Puppet Class: query_service::deploy::manual

Defined in:
modules/query_service/manifests/deploy/manual.pp

Overview

the query_service package is checked out initially, but not automatically upgraded

Parameters:

  • deploy_user (String)
  • deploy_name (String)
  • package_dir (Stdlib::Absolutepath)


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'modules/query_service/manifests/deploy/manual.pp', line 2

class query_service::deploy::manual(
    String $deploy_user,
    String $deploy_name,
    Stdlib::Absolutepath $package_dir,
) {
    if !defined(Group[$deploy_user]) {
        group { $deploy_user:
            ensure => present,
            system => true,
            before => User[$deploy_user],
        }
    }

    if !defined(User[$deploy_user]) {
        user { $deploy_user:
            ensure => present,
            shell  => '/bin/bash',
            home   => "/var/lib/${deploy_user}",
            system => true,
        }
        file { "/var/lib/${deploy_user}":
            ensure => 'directory',
            owner  => $deploy_user,
            group  => $deploy_user,
            mode   => '0755',
        }
    }

    if !defined(Ssh::Userkey[$deploy_user]) {
        $key_name_safe = regsubst($deploy_user, '\W', '_', 'G')

        ssh::userkey { $deploy_user:
            ensure  => 'present',
            content => secret("keyholder/${key_name_safe}.pub"),
        }
    }

    git::clone { 'wdqs_git_clone':
        ensure             => present,
        owner              => $deploy_user,
        group              => $deploy_user,
        directory          => $package_dir,
        origin             => 'https://gerrit.wikimedia.org/r/wikidata/query/deploy',
        branch             => 'master',
        recurse_submodules => true,
    }

    # git clone needs to be executed before any files are created in the package dir
    # and for some deployment types, the data dir is in the package dir
    Git::Clone['wdqs_git_clone'] -> File<| tag == 'in-wdqs-data-dir' |>
    Git::Clone['wdqs_git_clone'] -> File<| tag == 'in-wdqs-package-dir' |>


    exec { 'wdqs_git_fat_init':
        path    => '/usr/bin:/bin',
        cwd     => $package_dir,
        command => 'git fat init',
        user    => $deploy_user,
        group   => $deploy_user,
        onlyif  =>
            'test -z $(git config --get filter.fat.clean) && test -z $(git config --get filter.fat.smudge)',
        require => Git::Clone['wdqs_git_clone'],
    }

    # an uninitialized git-fat file is 74 bytes (the length of the SHA)
    exec { 'wdqs_git_fat_pull':
        path    => '/usr/bin:/bin',
        cwd     => $package_dir,
        command => 'git fat pull',
        user    => $deploy_user,
        group   => $deploy_user,
        onlyif  => 'test $(stat -c%s blazegraph-service-*.war) -eq 74',
        require => Exec['wdqs_git_fat_init'],
    }

    [ "${deploy_name}-blazegraph", "${deploy_name}-categories", "${deploy_name}-updater"].each |String $service_name| {
        sudo::user { "${deploy_user}_${service_name}":
            user       => $deploy_user,
            privileges => [
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} start",
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} stop",
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} restart",
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} reload",
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} status",
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} try-restart",
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} force-reload",
                "ALL=(root) NOPASSWD: /usr/sbin/service ${service_name} graceful-stop"
            ],
        }
    }

}