Puppet Class: profile::stewards

Defined in:
modules/profile/manifests/stewards.pp

Overview

SPDX-License-Identifier: Apache-2.0 special VM for stewards (T344164)

Parameters:

  • repo_dir (Stdlib::Unixpath) (defaults to: lookup('profile::stewards::repo_dir', {default_value => '/srv/repos'}))
  • conf_dir (Stdlib::Unixpath) (defaults to: lookup('profile::stewards::conf_dir', {default_value => '/etc/steward-onboarder'}))
  • export_dir (Stdlib::Unixpath) (defaults to: lookup('profile::stewards::export_dir', {default_value => '/srv/exports'}))
  • userdb_dir (Stdlib::Unixpath) (defaults to: lookup('profile::stewards::userdb_dir', {default_value => "${repo_dir}/users-db"}))
  • onboarding_system_dir (Stdlib::Unixpath) (defaults to: lookup('profile::stewards::onboarding_system_dir', {default_value => "${repo_dir}/onboarding-system"}))
  • group_owner (String) (defaults to: lookup('profile::stewards::group_owner', {default_value => 'stewards-users'})) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'modules/profile/manifests/stewards.pp', line 3

class profile::stewards (
    Stdlib::Unixpath $repo_dir = lookup('profile::stewards::repo_dir', {default_value => '/srv/repos'}),
    Stdlib::Unixpath $conf_dir = lookup('profile::stewards::conf_dir', {default_value => '/etc/steward-onboarder'}),
    Stdlib::Unixpath $export_dir = lookup('profile::stewards::export_dir', {default_value => '/srv/exports'}),
    Stdlib::Unixpath $userdb_dir = lookup('profile::stewards::userdb_dir', {default_value => "${repo_dir}/users-db"}),
    Stdlib::Unixpath $onboarding_system_dir = lookup('profile::stewards::onboarding_system_dir', {default_value => "${repo_dir}/onboarding-system"}),
    String $group_owner = lookup('profile::stewards::group_owner', {default_value => 'stewards-users'}),
){

    # T344164#9314186
    ensure_packages(['python3-click', 'python3-requests-oauthlib'])

    # conf dir and repo dir not writable
    wmflib::dir::mkdir_p([$conf_dir, $repo_dir], {
        owner => 'root',
        group => $group_owner,
        mode  => '0755',
    })

    # export dir group writable
    wmflib::dir::mkdir_p($export_dir, {
        owner => 'root',
        group => $group_owner,
        mode  => '0775',
    })

    # pull onboarding application from gitlab and create the config
    git::clone { 'repos/stewards/onboarding-system':
        ensure    => 'present',
        source    => 'gitlab',
        group     => $group_owner,
        shared    => true,
        directory => $onboarding_system_dir,
    }

    file { "${conf_dir}/steward-onboarder.yaml":
        ensure => 'present',
        source => 'puppet:///modules/profile/stewards/steward-onboarder.yaml',
    }

    git::systemconfig { 'safe.directory-onboarding_system_dir':
        settings => {
            'safe' => {
                'directory' => $onboarding_system_dir
            }
        }
    }

    # create a local-only repo to hold private onboarding app data
    file { $userdb_dir:
        ensure => directory,
        owner  => 'root',
        group  => $group_owner,
        mode   => '2775',
    }

    git::systemconfig { 'safe.directory-userdb_dir':
        settings => {
            'safe' => {
                'directory' => $userdb_dir
            }
        }
    }

    exec { "${userdb_dir} git init":
        command => '/usr/bin/git init',
        user    => 'root',
        group   => $group_owner,
        cwd     => $userdb_dir,
        creates => "${userdb_dir}/.git",
        require => File[$userdb_dir],
    }
}