Puppet Class: profile::kubernetes::deployment_server::mediawiki::mwdebug_deploy

Defined in:
modules/profile/manifests/kubernetes/deployment_server/mediawiki/mwdebug_deploy.pp

Summary

This profile handles deploying automatically to the mwdebug namespace.

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • deployment_server (String) (defaults to: lookup('deployment_server'))
  • general_dir (Stdlib::Unixpath) (defaults to: lookup('profile::kubernetes::deployment_server::global_config::general_dir', {default_value => '/etc/helmfile-defaults'}))
  • docker_password (String) (defaults to: lookup('kubernetes_docker_password'))
  • docker_registry (Stdlib::Fqdn) (defaults to: lookup('docker::registry')) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'modules/profile/manifests/kubernetes/deployment_server/mediawiki/mwdebug_deploy.pp', line 4

class profile::kubernetes::deployment_server::mediawiki::mwdebug_deploy(
    String $deployment_server                           = lookup('deployment_server'),
    Stdlib::Unixpath $general_dir                       = lookup('profile::kubernetes::deployment_server::global_config::general_dir', {default_value => '/etc/helmfile-defaults'}),
    String $docker_password                             = lookup('kubernetes_docker_password'),
    Stdlib::Fqdn $docker_registry                       = lookup('docker::registry'),
){
    # "Automatic" deployment to mw on k8s. See T287570

    # Install docker-report in order to be able to list tags remotely
    package { 'python3-docker-report':
        ensure => present,
    }

    # Now install the credentials for the kubernetes docker user so that we can list tags
    # in the restricted namespace. This is ok since the credentials will be guarded by
    # being ran as mwbuilder, and that is the user that builds the images in the first
    # place.
    docker::credentials { '/srv/mwbuilder/.docker/config.json':
        owner             => 'mwbuilder',
        group             => 'mwbuilder',
        registry          => $docker_registry,
        registry_username => 'kubernetes',
        registry_password => $docker_password,
        allow_group       => false,
    }
    # TODO: remove once T305729 is resolved.
    docker::credentials { '/root/.docker/config.json':
        owner             => 'root',
        group             => 'root',
        registry          => $docker_registry,
        registry_username => 'kubernetes',
        registry_password => $docker_password,
        allow_group       => false,
    }
    # Directory where the file lock and error file are stored.
    file { '/var/lib/deploy-mwdebug':
        ensure => directory,
        owner  => 'mwbuilder',
        group  => 'deployment',
        mode   => '0775'
    }

    # Add a script that updates the mediawiki images.
    file { '/usr/local/sbin/deploy-mwdebug':
        source => 'puppet:///modules/profile/kubernetes/deployment_server/deploy-mwdebug.py',
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
    }

    # Run the deployment check every 5 minutes
    systemd::timer::job { 'deploy_to_mwdebug':
        ensure            => absent,
        description       => 'Deploy the latest available set of images to mw on k8s',
        command           => '/usr/local/sbin/deploy-mwdebug --noninteractive',
        user              => 'mwbuilder',
        interval          => {
            'start'    => 'OnUnitInactiveSec',
            'interval' => '300s',
        },
        environment       => {
            'HELM_CONFIG_HOME' => '/etc/helm',
            'HELM_CACHE_HOME'  => '/var/cache/helm',
            'HELM_DATA_HOME'   => '/usr/share/helm',
            # This is what will get to SAL
            'SUDO_USER'        => 'mwdebug-deploy',
        },
        syslog_identifier => 'deploy-mwdebug',
    }
}