Puppet Class: profile::toolforge::grid::cronrunner

Defined in:
modules/profile/manifests/toolforge/grid/cronrunner.pp

Overview

Parameters:

  • active_host (Stdlib::Fqdn) (defaults to: lookup('profile::toolforge::grid::cronrunner::active_host'))
  • sysdir (Stdlib::Unixpath) (defaults to: lookup('profile::toolforge::grid::base::sysdir'))


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# File 'modules/profile/manifests/toolforge/grid/cronrunner.pp', line 3

class profile::toolforge::grid::cronrunner(
    Stdlib::Fqdn $active_host = lookup('profile::toolforge::grid::cronrunner::active_host'),
    Stdlib::Unixpath $sysdir = lookup('profile::toolforge::grid::base::sysdir'),
) {
    include ::profile::toolforge::grid::hba
    include ::profile::toolforge::disable_tool

    $is_active = $active_host == $::facts['fqdn']

    service { 'cron':
        ensure => $is_active.bool2str('running', 'stopped'),
        enable => $is_active,
    }

    # if this is not the active cron runner, block tool crons for easier migration between nodes,
    # but allow root owned crons (most imporantly puppet runs) to still run as intended
    # for more details, see crontab(1)
    file { '/etc/cron.allow':
        ensure  => $is_active.bool2str('absent', 'file'),
        content => "root\n",
    }

    motd::script { 'submithost-banner':
        ensure => present,
        source => "puppet:///modules/profile/toolforge/40-${::labsproject}-submithost-banner.sh",
    }

    # We need to include exec environment here since the current
    # version of jsub checks the local environment to find the full
    # path to things before submitting them to the grid. This assumes
    # that jsub is always run in an environment identical to the exec
    # nodes. This is kind of terrible, so we need to fix that eventually.
    # Until then...
    include profile::toolforge::grid::exec_environ

    file { '/etc/ssh/ssh_config':
        ensure => file,
        mode   => '0444',
        owner  => 'root',
        group  => 'root',
        source => 'puppet:///modules/profile/toolforge/submithost-ssh_config',
    }

    file { '/usr/bin/jlocal':
        ensure => present,
        source => 'puppet:///modules/profile/toolforge/jlocal',
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
    }

    file { '/usr/local/bin/jlocal':
        ensure  => link,
        target  => '/usr/bin/jlocal',
        owner   => 'root',
        group   => 'root',
        require => File['/usr/bin/jlocal'],
    }

    # Backup crontabs! See https://phabricator.wikimedia.org/T95798
    file { "${sysdir}/crontabs":
        ensure => directory,
        owner  => 'root',
        group  => "${::labsproject}.admin",
        mode   => '0770',
    }

    file { "${sysdir}/crontabs/${::fqdn}":
        ensure    => directory,
        source    => '/var/spool/cron/crontabs',
        owner     => 'root',
        group     => "${::labsproject}.admin",
        mode      => '0440',
        recurse   => true,
        show_diff => false,
    }

    class { '::rsync::server':
        ensure_service => $is_active.bool2str('running', 'stopped'),
    }

    rsync::server::module { 'crontabs':
        ensure      => $is_active.bool2str('present', 'absent'),
        comment     => 'Toolforge crontabs',
        read_only   => 'yes',
        path        => '/var/spool/cron/crontabs',
        hosts_allow => wmflib::class::hosts('profile::toolforge::grid::cronrunner'),
    }

    systemd::timer::job { 'rsync-crontabs':
        ensure      => $is_active.bool2str('absent', 'present'),
        user        => 'root',
        description => 'rsync crontabs from the active server',
        # add a chmod since the `crontab` group has different GIDs on different servers
        command     => "/bin/sh -c '/usr/bin/rsync -avp --delete rsync://${active_host}/crontabs /var/spool/cron/crontabs && chgrp -R crontab /var/spool/cron/crontabs'",
        interval    => {'start' => 'OnUnitInactiveSec', 'interval' => '10m'},
    }

    systemd::timer::job { 'disable-tool':
        ensure          => $is_active.bool2str('present', 'absent'),
        logging_enabled => false,
        user            => 'root',
        description     => 'Archive crontab for disabled tools',
        command         => '/srv/disable-tool/disable_tool.py crontab',
        interval        => {
        'start'    => 'OnCalendar',
        'interval' => '*:0/2', # every 2 minutes
        },
        require         => Class['::profile::toolforge::disable_tool'],
    }

    systemd::timer::job { 'disable-tool-archive-dbs':
        ensure          => $is_active.bool2str('present', 'absent'),
        logging_enabled => false,
        user            => 'root',
        description     => 'Archive databases for expired tools',
        command         => '/srv/disable-tool/disable_tool.py archivedbs',
        interval        => {
        'start'    => 'OnCalendar',
        'interval' => '*:0/2', # every 2 minutes
        },
        require         => Class['::profile::toolforge::disable_tool'],
    }
}