Jgreen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/60285
Change subject: drush consistent-user and lockdown scheme
......................................................................
drush consistent-user and lockdown scheme
Change-Id: I0883aa7714fef467f9660adc2ff834187c107768
---
A files/misc/scripts/drush-wrapper
M manifests/misc/fundraising.pp
2 files changed, 9 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/85/60285/1
diff --git a/files/misc/scripts/drush-wrapper b/files/misc/scripts/drush-wrapper
new file mode 100644
index 0000000..cce8657
--- /dev/null
+++ b/files/misc/scripts/drush-wrapper
@@ -0,0 +1,3 @@
+#!/bin/sh
+# this is puppetized
+sudo -u www-data /opt/drush/drush $@
diff --git a/manifests/misc/fundraising.pp b/manifests/misc/fundraising.pp
index 850c07e..cc7df8b 100644
--- a/manifests/misc/fundraising.pp
+++ b/manifests/misc/fundraising.pp
@@ -139,9 +139,12 @@
mode => 0444,
source =>
'puppet:///private/misc/fundraising/apache.conf.fundraising-ssl';
- # remove this for now, eventually puppetize the wrapper
- #'/usr/local/bin/drush':
- # ensure => '/opt/drush/drush';
+ # part of scheme to execute drush as a consistent user
+ '/usr/local/bin/drush':
+ owner => 'root',
+ group => 'root',
+ mode => 0555,
+ source => 'puppet:///files/misc/scripts/drush-wrapper';
# other stuff
'/etc/php5/cli/php.ini':
--
To view, visit https://gerrit.wikimedia.org/r/60285
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0883aa7714fef467f9660adc2ff834187c107768
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jgreen <jgr...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
