Page MenuHomePhabricator
Create Task
Maniphest T306991

Puppet config for scap-over-scap
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

All the Puppet changes required for T303559 except the /usr/bin/scap symbolic link. The symlink will act as the switch when we are ready to phase out the scap deb package.

This includes, on both masters and scap targets:

  • User/group scap/scap. On masters, the user will need to be able to ssh to scap targets. This seems to be achieved by adding the new user to the mwdeploy and deploy-service Keyholder agents a new identity to Keyholder and then configuring an agent for it in the Puppet config
  • System dependencies: rsync, python3

On masters only:

  • Checkout of the scap git repo at /srv/deployment/scap
  • A way to query the list of scap targets -> https://gerrit.wikimedia.org/r/c/operations/puppet/+/771441
  • /var/lib/scap/scap needs to be accessible by rsync from all mediawiki and scap3 target hosts
  • System dependencies: git, bash-completion, python3-venv

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+15 -0scap: clone scap code on deployment servers
operations/puppetproduction+10 -1scap: add system package requirements for scap
operations/puppetproduction+50 -1scap: add new `scap` user to deployment hosts and scap targets
Customize query in gerrit

Related Objects
Search...

Event Timeline

jnuche created this task.Apr 27 2022, 2:24 PM
jnuche set the point value for this task to 3.Apr 27 2022, 2:27 PM
dancy updated the task description. (Show Details)Apr 27 2022, 3:21 PM
jnuche updated the task description. (Show Details)Apr 27 2022, 3:56 PM
jnuche updated the task description. (Show Details)May 2 2022, 12:44 PM
jnuche mentioned this in T307351: Add new user identity to Keyholder for scap.May 2 2022, 12:52 PM
jnuche updated the task description. (Show Details)May 4 2022, 11:16 AM
jnuche updated the task description. (Show Details)May 4 2022, 11:40 AM
gerritbot added a comment.May 4 2022, 1:13 PM

Change 789146 had a related patch set uploaded (by Jaime Nuche; author: Jaime Nuche):

[operations/puppet@production] scap: add new `scap` user to deployment hosts and scap targets

https://gerrit.wikimedia.org/r/789146

gerritbot added a project: Patch-For-Review.May 4 2022, 1:13 PM

Change 789147 had a related patch set uploaded (by Jaime Nuche; author: Jaime Nuche):

[operations/puppet@production] scap: add system package requirements for scap

https://gerrit.wikimedia.org/r/789147

gerritbot added a comment.May 4 2022, 1:13 PM

Change 789148 had a related patch set uploaded (by Jaime Nuche; author: Jaime Nuche):

[operations/puppet@production] scap: clone scap code on deployment servers

https://gerrit.wikimedia.org/r/789148

gerritbot added a comment.May 12 2022, 8:52 AM

Change 789146 merged by Muehlenhoff:

[operations/puppet@production] scap: add new `scap` user to deployment hosts and scap targets

https://gerrit.wikimedia.org/r/789146

gerritbot added a comment.May 12 2022, 9:07 AM

Change 789147 merged by Muehlenhoff:

[operations/puppet@production] scap: add system package requirements for scap

https://gerrit.wikimedia.org/r/789147

gerritbot added a comment.May 12 2022, 9:19 AM

Change 789148 merged by Muehlenhoff:

[operations/puppet@production] scap: clone scap code on deployment servers

https://gerrit.wikimedia.org/r/789148

Maintenance_bot removed a project: Patch-For-Review.May 12 2022, 9:30 AM
jnuche closed this task as Resolved.May 19 2022, 9:33 AM
jnuche updated the task description. (Show Details)May 20 2022, 2:06 PM
MoritzMuehlenhoff mentioned this in T163667: Fix UIDs for deployment server users.Dec 1 2022, 7:48 AM
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL