Dzahn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/345085 )
Change subject: yubiauth: convert to profile/role structure
..
yubiauth: convert to profile/role structure
Moving this role towards a role/profile structure
to follow current puppet code organization.
https://wikitech.wikimedia.org/wiki/Puppet_coding#Organization
Change-Id: I3278b31b73e1aad6adc9c165f4eb99a2bba3a4c1
---
R hieradata/role/common/yubiauth_server.yaml
M manifests/site.pp
R modules/profile/manifests/yubiauth/server.pp
A modules/role/manifests/yubiauth_server.pp
4 files changed, 25 insertions(+), 18 deletions(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/hieradata/role/common/yubiauth/server.yaml
b/hieradata/role/common/yubiauth_server.yaml
similarity index 100%
rename from hieradata/role/common/yubiauth/server.yaml
rename to hieradata/role/common/yubiauth_server.yaml
diff --git a/manifests/site.pp b/manifests/site.pp
index 65ba992..1c68962 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -125,11 +125,11 @@
}
node 'auth1001.eqiad.wmnet' {
-role(yubiauth::server)
+role('yubiauth_server')
}
node 'auth2001.codfw.wmnet' {
-role(yubiauth::server)
+role('yubiauth_server')
}
node 'baham.wikimedia.org' {
diff --git a/modules/role/manifests/yubiauth/server.pp
b/modules/profile/manifests/yubiauth/server.pp
similarity index 67%
rename from modules/role/manifests/yubiauth/server.pp
rename to modules/profile/manifests/yubiauth/server.pp
index 92f2dc2..53ac8ab 100644
--- a/modules/role/manifests/yubiauth/server.pp
+++ b/modules/profile/manifests/yubiauth/server.pp
@@ -1,20 +1,21 @@
-# = Class: role::yubiauth
+# = Class: profile::yubiauth::server
#
# This class configures a Yubi 2FA authentication server
#
-class role::yubiauth::server {
-include ::standard
-include ::base::firewall
-include ::profile::backup::host
+class profile::yubiauth::server (
+$auth_servers = hiera('yubiauth_servers'),
+$auth_server_primary = hiera('yubiauth_server_primary'),
+) {
-include yubiauth::yhsm_daemon
-include yubiauth::yhsm_yubikey_ksm
+$auth_servers_ferm = join($auth_servers, ' ')
+
+include ::base::firewall
+
+class {'::yubiauth::yhsm_daemon': }
+
+class {'::yubiauth::yhsm_yubikey_ksm': }
backup::set { 'yubiauth-aeads' : }
-
-$auth_servers = hiera('yubiauth_servers')
-$auth_servers_ferm = join($auth_servers, ' ')
-$auth_server_primary = hiera('yubiauth_server_primary')
if ($::fqdn == $auth_server_primary) {
@@ -34,11 +35,6 @@
user=> 'root',
minute => '*/30',
}
-}
-
-system::role { 'role::yubiauth':
-ensure => 'present',
-description => 'Yubi 2FA authentication server',
}
ferm::service { 'yubikey-validation-server':
diff --git a/modules/role/manifests/yubiauth_server.pp
b/modules/role/manifests/yubiauth_server.pp
new file mode 100644
index 000..effb45f
--- /dev/null
+++ b/modules/role/manifests/yubiauth_server.pp
@@ -0,0 +1,11 @@
+class role::yubiauth_server {
+
+system::role { 'role::yubiauth_server':
+ensure => 'present',
+description => 'Yubi 2FA authentication server',
+}
+
+include ::standard
+include ::profile::backup::host
+include ::profile::yubiauth::server
+}
--
To view, visit https://gerrit.wikimedia.org/r/345085
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I3278b31b73e1aad6adc9c165f4eb99a2bba3a4c1
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn
Gerrit-Reviewer: Alexandros Kosiaris
Gerrit-Reviewer: Dzahn
Gerrit-Reviewer: Giuseppe Lavagetto
Gerrit-Reviewer: Muehlenhoff
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
