Puppet Class: profile::kubernetes::deployment_server::mediawiki::builder

Defined in:
modules/profile/manifests/kubernetes/deployment_server/mediawiki/builder.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • docker_user (String) (defaults to: lookup('profile::ci::pipeline::publisher::docker_registry_user'))
  • docker_password (String) (defaults to: lookup('profile::ci::pipeline::publisher::docker_registry_password')) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'modules/profile/manifests/kubernetes/deployment_server/mediawiki/builder.pp', line 2

class profile::kubernetes::deployment_server::mediawiki::builder(
    # TODO: migrate the hiera keys once the transition is completed.
    String $docker_user = lookup('profile::ci::pipeline::publisher::docker_registry_user'),
    String $docker_password = lookup('profile::ci::pipeline::publisher::docker_registry_password')

) {
    # Create the mwbuilder user. This is the user that is allowed to run docker-pusher to publish
    # the images, and that should run the tasks in repos/releng/release.
    require profile::mediawiki::system_users

    # provide the docker-pusher wrapper and relative credentials
    class { 'docker_pusher':
        docker_pusher_user       => 'mwbuilder',
        docker_registry_user     => $docker_user,
        docker_registry_password => $docker_password,
    }

    # Clone repos/releng/release
    git::clone { 'repos/releng/release':
        ensure    => present,
        directory => '/srv/mwbuilder/release',
        owner     => 'mwbuilder',
        source    => 'gitlab',
    }
    # Make sure "make" is installed
    ensure_packages(['make'])

    # Deployers should be able to execute whatever wrapper we will write for repos/releng/release
    # as user mwbuilder. And also the wrapper that updates the repos/releng/release repo
    sudo::group { 'deploy_build_image':
        group      => 'deployment',
        privileges => [
            'ALL = (mwbuilder) NOPASSWD: /usr/bin/make -C /srv/mwbuilder/release/make-container-image -f Makefile *',
            'ALL = (mwbuilder) NOPASSWD: /usr/local/bin/update-mediawiki-tools-release'
        ]
    }

    # Install a small wrapper around git pull --ff-only
    file { '/usr/local/bin/update-mediawiki-tools-release':
        ensure  => present,
        mode    => '0555',
        owner   => 'mwbuilder',
        group   => 'mwbuilder',
        content => "#!/bin/bash\ngit -C /srv/mwbuilder/release pull --ff-only\n",
    }
}