.erb'),
require => Package['php5'],
notify => Service['apache2'],
diff --git a/puppet/modules/redis/manifests/init.pp
b/puppet/modules/redis/manifests/init.pp
index c95a5be..a159965 100644
--- a/puppet/modules/redis/manifests/init.pp
+++ b/puppet/modules/redis/manifests/init.pp
@@ -74,6 +74,7 @@
}
file { '/etc/redis/redis.conf':
+ mode => '0444',
content => template('redis/redis.conf.erb'),
require => [ Package['redis-server'], File[$dir] ],
}
diff --git a/puppet/modules/role/manifests/confirmedit.pp
b/puppet/modules/role/manifests/confirmedit.pp
index 0f3f354..c242690 100644
--- a/puppet/modules/role/manifests/confirmedit.pp
+++ b/puppet/modules/role/manifests/confirmedit.pp
@@ -32,6 +32,7 @@
file { [ "${::mediawiki::dir}/images/temp", $output ]:
ensure => directory,
+ mode => '0755',
before => Exec['generate_captchas'],
}
diff --git a/puppet/modules/role/manifests/hadoop.pp
b/puppet/modules/role/manifests/hadoop.pp
index 8384d50..a27741a 100644
--- a/puppet/modules/role/manifests/hadoop.pp
+++ b/puppet/modules/role/manifests/hadoop.pp
@@ -12,9 +12,11 @@
file { $hadoop_directory:
ensure => 'directory',
+ mode => '0755',
}
file { $hadoop_data_directory:
ensure => 'directory',
+ mode => '0755',
}
$datanode_mounts = [
diff --git a/puppet/modules/role/manifests/hive.pp
b/puppet/modules/role/manifests/hive.pp
index 7250110..0e12279 100644
--- a/puppet/modules/role/manifests/hive.pp
+++ b/puppet/modules/role/manifests/hive.pp
@@ -34,7 +34,7 @@
}
# Add an env variable to keep Hive client heapsize low.
- file { '/etc/profile.d/hive.sh':
+ env::profile_script { 'hive':
content => "export HADOOP_HEAPSIZE=32\n",
}
}
diff --git a/puppet/modules/role/manifests/labs_initial_content.pp
b/puppet/modules/role/manifests/labs_initial_content.pp
index f09ec54..fca6858 100644
--- a/puppet/modules/role/manifests/labs_initial_content.pp
+++ b/puppet/modules/role/manifests/labs_initial_content.pp
@@ -13,6 +13,7 @@
file { "${::mediawiki::apache::docroot}/labs_mediawiki_logo.png":
ensure => present,
+ mode => '0444',
source => 'puppet:///modules/labs/labs_vagrant_logo.png',
}
diff --git a/puppet/modules/role/manifests/oauth.pp
b/puppet/modules/role/manifests/oauth.pp
index 434662f..ca7c2d4 100644
--- a/puppet/modules/role/manifests/oauth.pp
+++ b/puppet/modules/role/manifests/oauth.pp
@@ -26,12 +26,15 @@
file { $dir:
ensure => directory,
+ mode => '0755',
}
file { "${dir}/index.php":
content => template('role/oauth/hello_world.php.erb'),
+ mode => '0444',
}
file { "${dir}/oauth-hello-world.ini":
content => template('role/oauth/oauth-hello-world.ini.erb'),
+ mode => '0444',
}
apache::site_conf { 'oauth-hello-world':
@@ -41,9 +44,11 @@
file { "${dir}/register.sql":
content => template('role/oauth/register.sql.erb'),
+ mode => '0444',
}
file { "${dir}/check.sql":
content => template('role/oauth/check.sql.erb'),
+ mode => '0444',
}
mediawiki::maintenance { 'register oauth-hello-world':
command => "/usr/local/bin/mwscript sql.php --wiki=wiki
${dir}/register.sql",
diff --git a/puppet/modules/role/manifests/phragile.pp
b/puppet/modules/role/manifests/phragile.pp
index 979aea0..5377943 100644
--- a/puppet/modules/role/manifests/phragile.pp
+++ b/puppet/modules/role/manifests/phragile.pp
@@ -28,6 +28,7 @@
}
file { "${install_dir}/.env":
+ mode => '0444',
content => template('role/phragile/env.erb'),
require => Git::Clone['https://github.com/wmde/phragile.git'],
replace => false,
diff --git a/puppet/modules/role/manifests/raita.pp
b/puppet/modules/role/manifests/raita.pp
index 0f7d5f4..55e1637 100644
--- a/puppet/modules/role/manifests/raita.pp
+++ b/puppet/modules/role/manifests/raita.pp
@@ -47,6 +47,7 @@
}
file { '/tmp/raita-data.json':
+ mode => '0444',
source => 'puppet:///modules/role/raita/data.json',
}
diff --git a/puppet/modules/role/manifests/simple_performant.pp
b/puppet/modules/role/manifests/simple_performant.pp
index a7d9852..dc134f9 100644
--- a/puppet/modules/role/manifests/simple_performant.pp
+++ b/puppet/modules/role/manifests/simple_performant.pp
@@ -60,6 +60,7 @@
file { '/vagrant/mediawiki/skins/.htaccess':
ensure => present,
+ mode => '0444',
source => 'puppet:///modules/role/simple_performant/skins-htaccess',
require => Class['::apache::mod::expires'],
}
diff --git a/puppet/modules/ruby/manifests/init.pp
b/puppet/modules/ruby/manifests/init.pp
index 6950529..9143091 100644
