[MediaWiki-commits] [Gerrit] operations/puppet[production]: (WIP) puppetmaster: Experiment in defining a gitpuppet group

Mon, 12 Sep 2016 06:49:02 -0700 

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/309992

Change subject: (WIP) puppetmaster: Experiment in defining a gitpuppet group
......................................................................

(WIP) puppetmaster: Experiment in defining a gitpuppet group

We would like to have a gitpuppet group defined on puppetmasters and set
ownership on /srv/private, while causing minimal issues for current
users. Use YAML references to get the gitpuppet group populated with all
ops group members, populate the group on frontend, backend and ensure
the correct permission on /srv/private

Change-Id: Ia6d78aefa459bfca3be0a9c576dfad272855c9cd
---
M hieradata/role/common/puppetmaster/backend.yaml
M hieradata/role/common/puppetmaster/frontend.yaml
M modules/admin/data/data.yaml
M modules/puppetmaster/manifests/gitclone.pp
4 files changed, 10 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/92/309992/1

diff --git a/hieradata/role/common/puppetmaster/backend.yaml 
b/hieradata/role/common/puppetmaster/backend.yaml
index 87dfccf..2fa8f32 100644
--- a/hieradata/role/common/puppetmaster/backend.yaml
+++ b/hieradata/role/common/puppetmaster/backend.yaml
@@ -1,3 +1,5 @@
 debdeploy::grains:
   debdeploy-puppetmaster-backend:
     value: standard
+admin::groups:
+  - gitpuppet
diff --git a/hieradata/role/common/puppetmaster/frontend.yaml 
b/hieradata/role/common/puppetmaster/frontend.yaml
index 38f2b37..199bd13 100644
--- a/hieradata/role/common/puppetmaster/frontend.yaml
+++ b/hieradata/role/common/puppetmaster/frontend.yaml
@@ -1,3 +1,5 @@
 debdeploy::grains:
   debdeploy-puppetmaster-frontend:
     value: standard
+admin::groups:
+  - gitpuppet
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index a8169f0..47fc3d3 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -18,7 +18,7 @@
   ops:
     gid: 700
     description: include everywhere ops folks
-    members: [filippo, jgreen, bblack, andrew, faidon, rush, oblivian, laner, 
yuvipanda,
+    members: &ops_members [filippo, jgreen, bblack, andrew, faidon, rush, 
oblivian, laner, yuvipanda,
               dzahn, akosiaris, springle, mark, ariel, cmjohnson, otto, robh, 
tstarling,
               ori, midom, jmm, jynus, aaron, ema, elukey, gehel, volans, 
madhuvishy, marostegui]
     privileges: ['ALL = (ALL) NOPASSWD: ALL']
@@ -558,6 +558,10 @@
                  'ALL = NOPASSWD: /usr/sbin/service thumbor@* stop',
                  'ALL = NOPASSWD: /usr/sbin/service thumbor@* restart',
                  'ALL = (thumbor) NOPASSWD: ALL']
+  gitpuppet:
+    gid: 998
+    description: Private repo users
+    members: &ops_members
 
 users:
   rush:
diff --git a/modules/puppetmaster/manifests/gitclone.pp 
b/modules/puppetmaster/manifests/gitclone.pp
index 0560c49..dba75d6 100644
--- a/modules/puppetmaster/manifests/gitclone.pp
+++ b/modules/puppetmaster/manifests/gitclone.pp
@@ -88,7 +88,7 @@
                 ensure  => directory,
                 owner   => 'gitpuppet',
                 group   => 'gitpuppet',
-                mode    => '0644', # Will become 0755 for dir automatically
+                mode    => '0640', # Will become 0755 for dir automatically
                 recurse => 'true',
             }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/309992
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia6d78aefa459bfca3be0a9c576dfad272855c9cd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to