Puppet Class: profile::toolforge::bastion

Defined in:
modules/profile/manifests/toolforge/bastion.pp

Overview

This profile sets up an bastion/dev instance in the Toolforge model.

Parameters:

  • active_cronrunner (Stdlib::Host) (defaults to: lookup('profile::toolforge::active_cronrunner')) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'modules/profile/manifests/toolforge/bastion.pp', line 2

class profile::toolforge::bastion(
    Stdlib::Host $active_cronrunner = lookup('profile::toolforge::active_cronrunner'),
){
    # Son of Grid Engine Configuration
    # admin_host???
    include profile::toolforge::shell_environ
    include profile::toolforge::grid::exec_environ
    include profile::toolforge::k8s::client

    if debian::codename::eq('buster') {
        include profile::toolforge::jobs_framework_cli
    }

    file { '/etc/toollabs-cronhost':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => $active_cronrunner,
    }
    file { '/usr/local/bin/crontab':
        ensure  => 'link',
        target  => '/usr/bin/oge-crontab',
        require => Package['misctools'],
    }

    file { '/usr/local/sbin/qstat-full':
        ensure => absent,
    }

    file { '/usr/local/bin/qstat-full':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0655',
        source => 'puppet:///modules/profile/toolforge/qstat-full',
    }

    file { '/bin/disabledtoolshell':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/profile/toolforge/disabledtoolshell',
    }

    # TODO: once bastions from the eqiad.wmflabs generation are gone, return to using $facts['fqdn']
    file { "${profile::toolforge::grid::base::store}/submithost-${facts['hostname']}.${::labsproject}.eqiad1.wikimedia.cloud":
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        require => File[$profile::toolforge::grid::base::store],
        content => "${::ipaddress}\n",
    }

    motd::script { 'bastion-banner':
        ensure => present,
        source => "puppet:///modules/profile/toolforge/40-${::labsproject}-bastion-banner.sh",
    }

    # Display tips.
    file { '/etc/profile.d/motd-tips.sh':
        ensure  => absent,
    }

    package { 'mosh':
        ensure => present,
    }

    # General SSH Use Configuration
    file { '/etc/ssh/ssh_config':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0444',
        source => 'puppet:///modules/profile/toolforge/submithost-ssh_config',
    }

    if debian::codename::ge('buster') {
        # stretch python can't handle f-string, don't deploy the testsuite there
        class { 'cmd_checklist_runner': }
        class { 'toolforge::automated_toolforge_tests':
            envvars => {},
            require => Class['cmd_checklist_runner'],
        }
    }
}