Puppet Class: statistics::user

Defined in:
modules/statistics/manifests/user.pp

Overview



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'modules/statistics/manifests/user.pp', line 1

class statistics::user {
    include ::passwords::statistics::user

    $username = 'stats'
    $homedir  = "/var/lib/${username}"

    group { $username:
        ensure => present,
        name   => $username,
        system => true,
    }

    user { $username:
        home       => $homedir,
        groups     => [],
        shell      => '/bin/bash',
        managehome => true,
        system     => true,
    }

    $git_settings = {
        'user' => {
            'name'  => 'Statistics User',
            # TODO: use a better email than this :(
            'email' => 'analytics-alerts@wikimedia.org',
        },
        # Enable automated git/gerrit authentication via http
        # by using .git-credential file store.
        'credential' => {
            'helper' => 'store',
        }
    }

    # Specific global git config for all the Analytics VLAN
    # to force every user to use the Production Webproxy.
    # This is useful to avoid HTTP/HTTPS calls ending up
    # being blocked by the VLAN's firewall rules, avoiding
    # all the users to set up their own settings.
    # Not needed in labs.
    if $::realm == 'production' {
        $git_http_proxy_settings = {
            # https://wikitech.wikimedia.org/wiki/HTTP_proxy
            'http' => {
                'proxy' => 'http://webproxy.eqiad.wmnet:8080'
            },
            'https' => {
                'proxy' => 'http://webproxy.eqiad.wmnet:8080'
            },
        }
    } else {
        $git_http_proxy_settings = {}
    }

    # lint:ignore:arrow_alignment
    git::userconfig { 'stats':
        homedir  => $homedir,
        settings => merge($git_settings, $git_http_proxy_settings),
        require  => User[$username],
    }
    # lint:endignore

    # Render the .git-credentials file with the stats user's http password.
    # This password is set from https://gerrit.wikimedia.org/r/#/settings/http-password.
    # To log into gerrit as the stats user, check the /srv/password/stats-user file
    # for LDAP login creds.
    file { "${homedir}/.git-credentials":
        mode    => '0600',
        owner   => $username,
        group   => $username,
        content => "https://${username}:${passwords::statistics::user::gerrit_http_password}@gerrit.wikimedia.org",
        require => User[$username],
    }
}