Puppet Class: toolforge::bastion_proc_management

Defined in:
modules/toolforge/manifests/bastion_proc_management.pp

Overview

Parameters:

  • project (String)
  • days_allowed (Integer) (defaults to: 3)
  • script_victims (Integer) (defaults to: 2)
  • min_uid (Integer) (defaults to: 1000)
  • dry_run (Boolean) (defaults to: false) 


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'modules/toolforge/manifests/bastion_proc_management.pp', line 33

class toolforge::bastion_proc_management (
    String  $project,
    Integer $days_allowed = 3,
    Integer $script_victims = 2,
    Integer $min_uid = 1000,
    Boolean $dry_run = false,
){
    ensure_packages('python3-psutil')
    ensure_packages('python3-ldap3')

    # Script to stop long-running services, sometimes
    file { '/usr/local/sbin/wmcs-wheel-of-misfortune':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0544',
        source => 'puppet:///modules/toolforge/wmcs_wheel_of_misfortune.py'
    }

    # Expose args in a way that is CLI friendly as well as not a 1000 char line.
    $main_cmd = '/usr/local/sbin/wmcs-wheel-of-misfortune'
    $proj = " --project ${project}"
    $age = " --age ${days_allowed}"
    $uids = " --min-uid ${min_uid}"
    $vics = " --victims ${script_victims}"
    $dry_run_cmd = $dry_run.bool2str(' --dry-run', '')
    $timer_cmd = "${main_cmd}${proj}${age}${uids}${vics}${dry_run_cmd}"

    systemd::timer::job { 'wmcs-wheel-of-misfortune-runner':
        ensure                    => 'present',
        # Don't log to file, use journald
        logging_enabled           => false,
        user                      => 'root',
        description               => 'Select long-running processes for destruction',
        command                   => $timer_cmd,
        interval                  => {
        'start'    => 'OnCalendar',
        'interval' => '*-*-* 15:30:00', # daily at 15:30 UTC
        },
        monitoring_enabled        => true,
        monitoring_contact_groups => 'wmcs-team-email',
        require                   => File[
            '/usr/local/sbin/wmcs-wheel-of-misfortune',
        ],
    }
}