Puppet Class: profile::releases::mediawiki

Defined in:
modules/profile/manifests/releases/mediawiki.pp

Overview

server hosting MediaWiki releases releases.wikimedia.org/mediawiki/

Parameters:

  • sitename (Stdlib::Fqdn) (defaults to: lookup('profile::releases::mediawiki::sitename'))
  • sitename_jenkins (Stdlib::Fqdn) (defaults to: lookup('profile::releases::mediawiki::sitename_jenkins'))
  • prefix (Stdlib::Unixpath) (defaults to: lookup('profile::releases::mediawiki::prefix'))
  • http_port (Stdlib::Port) (defaults to: lookup('profile::releases::mediawiki::http_port'))
  • server_admin (String) (defaults to: lookup('profile::releases::mediawiki::server_admin'))
  • jenkins_agent_username (String) (defaults to: lookup('jenkins_agent_username'))
  • jenkins_agent_key (String) (defaults to: lookup('profile::releases::mediawiki::jenkins_agent_key'))
  • jenkins_service_ensure (Any) (defaults to: lookup('profile::releases::mediawiki::jenkins_service_ensure'))
  • jenkins_service_enable (Any) (defaults to: lookup('profile::releases::mediawiki::jenkins_service_enable'))
  • jenkins_service_monitor (Any) (defaults to: lookup('profile::releases::mediawiki::jenkins_service_monitor'))
  • jenkins_java_home (Any) (defaults to: lookup('profile::releases::mediawiki::jenkins_java_home'))


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# File 'modules/profile/manifests/releases/mediawiki.pp', line 3

class profile::releases::mediawiki (
    Stdlib::Fqdn $sitename = lookup('profile::releases::mediawiki::sitename'),
    Stdlib::Fqdn $sitename_jenkins = lookup('profile::releases::mediawiki::sitename_jenkins'),
    Stdlib::Unixpath $prefix = lookup('profile::releases::mediawiki::prefix'),
    Stdlib::Port $http_port = lookup('profile::releases::mediawiki::http_port'),
    String $server_admin = lookup('profile::releases::mediawiki::server_admin'),
    String $jenkins_agent_username = lookup('jenkins_agent_username'),
    String $jenkins_agent_key = lookup('profile::releases::mediawiki::jenkins_agent_key'),
    $jenkins_service_ensure = lookup('profile::releases::mediawiki::jenkins_service_ensure'),
    $jenkins_service_enable = lookup('profile::releases::mediawiki::jenkins_service_enable'),
    $jenkins_service_monitor = lookup('profile::releases::mediawiki::jenkins_service_monitor'),
    $jenkins_java_home = lookup('profile::releases::mediawiki::jenkins_java_home'),
){
    include ::profile::ci::pipeline::publisher
    include ::profile::docker::engine
    include ::profile::java
    Class['::profile::java'] ~> Class['::jenkins']

    class { '::jenkins':
        http_port            => $http_port,
        prefix               => $prefix,
        umask                => '0002',
        service_ensure       => $jenkins_service_ensure,
        service_enable       => $jenkins_service_enable,
        service_monitor      => $jenkins_service_monitor,
        java_home            => $jenkins_java_home,
        use_scap3_deployment => true,
    }

    file { [ '/etc/jenkins/secrets', '/etc/jenkins/secrets/releasing' ]:
        ensure  => directory,
        owner   => 'jenkins',
        group   => 'jenkins',
        mode    => '0550',
        require => Class['::jenkins'],
    }

    $secrets = [
        'release_notes_bot_pass', 'integration_registry_pass',
        'releases_jenkins_rsa_pass', 'releases_jenkins_rsa_key',
        'trainbranchbot_netrc', 'jenkins_phab_conduit_token',
        'doc_rsync_pass', 'security_patch_bot_conduit_token'
    ]

    $secrets.each |$secret| {
        file { "/etc/jenkins/secrets/releasing/${secret}":
          ensure  => present,
          owner   => 'jenkins',
          group   => 'jenkins',
          mode    => '0400',
          content => secret("jenkins/releasing/${secret}"),
          require => File['/etc/jenkins/secrets/releasing'],
        }
    }

    $jenkins_restart_ensure = $jenkins_service_enable ? {
        'mask'  => 'absent',
        default => 'present',
    }

    profile::auto_restarts::service { 'jenkins':
        ensure => $jenkins_restart_ensure,
    }

    # Controller connects to itself via the fqdn / primary IP ipaddress
    class { 'jenkins::agent':
        ssh_key => $jenkins_agent_key,
        user    => $jenkins_agent_username,
        workdir => "/srv/${jenkins_agent_username}",
    }

    class { '::releases':
        sitename         => $sitename,
        sitename_jenkins => $sitename_jenkins,
        http_port        => $http_port,
        prefix           => $prefix,
        patches_owner    => 'jenkins',
        patches_group    => '705',
    }

    httpd::site { $sitename_jenkins:
        content => template('releases/apache-jenkins.conf.erb'),
    }

    if $jenkins_service_monitor {
        prometheus::blackbox::check::http { "${sitename_jenkins}-login":
            server_name        => $sitename_jenkins,
            team               => 'collaboration-services',
            severity           => 'task',
            path               => '/login',
            ip_families        => ['ip4'],
            force_tls          => true,
            body_regex_matches => ['Jenkins'],
        }
    }
}