Puppet Class: profile::sre::os_updates

Defined in:
modules/profile/manifests/sre/os_updates.pp

Summary

class to add os-reports scripts

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: lookup('profile::sre::os_reports::ensure'))

    the ensure param

  • os_reports_host (Optional[Stdlib::Host]) (defaults to: lookup('profile::sre::os_reports::host'))

    the host where we generate the reports



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'modules/profile/manifests/sre/os_updates.pp', line 5

class profile::sre::os_updates (
    Wmflib::Ensure         $ensure          = lookup('profile::sre::os_reports::ensure'),
    Optional[Stdlib::Host] $os_reports_host = lookup('profile::sre::os_reports::host'),
) {

    systemd::sysuser { 'os-reports':
        ensure => $ensure,
        shell  => '/bin/bash',
    }

    file { '/srv/os-reports':
        ensure => stdlib::ensure($ensure, 'directory'),
        owner  => 'os-reports',
        group  => 'os-reports',
        mode   => '0755',
    }

    file { '/usr/local/bin/os-updates-report':
        ensure => stdlib::ensure($ensure, 'file'),
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/profile/sre/os-updates-report.py',
    }

    if $ensure == 'present' {
        wmflib::dir::mkdir_p('/etc/wikimedia/os-updates', {
            owner  => 'root',
            group  => 'root',
            mode   => '0755',
        })
    }

    file {
        default:
            ensure => stdlib::ensure($ensure, 'file'),
            owner  => 'root',
            group  => 'root',
            mode   => '0444';
        '/etc/wikimedia/os-updates/os-updates-tracking.cfg':
            source => 'puppet:///modules/profile/sre/os-updates-tracking.cfg';
        '/etc/wikimedia/os-updates/puppetdb_owners.yaml':
            content => profile::contacts::get_owners().to_yaml;
        '/etc/wikimedia/os-updates/additional_owners.yaml':
            source => 'puppet:///modules/profile/sre/additional_owners.yaml';
        '/etc/wikimedia/os-updates/buster.yaml':
            source => 'puppet:///modules/profile/sre/buster.yaml';
        '/etc/wikimedia/os-updates/bullseye.yaml':
            source => 'puppet:///modules/profile/sre/bullseye.yaml';
    }

    # The reports could be run on any Cumin host, but only generate it once
    $os_reports_timer_ensure = ($facts['fqdn'] == $os_reports_host).bool2str($ensure, 'absent')

    systemd::timer::job { 'generate_os_reports':
        ensure          => $os_reports_timer_ensure,
        description     => 'Generate OS migration report/overview',
        user            => 'os-reports',
        logging_enabled => false,
        send_mail       => false,
        command         => '/usr/local/bin/os-updates-report',
        interval        => {'start' => 'OnCalendar', 'interval' => '*-*-* 02:00:00'},
    }

    if $ensure == 'present' {
        ensure_packages(['python3-pypuppetdb', 'python3-dominate'])

        class {'rsync::server':
            ensure_service => stdlib::ensure($os_reports_timer_ensure, 'service')
        }
        # Allow miscweb hosts to pull reports for serving them via HTTP
        $miscweb_rsync_clients = wmflib::role::hosts('miscweb')
        rsync::server::module { 'osreports':
            ensure        => $os_reports_timer_ensure,
            path          => '/srv/os-reports',
            read_only     => 'yes',
            hosts_allow   => $miscweb_rsync_clients,
            auto_firewall => true,
        }
    }
}