Page MenuHomePhabricator
Create Task
Maniphest T169368

role::simplelamp takes ownership of all content in /etc/apache2/sites-enabled
Closed, ResolvedPublic
Actions

Description

While working with @Freddy2001 on some issues in the getstarted project we found that changes to /etc/apache2/sites-enabled were being mysteriously un-done. It eventually dawned on my to look at what Puppet roles were applied on the host. This led me to the realization that our role::simplelamp Puppet module is pretty useless for any project that is not using a local puppet master.

Here's what happens:

  • role::simplelamp applies ::apache
  • ::apache has a set of File resource that control the contents of:
    • /etc/apache2/conf-enabled
    • /etc/apache2/env-enabled
    • /etc/apache2/sites-enabled
  • These File resources include recurse => true and purge => true settings which means that any files under the directory that do not also have Puppet File resources will be removed when Puppet runs.

Effectively this means that unless you apply another Puppet class that declares apache::conf, apache::env, and apache::site resources each Puppet run will undo all changes to the Apache config.

This is pretty annoying behavior for a typical volunteer Labs user. What is happening is non-obvious and non-intuitive. The applied the Puppet role to bootstrap their VM, but very likely are not expecting any manual config changes that they make to disappear twice an hour. We should find a way to make this easier to work with.

NOTE: The short term hack solution is to remove the role::simplelamp from the VM once the basic software has been provisioned. So apply the role from Horizon, force a Puppet run on the instance with sudo puppet agent --test --verbose, make sure that Apache and MySQL are installed and running, and then remove the role using Horizon.

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+5 -3httpd/simplelamp2: add parameter to not purge manual config
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Jun 30 2017, 9:13 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 30 2017, 9:13 PM
bd808 moved this task from Triage to OpenStack on the Cloud-Services board.Sep 14 2017, 5:21 AM
Dzahn added a subtask: T215662: upgrade simplelamp class (apache -> httpd and mysql -> mariadb) or deprecate it.Feb 8 2019, 9:44 PM
bd808 edited projects, added Cloud-VPS, Puppet; removed Cloud-Services.Jan 4 2020, 9:27 PM
Dzahn closed subtask T215662: upgrade simplelamp class (apache -> httpd and mysql -> mariadb) or deprecate it as Resolved.May 18 2020, 8:44 AM
gerritbot added a comment.May 19 2020, 8:16 AM

Change 597052 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] simplelamp2: do not purge unmanaged config files

https://gerrit.wikimedia.org/r/597052

gerritbot added a project: Patch-For-Review.May 19 2020, 8:16 AM
Dzahn added a subscriber: Dzahn.May 19 2020, 8:18 AM
gerritbot added a comment.Dec 2 2020, 10:18 PM

Change 597052 merged by Dzahn:
[operations/puppet@production] httpd/simplelamp2: add parameter to not purge manual config

https://gerrit.wikimedia.org/r/597052

Dzahn added a comment.Dec 2 2020, 10:27 PM

@bd808 @Freddy2001 I finally merged the proposed fix above.

Now the httpd class has a new parameter that lets you toggle the purge behaviour.

And in the "simplelamp2" class which replaced simplelamp I already disabled it. Other roles could also set it now as they prefer.

Would you agree this resolves the issue? Goal is to make it easier for volunteer cloud VPS users but also encourage use of puppet.

Dzahn closed this task as Resolved.Dec 2 2020, 11:06 PM
Dzahn claimed this task.

claiming it's resolved .. per IRC chat

Maintenance_bot removed a project: Patch-For-Review.Dec 2 2020, 11:10 PM
Dzahn added a comment.Dec 3 2020, 8:25 PM

https://wikitech.wikimedia.org/wiki/Help:Cloud_VPS_project#How_to_automatically_setup_a_simple_LAMP_server_on_a_cloud_VPS_instance

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL