Puppet Class: profile::dumps::distribution::server

Defined in:
modules/profile/manifests/dumps/distribution/server.pp

Overview



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'modules/profile/manifests/dumps/distribution/server.pp', line 6

class profile::dumps::distribution::server {
    class { 'dumpsuser': }

    file { '/srv/dumps':
        ensure => 'directory',
    }

    # The following directories will be the temporary home of the dumps that are
    # synced from Airflow jobs. See #T389784
    $dumps_tmp_dir = '/srv/dumps/xmldatadumps_airflow_temp'
    file { [$dumps_tmp_dir, "${dumps_tmp_dir}/xmldatadumps", "${dumps_tmp_dir}/xmldatadumps/public"]:
        ensure => 'directory',
        owner  => 'dumpsgen',
        group  => 'dumpsgen',
        mode   => '0755',
    }

    # The following authorized_key exists in order to permit the dumpsgen user to send dumps from pods
    # running on the dse-k8s cluster. The receiving command is forced to be the rsync server and it
    # only permits access from the DSE_KUBEPODS_NETWORKS. The corresponding private key is deployed as
    # a Kubernetes secret in the mediawiki-dumps-legacy namespace of the dse-k8s-eqiad cluster.
    # See #T390738 for details.
    ssh::userkey { 'dumpsgen':
        source => 'puppet:///modules/profile/dumps/distribution/dumpsgen_authorized_keys',
    }

    # Allow SSH from the dse-k8s pods
    firewall::service { 'ssh_dse-K8s_pods':
        proto    => 'tcp',
        port     => 22,
        src_sets => ['DSE_KUBEPODS_NETWORKS'],
    }

    # Allow HTTPS from the dse-k8s pods
    firewall::service { 'https_dse-K8s_pods':
        proto    => 'tcp',
        port     => 443,
        src_sets => ['DSE_KUBEPODS_NETWORKS'],
    }

    file { '/etc/default/smartmontools':
        ensure => present,
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/profile/dumps/distribution/smartmontools',
    }

    # This profile expects a large volume mounted at /srv/dumps. That isn't
    #  puppetized, since it's likely set up by hand (thanks partman!) and
    #  defined with a server-specific uuid.
    #mount { '/srv/dumps':
        #ensure  => mounted,
        #fstype  => ext4,
        #options => 'defaults,noatime',
        #atboot  => true,
        #device  => '/dev/data/dumps',
        #require => File['/srv/dumps'],
    #}
}