Puppet Class: profile::releases::mediawiki
- Defined in:
- modules/profile/manifests/releases/mediawiki.pp
Overview
server hosting MediaWiki releases releases.wikimedia.org/mediawiki/
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'modules/profile/manifests/releases/mediawiki.pp', line 3
class profile::releases::mediawiki (
Stdlib::Fqdn $sitename = lookup('profile::releases::mediawiki::sitename'),
Stdlib::Fqdn $sitename_jenkins = lookup('profile::releases::mediawiki::sitename_jenkins'),
Stdlib::Unixpath $prefix = lookup('profile::releases::mediawiki::prefix'),
Stdlib::Port $http_port = lookup('profile::releases::mediawiki::http_port'),
String $server_admin = lookup('profile::releases::mediawiki::server_admin'),
String $jenkins_agent_username = lookup('jenkins_agent_username'),
String $jenkins_agent_key = lookup('profile::releases::mediawiki::jenkins_agent_key'),
$jenkins_service_ensure = lookup('profile::releases::mediawiki::jenkins_service_ensure'),
$jenkins_service_enable = lookup('profile::releases::mediawiki::jenkins_service_enable'),
$jenkins_service_monitor = lookup('profile::releases::mediawiki::jenkins_service_monitor'),
){
include profile::ci::pipeline::publisher
include profile::docker::engine
include profile::java
Class['::profile::java'] ~> Class['::jenkins']
class { '::jenkins':
http_port => $http_port,
prefix => $prefix,
umask => '0002',
service_ensure => $jenkins_service_ensure,
service_enable => $jenkins_service_enable,
service_monitor => $jenkins_service_monitor,
use_scap3_deployment => true,
}
file { [ '/etc/jenkins/secrets', '/etc/jenkins/secrets/releasing' ]:
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0550',
require => Class['::jenkins'],
}
$secrets = [
'release_notes_bot_pass', 'integration_registry_pass',
'releases_jenkins_rsa_pass', 'releases_jenkins_rsa_key',
'trainbranchbot_netrc', 'jenkins_phab_conduit_token',
'doc_rsync_pass', 'security_patch_bot_conduit_token'
]
$secrets.each |$secret| {
file { "/etc/jenkins/secrets/releasing/${secret}":
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0400',
content => secret("jenkins/releasing/${secret}"),
require => File['/etc/jenkins/secrets/releasing'],
}
}
$jenkins_restart_ensure = $jenkins_service_enable ? {
'mask' => 'absent',
default => 'present',
}
profile::auto_restarts::service { 'jenkins':
ensure => $jenkins_restart_ensure,
}
profile::auto_restarts::service { 'containerd': }
profile::auto_restarts::service { 'docker': }
# Controller connects to itself via the fqdn / primary IP ipaddress
class { 'jenkins::agent':
ssh_key => $jenkins_agent_key,
user => $jenkins_agent_username,
workdir => "/srv/${jenkins_agent_username}",
}
class { '::releases':
sitename => $sitename,
sitename_jenkins => $sitename_jenkins,
http_port => $http_port,
prefix => $prefix,
patches_owner => 'jenkins',
patches_group => '705',
}
httpd::site { $sitename_jenkins:
content => template('releases/apache-jenkins.conf.erb'),
}
if $jenkins_service_monitor {
prometheus::blackbox::check::http { "${sitename_jenkins}-login":
server_name => $sitename_jenkins,
team => 'collaboration-services',
severity => 'task',
path => '/login',
ip_families => ['ip4'],
force_tls => true,
body_regex_matches => ['Jenkins'],
}
}
}
|