Puppet Class: profile::wmcs::nfs::maintain_dbusers

Defined in:
modules/profile/manifests/wmcs/nfs/maintain_dbusers.pp

Overview

Parameters:

  • ldapconfig (Hash) (defaults to: lookup('labsldapconfig', {'merge' => hash}))
  • production_ldap_config (Hash) (defaults to: lookup('ldap', {'merge' => hash}))
  • cluster_ip (Stdlib::Ipv4) (defaults to: lookup('profile::wmcs::nfs::primary::cluster_ip'))


10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# File 'modules/profile/manifests/wmcs/nfs/maintain_dbusers.pp', line 10

class profile::wmcs::nfs::maintain_dbusers (
    Hash $ldapconfig            = lookup('labsldapconfig', {'merge' => hash}),
    Hash $production_ldap_config = lookup('ldap', {'merge' => hash}),
    Stdlib::Ipv4 $cluster_ip = lookup('profile::wmcs::nfs::primary::cluster_ip'),
){

    package { [
        'python3-ldap3',
        'python3-netifaces',
        'python3-systemd',
    ]:
        ensure => present,
    }

    include passwords::mysql::labsdb
    include passwords::labsdbaccounts

    $creds = {
        'ldap' => {
            'hosts'    => [
                $production_ldap_config['ro-server'],
                $production_ldap_config['ro-server-fallback'],
            ],
            'username' => 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org',
            'password' => $ldapconfig['proxypass'],
        },
        'labsdbs' => {
            'hosts' => {
                '172.16.7.153' => {
                    'grant-type' => 'legacy',
                },
                'labsdb1009.eqiad.wmnet' => {
                    'grant-type' => 'role',
                },
                'labsdb1010.eqiad.wmnet' => {
                    'grant-type' => 'role',
                },
                'labsdb1011.eqiad.wmnet' => {
                    'grant-type' => 'role',
                },
                'labsdb1012.eqiad.wmnet' => {
                    'grant-type' => 'role',
                },
            },
            'username' => $::passwords::mysql::labsdb::user,
            'password' => $::passwords::mysql::labsdb::password,
        },
        'accounts-backend' => {
            'host' => 'm5-master.eqiad.wmnet',
            'username' => $::passwords::labsdbaccounts::db_user,
            'password' => $::passwords::labsdbaccounts::db_password,
        },
        'nfs-cluster-ip'   => $cluster_ip,
    }

    file { '/etc/dbusers.yaml':
        content => ordered_yaml($creds),
        owner   => 'root',
        group   => 'root',
        mode    => '0400',
    }

    file { '/usr/local/sbin/maintain-dbusers':
        source  => 'puppet:///modules/profile/wmcs/nfs/maintain-dbusers.py',
        owner   => 'root',
        group   => 'root',
        mode    => '0555',
        require => File['/etc/dbusers.yaml'],
        notify  => Systemd::Service['maintain-dbusers'],
    }

    systemd::service { 'maintain-dbusers':
        ensure  => present,
        content => systemd_template('wmcs/nfs/maintain-dbusers'),
        restart => true,
    }

    nrpe::monitor_systemd_unit_state { 'maintain-dbusers':
        description => 'Ensure mysql credential creation for tools users is running',
    }
}