Hashar has uploaded a new change for review.
https://gerrit.wikimedia.org/r/70621
Change subject: zuul: craft a publicly readeable configuration file
......................................................................
zuul: craft a publicly readeable configuration file
To test out Zuul configuration, we are running it as user jenkins-slave
which does not have access to /etc/zuul/zuul.conf. This patch creates a
publicly redeable version that has the Jenkins API key stripped out.
bug: 50223
Change-Id: I763994475e80a09449bf7f16b78adc7d18e79e20
---
M modules/zuul/manifests/init.pp
1 file changed, 9 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/21/70621/1
diff --git a/modules/zuul/manifests/init.pp b/modules/zuul/manifests/init.pp
index de4cf54..97cc9b1 100644
--- a/modules/zuul/manifests/init.pp
+++ b/modules/zuul/manifests/init.pp
@@ -101,12 +101,21 @@
owner => 'jenkins',
mode => '0400',
content => template('zuul/zuul.conf.erb'),
+ notify => Exec['craft public zuul conf'],
require => [
File['/etc/zuul'],
Package['jenkins'],
],
}
+ # Additionally provide a publicly readeable configuration file
+ exec { 'craft public zuul conf':
+ cwd => '/etc/zuul/',
+ command => 'sed "s/apikey=.*/apikey=<obfuscacated>/"
/etc/zuul/zuul.conf',
+ refreshonly => true,
+ creates => '/etc/zuul/public.conf',
+ }
+
file { '/var/log/zuul':
ensure => directory,
owner => 'jenkins',
--
To view, visit https://gerrit.wikimedia.org/r/70621
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I763994475e80a09449bf7f16b78adc7d18e79e20
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <has...@free.fr>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
