1190511 - Remove hg_new Puppet role from hgssh[12].dmz.scl3

Status: RESOLVED FIXED

(Developer Services :: Mercurial: hg.mozilla.org, defect)

Description

[Gregory Szorc [:gps]]

I want to get hgssh[12].dmz.scl3 fully under control of Ansible, like we have for hgweb. As the first step of this, I'd like for the "include hg_new::hg_rw" and "include hg_new::logging" lines in the hg.pp node file to be removed. Like hgweb, this *may* require some supplemental Puppet rules in the node. We may want to wait for the Ansible configs to take shape before these lines are deleted. Filing the bug so we can track it though.

Comment 1

[Gregory Szorc [:gps]]

We'll probably want to content of hg_new/manifests/ssh.pp moved into the node definition until we have a solution for secrets management hooked up to Ansible.

Comment 2

[Gregory Szorc [:gps]]

We also likely want "include openldap::client" as well. Although I can mimic some of that module in Ansible.

Comment 3

[Kendall Libby [:fubar] (he/him)]

puppet disabled on hgssh[12] for 48 hours

also, removed nagios checks for ssh on ports 222 and 2222

Comment 4

[Gregory Szorc [:gps]]

We don't need the openldap::client module active as a one-off. Just the secrets from hg_new/manifests/ssh.pp.

Comment 5

[Kendall Libby [:fubar] (he/him)]

Removed hg_rw and logging, and added hg_new::ssh to the node entry.

sekrit$svn diff -r107284
Index: manifests/nodes/hg.pp
===================================================================
--- manifests/nodes/hg.pp	(revision 107284)
+++ manifests/nodes/hg.pp	(working copy)
@@ -49,8 +49,7 @@
 }
 
 node /^hgssh.\.dmz\.scl3\.mozilla\.com$/ {
-    include hg_new::hg_rw
-    include hg_new::logging
+    include hg_new::ssh
     include nfsclient
 
     realize(Nrpe::Plugin['file_age'])
@@ -72,7 +71,6 @@
 }
 
 node 'hgssh.stage.dmz.scl3.mozilla.com' {
-    include hg_new::logging
     include webapp::mod_wsgi_python27
 }

Comment 6

[Kendall Libby [:fubar] (he/him)]

had to add a stub to ensure sudoers.d/repo-push wasn't nuked. otherwise it's good.