Puppet Class: role::mariadb::misc::phabricator

Defined in:
modules/role/manifests/mariadb/misc/phabricator.pp

Overview

Phab pretty much requires its own sandbox strict sql_mode – nice! but other services moan admin tool that needs non-trivial permissions

Parameters:

  • ssl (Any) (defaults to: 'puppet-cert')
  • p_s (Any) (defaults to: 'on')


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'modules/role/manifests/mariadb/misc/phabricator.pp', line 4

class role::mariadb::misc::phabricator(
    $ssl       = 'puppet-cert',
    $p_s       = 'on',
    ) {
    $shard = lookup('mariadb::shard')

    system::role { 'mariadb::misc':
        description => "Misc Services Database ${shard} (phabricator)",
    }

    include ::profile::base::production
    require profile::mariadb::packages_wmf
    include profile::mariadb::wmfmariadbpy
    include mariadb::service
    include profile::mariadb::mysql_role

    profile::mariadb::section { $shard: }

    include ::passwords::misc::scripts
    include ::profile::base::firewall
    ::profile::mariadb::ferm { 'phabricator': }

    include ::profile::mariadb::monitor::prometheus

    $mysql_role = $profile::mariadb::mysql_role::role
    $is_master = $mysql_role == 'master'
    $read_only = profile::mariadb::section_params::is_read_only($shard, $mysql_role)
    $is_writeable_dc = profile::mariadb::section_params::is_writeable_dc($shard)
    $is_primary_master = $is_master and $is_writeable_dc

    $stopwords_database = 'phabricator_search'

    class { 'mariadb::config':
        config    => 'role/mariadb/mysqld_config/phabricator.my.cnf.erb',
        basedir   => $profile::mariadb::packages_wmf::basedir,
        datadir   => '/srv/sqldata',
        tmpdir    => '/srv/tmp',
        sql_mode  => 'STRICT_ALL_TABLES',
        read_only => Integer($read_only),
        ssl       => $ssl,
        p_s       => $p_s,
    }

    file { '/etc/mysql/phabricator-stopwords.txt':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('role/phabricator/stopwords.txt.erb'),
    }

    file { '/etc/mysql/phabricator-stopwords-update.sql':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('role/phabricator/stopwords-update.sql.erb'),
    }

    file { '/etc/mysql/phabricator-init.sql':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('role/phabricator/init.sql.erb'),
    }

    class { 'profile::mariadb::grants::production':
        shard    => $shard,
        prompt   => "MISC ${shard}",
        password => $passwords::misc::scripts::mysql_root_pass,
    }

    class { 'mariadb::heartbeat':
        shard      => $shard,
        datacenter => $::site,
        enabled    => $is_master,
    }

    class { 'mariadb::monitor_disk':
        is_critical   => $is_primary_master,
    }

    class { 'mariadb::monitor_process':
        is_critical   => $is_primary_master,
    }

    if profile::mariadb::section_params::is_repl_client($shard, $mysql_role) {
        $source_dc = profile::mariadb::section_params::get_repl_src_dc($mysql_role)
        mariadb::monitor_replication { [ $shard ]:
            is_critical => false,
            source_dc   => $source_dc,
        }
        profile::mariadb::replication_lag { $shard: }
    }

    mariadb::monitor_readonly { $shard:
        read_only   => $read_only,
        # XXX(kormat): Not using $is_primary_master, as we want to alert even for an inactive DC.
        is_critical => $is_master,
    }

    class { 'mariadb::monitor_memory': }
}