--- a/puppet/modules/ruby/manifests/init.pp
+++ b/puppet/modules/ruby/manifests/init.pp
@@ -34,6 +34,7 @@
$gem_bin_dir = '/usr/local/bin'
file { '/etc/gemrc':
+ mode => '0444',
content => 'gem: --no-ri --no-rdoc',
}
diff --git a/puppet/modules/smashpig/manifests/init.pp
b/puppet/modules/smashpig/manifests/init.pp
index affbfe9..2f6bff4 100644
--- a/puppet/modules/smashpig/manifests/init.pp
+++ b/puppet/modules/smashpig/manifests/init.pp
@@ -21,6 +21,7 @@
}
file { "${dir}/config.php":
+ mode => '0444',
content => template('smashpig/config.php.erb'),
require => [
Git::Clone['wikimedia/fundraising/SmashPig'],
@@ -28,6 +29,7 @@
}
file { "${dir}/PublicHttp/.htaccess":
+ mode => '0444',
source => "${dir}/PublicHttp/.htaccess.sample",
require => Git::Clone['wikimedia/fundraising/SmashPig'],
}
diff --git a/puppet/modules/statsd/manifests/init.pp
b/puppet/modules/statsd/manifests/init.pp
index ef2bbf9..40793cf 100644
--- a/puppet/modules/statsd/manifests/init.pp
+++ b/puppet/modules/statsd/manifests/init.pp
@@ -59,6 +59,7 @@
}
file { "${dir}/backends/statsd-json-backend.js":
+ mode => '0444',
source => 'puppet:///modules/statsd/statsd-json-backend.js',
require => Git::Clone['statsd'],
}
diff --git a/puppet/modules/swift/manifests/init.pp
b/puppet/modules/swift/manifests/init.pp
index 8e49550..18c6e52 100644
--- a/puppet/modules/swift/manifests/init.pp
+++ b/puppet/modules/swift/manifests/init.pp
@@ -75,24 +75,28 @@
ensure => 'directory',
owner => 'swift',
group => 'swift',
+ mode => '0775',
}
file { '/etc/swift/backups':
ensure => 'directory',
owner => 'swift',
group => 'swift',
+ mode => '0775',
}
file { $storage_dir:
ensure => 'directory',
owner => 'swift',
group => 'swift',
+ mode => '0775',
}
file { "${storage_dir}/1":
ensure => 'directory',
owner => 'swift',
group => 'swift',
+ mode => '0775',
}
file { $cfg_file:
diff --git a/puppet/modules/thumbor/manifests/init.pp
b/puppet/modules/thumbor/manifests/init.pp
index fceb8f7..8b9b876 100644
--- a/puppet/modules/thumbor/manifests/init.pp
+++ b/puppet/modules/thumbor/manifests/init.pp
@@ -105,6 +105,7 @@
# Hack because pip install cv2 inside a virtualenv is broken
file { "${deploy_dir}/lib/python2.7/site-packages/cv2.so":
ensure => present,
+ mode => '0444',
# From python-opencv
source => '/usr/lib/python2.7/dist-packages/cv2.so',
require => Virtualenv::Environment[$deploy_dir],
@@ -112,6 +113,7 @@
file { "${deploy_dir}/tinyrgb.icc":
ensure => present,
+ mode => '0444',
source => 'puppet:///modules/thumbor/tinyrgb.icc',
}
diff --git a/puppet/modules/virtualenv/manifests/environment.pp
b/puppet/modules/virtualenv/manifests/environment.pp
index 320f8a1..2fde7e6 100644
--- a/puppet/modules/virtualenv/manifests/environment.pp
+++ b/puppet/modules/virtualenv/manifests/environment.pp
@@ -46,6 +46,7 @@
ensure => directory,
owner => $owner,
group => $group,
+ mode => '0755',
}
$command = $packages ? {
diff --git a/puppet/modules/xvfb/manifests/init.pp
b/puppet/modules/xvfb/manifests/init.pp
index 02df16a..113dae0 100644
--- a/puppet/modules/xvfb/manifests/init.pp
+++ b/puppet/modules/xvfb/manifests/init.pp
@@ -41,6 +41,7 @@
file { '/etc/init/xvfb.conf':
content => template('xvfb/xvfb.conf.erb'),
+ mode => '0444',
require => [ Package['xvfb'], User['xvfb'] ],
}
diff --git a/puppet/modules/zotero/manifests/init.pp
b/puppet/modules/zotero/manifests/init.pp
index 139fd84..9230a53 100644
--- a/puppet/modules/zotero/manifests/init.pp
+++ b/puppet/modules/zotero/manifests/init.pp
@@ -27,6 +27,7 @@
before => Service['zotero'],
owner => $::share_owner,
group => $::share_group,
+ mode => '0755',
}
git::clone{ 'mediawiki/services/zotero/translation-server':
@@ -43,9 +44,11 @@
file { '/etc/zotero':
ensure => directory,
+ mode => '0775',
}
file { '/etc/zotero/defaults.js':
ensure => present,
+ mode => '0444',
content => template('zotero/defaults.js.erb'),
require => Git::Clone['mediawiki/services/zotero/translation-server'],
notify => Service['zotero'],
diff --git a/settings.d/puppet-managed/README b/settings.d/puppet-managed/README
old mode 100644
new mode 100755
--
To view, visit https://gerrit.wikimedia.org/r/284982
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie87ca6e056383daee75f661cf5f75e8bb3cec909
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: BryanDavis <bda...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
