[MediaWiki-commits] [Gerrit] Add sartoris user with optional secondary groups - change (operations/puppet)

Mon, 30 Sep 2013 15:13:48 -0700 

Ryan Lane has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/86756


Change subject: Add sartoris user with optional secondary groups
......................................................................

Add sartoris user with optional secondary groups

For the frontend, we want to be able to specify the deployment
repos via puppet git::clone. The repos should be owned by a common
non-root user, though.

Change-Id: I09a87dbfae8f70c7c823bfb553db55146ad6584c
---
M manifests/role/deployment.pp
M modules/deployment/manifests/deployment_server.pp
2 files changed, 7 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/56/86756/1

diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index 4915810..0690591 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -160,7 +160,9 @@
   # Can't include this while scap is present on tin:
   # include misc::deployment::scripts
 
-  class { "deployment::deployment_server": }
+  class { "deployment::deployment_server":
+    deployer_groups => ['wikidev'],
+  }
 
   deployment::deployment_repo_sync_hook_link { "private": target => 
"shared.py" }
   deployment::deployment_repo_sync_hook_link { "common": target => "shared.py" 
}
diff --git a/modules/deployment/manifests/deployment_server.pp 
b/modules/deployment/manifests/deployment_server.pp
index 47ce313..d7bf7aa 100644
--- a/modules/deployment/manifests/deployment_server.pp
+++ b/modules/deployment/manifests/deployment_server.pp
@@ -1,4 +1,4 @@
-class 
deployment::deployment_server($deployment_conffile="/etc/git-deploy/git-deploy.conf",
 $deployment_ignorefile="/etc/git-deploy/gitignore", 
$deployment_ignores=['.deploy'], $deployment_restrict_umask="002", 
$deployment_block_file="/etc/ROLLOUTS_BLOCKED", $deployment_support_email="", 
$deployment_repo_name_detection="dot-git-parent-dir", 
$deployment_announce_email="", $deployment_send_mail_on_sync="false", 
$deployment_send_mail_on_revert="false", 
$deployment_log_directory="/var/log/git-deploy", 
$deployment_log_timing_data="false", 
$deployment_git_deploy_dir="/var/lib/git-deploy", 
$deployment_per_repo_config={}) {
+class 
deployment::deployment_server($deployment_conffile="/etc/git-deploy/git-deploy.conf",
 $deployment_ignorefile="/etc/git-deploy/gitignore", 
$deployment_ignores=['.deploy'], $deployment_restrict_umask="002", 
$deployment_block_file="/etc/ROLLOUTS_BLOCKED", $deployment_support_email="", 
$deployment_repo_name_detection="dot-git-parent-dir", 
$deployment_announce_email="", $deployment_send_mail_on_sync="false", 
$deployment_send_mail_on_revert="false", 
$deployment_log_directory="/var/log/git-deploy", 
$deployment_log_timing_data="false", 
$deployment_git_deploy_dir="/var/lib/git-deploy", 
$deployment_per_repo_config={}, $deployer_groups=[]) {
   if ! defined(Package["git-deploy"]){
     package { "git-deploy":
       ensure => present;
@@ -92,4 +92,7 @@
       grain  => "deployment_server",
       value  => "True";
   }
+  systemuser {
+    "sartoris": name => "sartoris", shell => "/bin/false", home => 
"/nonexistent", groups => $deployer_groups
+  }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/86756
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I09a87dbfae8f70c7c823bfb553db55146ad6584c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ryan Lane <rl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to