1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# File 'modules/profile/manifests/base/labs.pp', line 1
class profile::base::labs(
$unattended_wmf = hiera('profile::base::labs::unattended_wmf'),
$unattended_distro = hiera('profile::base::labs::unattended_distro'),
$send_puppet_failure_emails = hiera('send_puppet_failure_emails', true),
) {
include ::apt::noupgrade
class {'::apt::unattendedupgrades':
unattended_wmf => $unattended_wmf,
unattended_distro => $unattended_distro,
}
# Labs instances /var is quite small, provide our own default
# to keep less records (T71604).
file { '/etc/default/acct':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/base/labs-acct.default',
}
if $::operatingsystem == 'Debian' {
# Turn on idmapd by default
file { '/etc/default/nfs-common':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/base/labs/nfs-common.default',
}
}
file { '/usr/local/sbin/notify_maintainers.py':
ensure => present,
owner => 'root',
group => 'root',
mode => '0544',
source => 'puppet:///modules/base/labs/notify_maintainers.py',
before => File['/usr/local/sbin/puppet_alert.py'],
}
file { '/usr/local/sbin/puppet_alert.py':
ensure => present,
owner => 'root',
group => 'root',
mode => '0544',
source => 'puppet:///modules/base/labs/puppet_alert.py',
}
$ensure_puppet_emails = $send_puppet_failure_emails ? {
true => 'present',
default => 'absent',
}
if os_version('debian >= jessie') {
# TODO: Remove after change is applied
cron { 'send_puppet_failure_emails':
ensure => absent,
user => 'root',
}
systemd::timer::job { 'send_puppet_failure_emails':
ensure => $ensure_puppet_emails,
description => 'Send emails about Puppet failures',
command => '/usr/local/sbin/puppet_alert.py',
interval => {
'start' => 'OnCalendar',
'interval' => '*-*-* 08:15:00',
},
logging_enabled => false,
monitoring_enabled => false,
user => 'root',
require => File['/usr/local/sbin/puppet_alert.py'],
}
} else {
# TODO: Remove once Trusty is deprecated
cron { 'send_puppet_failure_emails':
ensure => $ensure_puppet_emails,
command => '/usr/local/sbin/puppet_alert.py',
hour => 8,
minute => '15',
user => 'root',
}
}
# Set a root password only if we're still governed by the official Labs
# puppetmaster. Self- and locally-hosted instances are on their own,
# but most likely already registered a password during their initial
# setup.
#
# Compare IPs rather than hostnames since we use an alias for the
# actual labs_puppet_master variable. We only store passwords
# on the frontend puppetmaster, not on the workers.
#
# (this is disabled pending some security work)
#
#if $::servername == 'labs-puppetmaster.wikimedia.org' {
# # Create a root password and store it on the puppetmaster
# user { 'root':
# password => regsubst(
# generate('/usr/local/sbin/make-labs-root-password', $::labsproject),
# '\s$', ''),
# }
#}
}
|