[MediaWiki-commits] [Gerrit] operations/puppet[production]: wikistats: make db_pass a parameter, use fqdn_rand_string

Fri, 19 May 2017 10:38:27 -0700 

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/354548 )

Change subject: wikistats: make db_pass a parameter, use fqdn_rand_string
......................................................................

wikistats: make db_pass a parameter, use fqdn_rand_string

Change-Id: I026de7ecbd90b0c7ec06d7dffa59152b81a5dd2d
---
M modules/wikistats/manifests/db.pp
A modules/wikistats/templates/db/grants.sql
2 files changed, 9 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/48/354548/1

diff --git a/modules/wikistats/manifests/db.pp 
b/modules/wikistats/manifests/db.pp
index a0768f9..6487d11 100644
--- a/modules/wikistats/manifests/db.pp
+++ b/modules/wikistats/manifests/db.pp
@@ -1,5 +1,5 @@
 # the database server setup for the wikistats site
-class wikistats::db {
+class wikistats::db($db_pass) {
 
     if os_version('debian >= stretch') {
         require_package('php7.0-mysql')
@@ -29,16 +29,14 @@
         minute  => '23',
     }
 
-    # stash random db password in the wikistats-user home dir,
-    # so that deploy-script can bootstrap a new system
-    exec { 'generate-wikistats-db-pass':
-        command => '/usr/bin/openssl rand -base64 12 > 
/usr/lib/wikistats/wikistats-db-pass',
-        creates => '/usr/lib/wikistats/wikistats-db-pass',
-        user    => 'root',
-        timeout => '10',
-        unless  => '/usr/bin/test -f /usr/lib/wikistats/wikistats-db-pass',
+    file { '/usr/lib/wikistats/wikistats-db-pass':
+        ensure => 'present',
+        owner  => 'wikistatsuser',
+        group  => 'wikistatsuser',
+        mode   => '0400',
+        content => $db_pass,
     }
-
+ 
     # database schema
     file { '/usr/lib/wikistats/schema.sql':
         ensure => 'present',
diff --git a/modules/wikistats/templates/db/grants.sql 
b/modules/wikistats/templates/db/grants.sql
new file mode 100644
index 0000000..fd87215
--- /dev/null
+++ b/modules/wikistats/templates/db/grants.sql
@@ -0,0 +1 @@
+GRANT all privileges on wikistats.* to 'wikistatsuser'@'localhost' identified 
by '<%= @db_pass %>';

-- 
To view, visit https://gerrit.wikimedia.org/r/354548
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I026de7ecbd90b0c7ec06d7dffa59152b81a5dd2d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to