Puppet Class: profile::base::labs

Defined in:
modules/profile/manifests/base/labs.pp

Overview

Parameters:

  • unattended_wmf (Any) (defaults to: hiera('profile::base::labs::unattended_wmf'))
  • unattended_distro (Any) (defaults to: hiera('profile::base::labs::unattended_distro'))
  • send_puppet_failure_emails (Any) (defaults to: hiera('send_puppet_failure_emails', true))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# File 'modules/profile/manifests/base/labs.pp', line 1

class profile::base::labs(
    $unattended_wmf = hiera('profile::base::labs::unattended_wmf'),
    $unattended_distro = hiera('profile::base::labs::unattended_distro'),
    $send_puppet_failure_emails = hiera('send_puppet_failure_emails', true),
    ) {

    include ::apt::noupgrade
    class {'::apt::unattendedupgrades':
        unattended_wmf    => $unattended_wmf,
        unattended_distro => $unattended_distro,
    }

    # Labs instances /var is quite small, provide our own default
    # to keep less records (T71604).
    file { '/etc/default/acct':
        ensure => present,
        owner  => 'root',
        group  => 'root',
        mode   => '0444',
        source => 'puppet:///modules/base/labs-acct.default',
    }

    if $::operatingsystem == 'Debian' {
        # Turn on idmapd by default
        file { '/etc/default/nfs-common':
            ensure => present,
            owner  => 'root',
            group  => 'root',
            mode   => '0444',
            source => 'puppet:///modules/base/labs/nfs-common.default',
        }
    }

    file { '/usr/local/sbin/notify_maintainers.py':
        ensure => present,
        owner  => 'root',
        group  => 'root',
        mode   => '0544',
        source => 'puppet:///modules/base/labs/notify_maintainers.py',
        before => File['/usr/local/sbin/puppet_alert.py'],
    }

    file { '/usr/local/sbin/puppet_alert.py':
        ensure => present,
        owner  => 'root',
        group  => 'root',
        mode   => '0544',
        source => 'puppet:///modules/base/labs/puppet_alert.py',
    }

    $ensure_puppet_emails = $send_puppet_failure_emails ? {
        true    => 'present',
        default => 'absent',
    }

    if os_version('debian >= jessie') {

        # TODO: Remove after change is applied
        cron { 'send_puppet_failure_emails':
            ensure => absent,
            user   => 'root',
        }

        systemd::timer::job { 'send_puppet_failure_emails':
            ensure             => $ensure_puppet_emails,
            description        => 'Send emails about Puppet failures',
            command            => '/usr/local/sbin/puppet_alert.py',
            interval           => {
                'start'    => 'OnCalendar',
                'interval' => '*-*-* 08:15:00',
            },
            logging_enabled    => false,
            monitoring_enabled => false,
            user               => 'root',
            require            => File['/usr/local/sbin/puppet_alert.py'],
        }

    } else {

        # TODO: Remove once Trusty is deprecated
        cron { 'send_puppet_failure_emails':
            ensure  => $ensure_puppet_emails,
            command => '/usr/local/sbin/puppet_alert.py',
            hour    => 8,
            minute  => '15',
            user    => 'root',
        }
    }

    # Set a root password only if we're still governed by the official Labs
    #  puppetmaster.  Self- and locally-hosted instances are on their own,
    #  but most likely already registered a password during their initial
    #  setup.
    #
    # Compare IPs rather than hostnames since we use an alias for the
    #  actual labs_puppet_master variable.  We only store passwords
    #  on the frontend puppetmaster, not on the workers.
    #
    #  (this is disabled pending some security work)
    #
    #if $::servername == 'labs-puppetmaster.wikimedia.org' {
    #    # Create a root password and store it on the puppetmaster
    #    user { 'root':
    #        password => regsubst(
    #            generate('/usr/local/sbin/make-labs-root-password', $::labsproject),
    #            '\s$', ''),
    #    }
    #}
}