Puppet Class: profile::mediawiki::deployment::server
- Defined in:
- modules/profile/manifests/mediawiki/deployment/server.pp
Overview
Class profile::mediawiki::deployment::server
Sets up scap and the corresponding apache site, and rsync daemon.
The parameter “deployment_group” only refers to the group of people able to deploy mediawiki here, so to scap2 users. Scap3-related directories will be owned by wikidev unconditionally.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'modules/profile/manifests/mediawiki/deployment/server.pp', line 7
class profile::mediawiki::deployment::server(
Stdlib::Fqdn $apache_fqdn = lookup('apache_fqdn', {default_value => $facts['fqdn']}),
String $deployment_group = lookup('deployment_group', {default_value => 'wikidev'}),
Stdlib::Fqdn $deployment_server = lookup('deployment_server'),
Stdlib::Fqdn $main_deployment_server = lookup('scap::deployment_server'),
Stdlib::Unixpath $base_path = lookup('base_path', {default_value => '/srv/deployment'}),
Array[Stdlib::Host] $deployment_hosts = lookup('deployment_hosts', {default_value => []}),
Stdlib::Host $rsync_host = lookup('profile::mediawiki::deployment::server::rsync_host'),
Stdlib::Fqdn $releases_server = lookup('releases_server'),
Array[Stdlib::Fqdn] $other_releases_servers = lookup('releases_servers_failover'),
String $statsd = lookup('statsd'),
Hash[String, Struct[{
'origin' => Optional[String],
'repository' => Optional[String],
'scap_repository' => Optional[String]
}]] $sources = lookup('scap::sources'),
Boolean $enable_auto_deploy = lookup('profile::mediawiki::deployment::server::enable_auto_deploy', {default_value => false}),
Optional[Systemd::Timer::Datetime] $auto_deploy_interval = lookup('profile::mediawiki::deployment::server::auto_deploy_interval', {default_value => undef}),
) {
# Class scap gets included via profile::mediawiki::common
# Also a lot of needed things are called from there.
require profile::mediawiki::common
include network::constants
$deployable_networks = $::network::constants::deployable_networks
$deployable_networks_ferm = join($deployable_networks, ' ')
# Install the scap master
class { 'rsync::server': }
# This is the scap2 master server setup, used to deploy mediawiki.
class { '::scap::master':
deployment_hosts => $deployment_hosts,
deployment_group => $deployment_group,
}
class { '::scap::scripts':
rsync_host => $rsync_host,
sql_scripts => 'present',
statsd => $statsd,
}
## End scap2 config ###
# Setup scap3 sources and server.
# Create an instance of scap_source for each of the key specs in hiera.
Scap::Source {
base_path => $base_path,
}
$sources.each |$repo, $params| {
scap::source { $repo:
* => $params
}
}
class {'::deployment::umask_wikidev': }
class { '::deployment::deployment_server': }
class {'::httpd': }
profile::auto_restarts::service { 'apache2': }
profile::auto_restarts::service { 'envoyproxy': }
# T298165
class { '::git::daemon':
directories => ['/srv/patches', '/srv/mediawiki-staging/private'],
user => 'mwdeploy',
group => $deployment_group,
}
ensure_packages('default-mysql-client')
ferm::service { 'rsyncd_scap_master':
proto => 'tcp',
port => '873',
srange => "(${deployable_networks_ferm})",
}
# T113351
ferm::service { 'http_deployment_server':
desc => 'HTTP on deployment servers, for serving actual files to deploy',
proto => 'tcp',
port => '80',
srange => "(${deployable_networks_ferm})",
}
# T298165
$releases_servers = [ $releases_server ] + $other_releases_servers
ferm::service { 'git-daemon':
desc => 'Git daemon',
proto => 'tcp',
port => '9418',
srange => "(@resolve((${releases_servers.join(' ')})))",
}
### End firewall rules
#T83854
::monitoring::icinga::git_merge { 'mediawiki_config':
dir => '/srv/mediawiki-staging/',
user => 'root',
remote => 'readonly',
remote_branch => 'master',
}
# Also make sure that no files have been stolen by root ;-)
::monitoring::icinga::bad_directory_owner { '/srv/mediawiki-staging': }
# A command that group 'deployment' can execute to fix common file permission snafus
# inside /srv/mediawiki-staging.
file { '/usr/local/sbin/fix-staging-perms':
mode => '0555',
source => 'puppet:///modules/profile/mediawiki/deployment/fix-staging-perms.sh',
owner => 'root',
group => 'root',
}
# This is symlink is accessed indirectly by
# modules/profile/files/mediawiki/monitor_versions/check_mw_versions.py
file { '/srv/deployment/mediawiki-staging':
ensure => link,
target => '/srv/mediawiki-staging',
owner => 'trebuchet',
group => $deployment_group,
require => File['/srv/deployment'],
}
httpd::site { 'deployment':
content => template('role/deployment/apache-vhost.erb'),
require => File['/srv/deployment'],
}
$primary_deploy_ensure = $deployment_server ? {
$::fqdn => 'present',
default => 'absent'
}
# $secondary_deploy_ensure will be set to 'present' if we're
# operating on an inactive/secondary deploy server.
$secondary_deploy_ensure = $deployment_server ? {
$::fqdn => 'absent',
default => 'present'
}
# Build array of deployment_hosts fqdn from array of ips and remove primary
$deployment_hosts_fqdn = unique($deployment_hosts.map | $ip | { ipresolve($ip, 'ptr') }) - $deployment_server
class { '::deployment::rsync':
deployment_server => $deployment_server,
deployment_hosts => $deployment_hosts_fqdn,
}
motd::script { 'inactive_warning':
ensure => $secondary_deploy_ensure,
priority => 1,
content => template('role/deployment/inactive.motd.erb'),
}
if $enable_auto_deploy {
systemd::timer::job { 'train-presync':
ensure => $primary_deploy_ensure,
description => 'Perform beginning-of-week train operations',
user => 'mwpresync',
command => '/usr/bin/scap stage-train -Dfull_image_build:True --yes auto',
send_mail => true,
send_mail_only_on_error => false,
environment => {
'MAILTO' => 'releng@lists.wikimedia.org',
},
interval => {'start' => 'OnCalendar', 'interval' => $auto_deploy_interval},
}
}
# Bacula backups (T125527)
backup::set { 'srv-deployment': }
# tig is a ncurses-based git utility which is useful for
# determining the state of git repos during deployments.
# git-review is useful for scap development/testing.
ensure_packages(['percona-toolkit', 'tig', 'git-review'])
# php-readline T126262
# Make sure to install php-readline from the component/php72, otherwise this picks up
# the 7.3 version from default buster
apt::package_from_component { 'php-readline':
component => 'component/php72',
packages => ['php-readline']
}
# benchmarking tools (sessionstorage testing, k8s ml infra benchmarking) (T230178)
ensure_packages(['siege', 'wrk', 'lua-cjson'])
}
|