Dzahn has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/345085 )
Change subject: yubiauth: convert to profile/role structure ...................................................................... yubiauth: convert to profile/role structure Moving this role towards a role/profile structure to follow current puppet code organization. https://wikitech.wikimedia.org/wiki/Puppet_coding#Organization Change-Id: I3278b31b73e1aad6adc9c165f4eb99a2bba3a4c1 --- R hieradata/role/common/yubiauth_server.yaml M manifests/site.pp R modules/profile/manifests/yubiauth/server.pp A modules/role/manifests/yubiauth_server.pp 4 files changed, 25 insertions(+), 18 deletions(-) Approvals: jenkins-bot: Verified Dzahn: Looks good to me, approved diff --git a/hieradata/role/common/yubiauth/server.yaml b/hieradata/role/common/yubiauth_server.yaml similarity index 100% rename from hieradata/role/common/yubiauth/server.yaml rename to hieradata/role/common/yubiauth_server.yaml diff --git a/manifests/site.pp b/manifests/site.pp index 65ba992..1c68962 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -125,11 +125,11 @@ } node 'auth1001.eqiad.wmnet' { - role(yubiauth::server) + role('yubiauth_server') } node 'auth2001.codfw.wmnet' { - role(yubiauth::server) + role('yubiauth_server') } node 'baham.wikimedia.org' { diff --git a/modules/role/manifests/yubiauth/server.pp b/modules/profile/manifests/yubiauth/server.pp similarity index 67% rename from modules/role/manifests/yubiauth/server.pp rename to modules/profile/manifests/yubiauth/server.pp index 92f2dc2..53ac8ab 100644 --- a/modules/role/manifests/yubiauth/server.pp +++ b/modules/profile/manifests/yubiauth/server.pp @@ -1,20 +1,21 @@ -# = Class: role::yubiauth +# = Class: profile::yubiauth::server # # This class configures a Yubi 2FA authentication server # -class role::yubiauth::server { - include ::standard - include ::base::firewall - include ::profile::backup::host +class profile::yubiauth::server ( + $auth_servers = hiera('yubiauth_servers'), + $auth_server_primary = hiera('yubiauth_server_primary'), +) { - include yubiauth::yhsm_daemon - include yubiauth::yhsm_yubikey_ksm + $auth_servers_ferm = join($auth_servers, ' ') + + include ::base::firewall + + class {'::yubiauth::yhsm_daemon': } + + class {'::yubiauth::yhsm_yubikey_ksm': } backup::set { 'yubiauth-aeads' : } - - $auth_servers = hiera('yubiauth_servers') - $auth_servers_ferm = join($auth_servers, ' ') - $auth_server_primary = hiera('yubiauth_server_primary') if ($::fqdn == $auth_server_primary) { @@ -34,11 +35,6 @@ user => 'root', minute => '*/30', } - } - - system::role { 'role::yubiauth': - ensure => 'present', - description => 'Yubi 2FA authentication server', } ferm::service { 'yubikey-validation-server': diff --git a/modules/role/manifests/yubiauth_server.pp b/modules/role/manifests/yubiauth_server.pp new file mode 100644 index 0000000..effb45f --- /dev/null +++ b/modules/role/manifests/yubiauth_server.pp @@ -0,0 +1,11 @@ +class role::yubiauth_server { + + system::role { 'role::yubiauth_server': + ensure => 'present', + description => 'Yubi 2FA authentication server', + } + + include ::standard + include ::profile::backup::host + include ::profile::yubiauth::server +} -- To view, visit https://gerrit.wikimedia.org/r/345085 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3278b31b73e1aad6adc9c165f4eb99a2bba3a4c1 Gerrit-PatchSet: 7 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <dz...@wikimedia.org> Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org> Gerrit-Reviewer: Dzahn <dz...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits