Puppet Class: profile::sre::os_updates
- Defined in:
- modules/profile/manifests/sre/os_updates.pp
Summary
class to add os-reports scriptsOverview
SPDX-License-Identifier: Apache-2.0
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'modules/profile/manifests/sre/os_updates.pp', line 5
class profile::sre::os_updates (
Wmflib::Ensure $ensure = lookup('profile::sre::os_reports::ensure'),
Optional[Stdlib::Host] $os_reports_host = lookup('profile::sre::os_reports::host'),
) {
systemd::sysuser { 'os-reports':
ensure => $ensure,
shell => '/bin/bash',
}
file { '/srv/os-reports':
ensure => stdlib::ensure($ensure, 'directory'),
owner => 'os-reports',
group => 'os-reports',
mode => '0755',
}
file { '/usr/local/bin/os-updates-report':
ensure => stdlib::ensure($ensure, 'file'),
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/profile/sre/os-updates-report.py',
}
if $ensure == 'present' {
wmflib::dir::mkdir_p('/etc/wikimedia/os-updates', {
owner => 'root',
group => 'root',
mode => '0755',
})
}
file {
default:
ensure => stdlib::ensure($ensure, 'file'),
owner => 'root',
group => 'root',
mode => '0444';
'/etc/wikimedia/os-updates/os-updates-tracking.cfg':
source => 'puppet:///modules/profile/sre/os-updates-tracking.cfg';
'/etc/wikimedia/os-updates/puppetdb_owners.yaml':
content => profile::contacts::get_owners().to_yaml;
'/etc/wikimedia/os-updates/additional_owners.yaml':
source => 'puppet:///modules/profile/sre/additional_owners.yaml';
'/etc/wikimedia/os-updates/buster.yaml':
source => 'puppet:///modules/profile/sre/buster.yaml';
'/etc/wikimedia/os-updates/bullseye.yaml':
source => 'puppet:///modules/profile/sre/bullseye.yaml';
}
# The reports could be run on any Cumin host, but only generate it once
$os_reports_timer_ensure = ($facts['fqdn'] == $os_reports_host).bool2str($ensure, 'absent')
systemd::timer::job { 'generate_os_reports':
ensure => $os_reports_timer_ensure,
description => 'Generate OS migration report/overview',
user => 'os-reports',
logging_enabled => false,
send_mail => false,
command => '/usr/local/bin/os-updates-report',
interval => {'start' => 'OnCalendar', 'interval' => '*-*-* 02:00:00'},
}
if $ensure == 'present' {
ensure_packages(['python3-pypuppetdb', 'python3-dominate'])
class {'rsync::server':
ensure_service => stdlib::ensure($os_reports_timer_ensure, 'service')
}
# Allow miscweb hosts to pull reports for serving them via HTTP
$miscweb_rsync_clients = wmflib::role::hosts('miscweb')
rsync::server::module { 'osreports':
ensure => $os_reports_timer_ensure,
path => '/srv/os-reports',
read_only => 'yes',
hosts_allow => $miscweb_rsync_clients,
auto_firewall => true,
}
}
}
|