Puppet Class: role::mariadb::misc::phabricator

Defined in:
modules/role/manifests/mariadb/misc/phabricator.pp

Overview

Phab pretty much requires its own sandbox strict sql_mode – nice! but other services moan admin tool that needs non-trivial permissions

Parameters:

  • shard (Any) (defaults to: 'm3')
  • master (Any) (defaults to: false)
  • ssl (Any) (defaults to: 'puppet-cert')
  • p_s (Any) (defaults to: 'on')


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# File 'modules/role/manifests/mariadb/misc/phabricator.pp', line 4

class role::mariadb::misc::phabricator(
    $shard     = 'm3',
    $master    = false,
    $ssl       = 'puppet-cert',
    $p_s       = 'on',
    ) {

    system::role { 'mariadb::misc':
        description => "Misc Services Database ${shard} (phabricator)",
    }

    include ::profile::standard
    include mariadb::packages_wmf
    include mariadb::service

    $mysql_role = $master ? {
        true  => 'master',
        false => 'slave',
    }

    class { '::profile::mariadb::mysql_role':
        role => $mysql_role,
    }
    profile::mariadb::section { $shard: }

    include ::passwords::misc::scripts
    include ::profile::base::firewall
    ::profile::mariadb::ferm { 'phabricator': }

    include ::profile::mariadb::monitor::prometheus

    $read_only = $master ? {
        true  => 0,
        false => 1,
    }

    $stopwords_database = 'phabricator_search'

    class { 'mariadb::config':
        config    => 'role/mariadb/mysqld_config/phabricator.my.cnf.erb',
        basedir   => '/opt/wmf-mariadb101', # FIXME: config should default to 10.1
        datadir   => '/srv/sqldata',
        tmpdir    => '/srv/tmp',
        sql_mode  => 'STRICT_ALL_TABLES',
        read_only => $read_only,
        ssl       => $ssl,
        p_s       => $p_s,
    }

    file { '/etc/mysql/phabricator-stopwords.txt':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('role/phabricator/stopwords.txt.erb'),
    }

    file { '/etc/mysql/phabricator-stopwords-update.sql':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('role/phabricator/stopwords-update.sql.erb'),
    }

    file { '/etc/mysql/phabricator-init.sql':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('role/phabricator/init.sql.erb'),
    }

    class { 'profile::mariadb::grants::production':
        shard    => $shard,
        prompt   => "MISC ${shard}",
        password => $passwords::misc::scripts::mysql_root_pass,
    }

    class { 'mariadb::heartbeat':
        shard      => $shard,
        datacenter => $::site,
        enabled    => $master,
    }

    class { 'mariadb::monitor_disk':
        is_critical   => $master,
        contact_group => 'admins',
    }

    class { 'mariadb::monitor_process':
        is_critical   => $master,
        contact_group => 'admins',
    }

    mariadb::monitor_replication { [ $shard ]:
        is_critical   => false,
        contact_group => 'admins',
        multisource   => false,
    }

    mariadb::monitor_readonly { [ $shard ]:
        read_only     => $read_only,
        is_critical   => false,
        contact_group => 'admins',
    }

    class { 'mariadb::monitor_memory': }
}