Ayounsi has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/357825 )
Change subject: Rancid improvements
......................................................................
Rancid improvements
- Move to GIT
- Move to SSH KEY auth
- Ignore noisy lines
- Hide SNMP community string
To be merged after:
- Rancid upgraded to 3.x
- Rancid stopped
- Rancid versioning folder converted to GIT
Todo after merge:
- Arm ssh key
- Test
Bug: T167288
Change-Id: I326f6874c08252617de18a1e5235fd86a186d1c8
---
M modules/rancid/files/rancid.conf
M modules/rancid/files/rancid.cron
M modules/rancid/manifests/init.pp
M modules/rancid/templates/cloginrc.erb
4 files changed, 15 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/25/357825/1
diff --git a/modules/rancid/files/rancid.conf b/modules/rancid/files/rancid.conf
index a319dd3..2573017 100644
--- a/modules/rancid/files/rancid.conf
+++ b/modules/rancid/files/rancid.conf
@@ -21,14 +21,14 @@
BASEDIR=/var/lib/rancid; export BASEDIR
PATH=/usr/lib/rancid/bin:/usr/bin:/usr/sbin:/bin:/usr/local/bin:/usr/bin;
export PATH
# Location of the CVS/SVN repository. Be careful changing this.
-CVSROOT=$BASEDIR/CVS; export CVSROOT
+CVSROOT=$BASEDIR/GIT; export CVSROOT
# Location of log files produced by rancid-run(1).
LOGDIR=$BASEDIR/logs; export LOGDIR
#
# Select which RCS system to use, "cvs" (default) or "svn". Do not change
# this after CVSROOT has been created with rancid-cvs. Changing between these
# requires manual conversions.
-RCSSYS=cvs; export RCSSYS
+RCSSYS=git; export RCSSYS
#
# if ACLSORT is NO, access-lists will NOT be sorted.
#ACLSORT=YES; export ACLSORT
@@ -39,10 +39,10 @@
#
# FILTER_PWDS determines which passwords are filtered from configs by the
# value set (NO | YES | ALL). see rancid.conf(5).
-#FILTER_PWDS=YES; export FILTER_PWDS
+FILTER_PWDS=YES; export FILTER_PWDS
#
# if NOCOMMSTR is set, snmp community strings will be stripped from the configs
-#NOCOMMSTR=YES; export NOCOMMSTR
+NOCOMMSTR=YES; export NOCOMMSTR
#
# How many times failed collections are retried (for each run) before
# giving up. Minimum: 1
@@ -81,4 +81,8 @@
# changed by setting the MAILHEADERS variable; for example no header by setting
# it to "" or adding X- style headers. Individual headers must be separated
# by a \n.
-#MAILHEADERS="Precedence: bulk"; export MAILHEADERS
\ No newline at end of file
+#MAILHEADERS="Precedence: bulk"; export MAILHEADERS
+
+# Remove lines such as: "# TFEB 0 MQ 0 TSen OK"
+# and lldpd.core-tarball.1
+DIFFSCRIPT="sed -e '/#\s\{2,\}TFEB.*$/d' -e '/lldpd.core-tarball.1/d' |
expand"; export DIFFSCRIPT
diff --git a/modules/rancid/files/rancid.cron b/modules/rancid/files/rancid.cron
index b722bf8..a3d1251 100644
--- a/modules/rancid/files/rancid.cron
+++ b/modules/rancid/files/rancid.cron
@@ -1,4 +1,4 @@
# Run config differ hourly
-1 * * * * rancid /usr/lib/rancid/bin/rancid-run
+1 * * * * rancid SSH_AUTH_SOCK=/run/keyholder/proxy.sock
/usr/lib/rancid/bin/rancid-run
# Clean out rancid logs
50 23 * * * rancid /usr/bin/find /var/log/rancid -type f -mtime +2 -exec
rm {} \;
diff --git a/modules/rancid/manifests/init.pp b/modules/rancid/manifests/init.pp
index 5d20429..f1add61 100644
--- a/modules/rancid/manifests/init.pp
+++ b/modules/rancid/manifests/init.pp
@@ -19,7 +19,10 @@
home => '/var/lib/rancid',
}
- include ::passwords::rancid
+ ::keyholder::agent { 'rancid':
+ require => Group['rancid'],
+ trusted_groups => ['rancid'],
+ }
file { '/etc/rancid/rancid.conf':
require => Package['rancid'],
diff --git a/modules/rancid/templates/cloginrc.erb
b/modules/rancid/templates/cloginrc.erb
index f8bc169..1b62f43 100644
--- a/modules/rancid/templates/cloginrc.erb
+++ b/modules/rancid/templates/cloginrc.erb
@@ -1,2 +1,2 @@
add method * {ssh}
-add password * {<%= scope.lookupvar("passwords::rancid::rancidpass") %>}
+add password * {bogus_password}
--
To view, visit https://gerrit.wikimedia.org/r/357825
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I326f6874c08252617de18a1e5235fd86a186d1c8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ayounsi <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
