Ema has submitted this change and it was merged.
Change subject: Display a message in motd if puppet agent is disabled
..
Display a message in motd if puppet agent is disabled
Change-Id: I37039ddc47a265e4c314a2536a6c073691d0fa05
---
M modules/base/files/puppet/97-last-puppet-run
A modules/base/files/puppet/puppet-enabled
M modules/base/manifests/puppet.pp
3 files changed, 37 insertions(+), 3 deletions(-)
Approvals:
Filippo Giunchedi: Looks good to me, but someone else must approve
Ema: Verified; Looks good to me, approved
Giuseppe Lavagetto: Looks good to me, but someone else must approve
diff --git a/modules/base/files/puppet/97-last-puppet-run
b/modules/base/files/puppet/97-last-puppet-run
index 6a931b5..9bb86a4 100755
--- a/modules/base/files/puppet/97-last-puppet-run
+++ b/modules/base/files/puppet/97-last-puppet-run
@@ -3,7 +3,7 @@
set -e
-PATH=/bin:/usr/bin
+PATH=/bin:/usr/bin:/usr/local/bin
LANG=C
TSLASTPUPPETRUN=$(stat -c %Z /var/lib/puppet/state/classes.txt)
@@ -14,8 +14,10 @@
echo -n "The last Puppet run was at $(date -d @$TSLASTPUPPETRUN) "
+DISABLEDMSG="$(puppet-enabled || true)"
+
if [ $DELTAMIN -gt 60 ]; then
- echo "${BOLD}($DELTAMIN minutes ago)${NORM}."
+ echo "${BOLD}($DELTAMIN minutes ago)${NORM}. $DISABLEDMSG"
else
- echo "($DELTAMIN minutes ago)."
+ echo "($DELTAMIN minutes ago). $DISABLEDMSG"
fi
diff --git a/modules/base/files/puppet/puppet-enabled
b/modules/base/files/puppet/puppet-enabled
new file mode 100644
index 000..774ca86
--- /dev/null
+++ b/modules/base/files/puppet/puppet-enabled
@@ -0,0 +1,16 @@
+#!/bin/sh
+# Script displaying a message if Puppet agent is disabled.
+
+set -eu
+
+PATH=/bin:/usr/bin
+
+lockfile="/var/lib/puppet/state/agent_disabled.lock"
+
+if test -f $lockfile; then
+reason="$(jq -r '.disabled_message' $lockfile 2>/dev/null)"
+echo "Puppet is disabled. $reason"
+exit 1
+fi
+
+exit 0
diff --git a/modules/base/manifests/puppet.pp b/modules/base/manifests/puppet.pp
index b4e0872..0458c4e 100644
--- a/modules/base/manifests/puppet.pp
+++ b/modules/base/manifests/puppet.pp
@@ -90,6 +90,22 @@
source => 'puppet:///modules/base/logrotate/puppet',
}
+# Mode 0751 to make sure non-root users can access
+# /var/lib/puppet/state/agent_disabled.lock to check if puppet is enabled
+file { '/var/lib/puppet':
+ensure => directory,
+owner => 'puppet',
+group => 'puppet',
+mode => '0751',
+}
+
+file { '/usr/local/bin/puppet-enabled':
+mode => '0555',
+owner => 'root',
+group => 'root',
+source => 'puppet:///modules/base/puppet/puppet-enabled',
+}
+
motd::script { 'last-puppet-run':
ensure => present,
priority => 97,
--
To view, visit https://gerrit.wikimedia.org/r/268684
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I37039ddc47a265e4c314a2536a6c073691d0fa05
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ema
Gerrit-Reviewer: Ema
Gerrit-Reviewer: Faidon Liambotis
Gerrit-Reviewer: Filippo Giunchedi
Gerrit-Reviewer: Giuseppe Lavagetto
Gerrit-Reviewer: Volans
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
