Closed
Bug 1190511
Opened 9 years ago
Closed 8 years ago
Remove hg_new Puppet role from hgssh[12].dmz.scl3
Categories
(Developer Services :: Mercurial: hg.mozilla.org, defect)
Developer Services
Mercurial: hg.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gps, Assigned: fubar)
References
Details
I want to get hgssh[12].dmz.scl3 fully under control of Ansible, like we have for hgweb. As the first step of this, I'd like for the "include hg_new::hg_rw" and "include hg_new::logging" lines in the hg.pp node file to be removed. Like hgweb, this *may* require some supplemental Puppet rules in the node. We may want to wait for the Ansible configs to take shape before these lines are deleted. Filing the bug so we can track it though.
Reporter | ||
Comment 1•9 years ago
|
||
We'll probably want to content of hg_new/manifests/ssh.pp moved into the node definition until we have a solution for secrets management hooked up to Ansible.
Reporter | ||
Comment 2•9 years ago
|
||
We also likely want "include openldap::client" as well. Although I can mimic some of that module in Ansible.
Assignee | ||
Comment 3•9 years ago
|
||
puppet disabled on hgssh[12] for 48 hours also, removed nagios checks for ssh on ports 222 and 2222
Reporter | ||
Comment 4•9 years ago
|
||
We don't need the openldap::client module active as a one-off. Just the secrets from hg_new/manifests/ssh.pp.
Assignee | ||
Comment 5•9 years ago
|
||
Removed hg_rw and logging, and added hg_new::ssh to the node entry. sekrit$svn diff -r107284 Index: manifests/nodes/hg.pp =================================================================== --- manifests/nodes/hg.pp (revision 107284) +++ manifests/nodes/hg.pp (working copy) @@ -49,8 +49,7 @@ } node /^hgssh.\.dmz\.scl3\.mozilla\.com$/ { - include hg_new::hg_rw - include hg_new::logging + include hg_new::ssh include nfsclient realize(Nrpe::Plugin['file_age']) @@ -72,7 +71,6 @@ } node 'hgssh.stage.dmz.scl3.mozilla.com' { - include hg_new::logging include webapp::mod_wsgi_python27 }
Assignee: nobody → klibby
Assignee | ||
Comment 6•9 years ago
|
||
had to add a stub to ensure sudoers.d/repo-push wasn't nuked. otherwise it's good.
Assignee | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•