modules/notificationserver/manifests/init.pp - Issue 29557718: #3927 - Clear Nginx cache when notifications are updated

Delta Between Two Patch Sets: modules/notificationserver/manifests/init.pp

Issue 29557718: #3927 - Clear Nginx cache when notifications are updated (Closed)

Left Patch Set: Created Sept. 27, 2017, 4:37 p.m.

Right Patch Set: Address feedback from patch-set #1 Created Sept. 28, 2017, 11:59 a.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 class notificationserver($is_default = false) {	1 class notificationserver($is_default = false) {

2	2

3 include nginx	3 include nginx

4	4

5 class {'sitescripts':	5 class {'sitescripts':

6 sitescriptsini_source => 'puppet:///modules/notificationserver/sitescripts.i ni'	6 sitescriptsini_source => 'puppet:///modules/notificationserver/sitescripts.i ni'

7 }	7 }

8	8

9 exec {'fetch_notifications':	9 exec {'fetch_notifications':

10 command => 'hg clone --noupdate https://hg.adblockplus.org/notifications /op t/notifications && chown -R nginx /opt/notifications',	10 command => 'hg clone --noupdate https://hg.adblockplus.org/notifications /op t/notifications && chown -R nginx /opt/notifications',

11 path => ['/usr/bin/', '/bin/'],	11 path => ['/usr/bin/', '/bin/'],

12 require => [	12 require => [

13 Package['mercurial'],	13 Package['mercurial'],

14 User['nginx'],	14 User['nginx'],

15 ],	15 ],

16 onlyif => 'test ! -d /opt/notifications'	16 onlyif => 'test ! -d /opt/notifications'

17 }	17 }

18	18

19 # http://hub.eyeo.com/issues/3927	19 # http://hub.eyeo.com/issues/3927

20 $clear_cache = "find /var/cache/nginx/notification -type f -exec rm -rf {} +"	20 $cache_flush = 'find /var/cache/nginx/notification -type f -exec rm -rf {} +'

	21 $cache_user = 'www-data'

21	22

22 # https://linux.die.net/man/5/sudoers	23 # https://linux.die.net/man/5/sudoers

23 file {"/etc/sudoers.d/notification-cache":	24 file {'/etc/sudoers.d/notification-cache':

24 content => "nginx ALL=(www-data) NOPASSWD:/usr/bin/$clear_cache\n",	25 content => "nginx ALL=($cache_user) NOPASSWD:/usr/bin/$cache_flush\n",
f.nicolaisen 2017/09/28 11:05:25 Consider extracting 'www-data' here and below to m Consider extracting 'www-data' here and below to make it obvious that they are coupled. mathias 2017/09/28 12:00:00 Acknowledged. Show quoted text On 2017/09/28 11:05:25, f.nicolaisen wrote: > Consider extracting 'www-data' here and below to make it obvious that they are > coupled. Acknowledged.
25 ensure => 'present',	26 ensure => 'present',

26 group => 'root',	27 group => 'root',

27 mode => '0440',	28 mode => '0440',

28 owner => 'root',	29 owner => 'root',

29 }	30 }

30	31

31 # https://docs.puppet.com/puppet/latest/types/augeas.html	32 # https://docs.puppet.com/puppet/latest/types/augeas.html

32 augeas {"files/opt/notifications/.hg/hgrc/hooks/cache":	33 augeas {'files/opt/notifications/.hg/hgrc/hooks/cache':

33 changes => ["set hooks/changegroup.cache 'sudo -u www-data $clear_cache'"],	34 changes => [

	35 "set hooks/changegroup.cache 'sudo -u $cache_user $cache_flush'",

	36 ],

34 incl => '/opt/notifications/.hg/hgrc',	37 incl => '/opt/notifications/.hg/hgrc',
f.nicolaisen 2017/09/28 11:05:25 No dependency on the notifications repo having bee No dependency on the notifications repo having been cloned already. mathias 2017/09/28 12:00:00 Acknowledged. Interestingly we just recently lear Show quoted text On 2017/09/28 11:05:25, f.nicolaisen wrote: > No dependency on the notifications repo having been cloned already. Acknowledged. Interestingly we just recently learned that the behavior of Puppet changed here somewhere in the late 3.x versions: "The order of resources in a Puppet manifest does not matter. Puppet assumes that most resources are not related to each other and will manage the resources in whatever order is most efficient." (2.x) vs. "By default, Puppet applies resources in the order they’re declared in their manifest. However, if a group of resources must always be managed in a specific order, you should explicitly declare such relationships with relationship metaparameters, chaining arrows, and the require function." (4.x) Nonetheless I prefer explicit notation of relationships anyway.
35 lens => "Puppet.lns",	38 lens => 'Puppet.lns',

	39 require => [

	40 Exec['fetch_notifications'],

	41 File['/etc/sudoers.d/notification-cache'],

	42 ],

36 }	43 }

37	44

38 cron {'update_notifications':	45 cron {'update_notifications':

39 command => 'hg pull -q -u -R /opt/notifications',	46 command => 'hg pull -q -u -R /opt/notifications',

40 environment => hiera('cron::environment', []),	47 environment => hiera('cron::environment', []),

41 minute => '2-59/20',	48 minute => '2-59/20',

42 user => 'nginx',	49 user => 'nginx',

43 require => Exec['fetch_notifications'],	50 require => Exec['fetch_notifications'],

44 }	51 }

45	52

(...skipping 26 matching lines...) Expand all Loading...
72 nginx::hostconfig{'notification.adblockplus.org':	79 nginx::hostconfig{'notification.adblockplus.org':

73 source => 'puppet:///modules/notificationserver/site.conf',	80 source => 'puppet:///modules/notificationserver/site.conf',

74 global_config => template('notificationserver/global.conf.erb'),	81 global_config => template('notificationserver/global.conf.erb'),

75 is_default => $is_default,	82 is_default => $is_default,

76 certificate => 'easylist-downloads.adblockplus.org_sslcert.pem',	83 certificate => 'easylist-downloads.adblockplus.org_sslcert.pem',

77 private_key => 'easylist-downloads.adblockplus.org_sslcert.key',	84 private_key => 'easylist-downloads.adblockplus.org_sslcert.key',

78 log => 'access_log_notification',	85 log => 'access_log_notification',

79 log_format => 'notification',	86 log_format => 'notification',

80 }	87 }

81 }	88 }

LEFT	RIGHT