modules/filtermaster/manifests/init.pp - Issue 6029451183783936: Add Filtermaster

Delta Between Two Patch Sets: modules/filtermaster/manifests/init.pp

Issue 6029451183783936: Add Filtermaster (Closed)

Left Patch Set: Created Nov. 8, 2013, 8:35 a.m.

Right Patch Set: All Done Created Nov. 14, 2013, 3:26 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 class filtermaster {	1 class filtermaster {

2 #changing cron default	2 Cron {
Felix Dahlke 2013/11/08 08:55:58 I find this rather obvious, same goes for the othe I find this rather obvious, same goes for the other comments below like "add user". Don't think they add anything here. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > I find this rather obvious, same goes for the other comments below like "add > user". Don't think they add anything here. Done.
3 Cron{	3 #TODO change email
Felix Dahlke 2013/11/08 08:55:58 Space before "{" Space before "{" christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > Space before "{" Done.
4 environment => ['MAILTO=cvervoorts@adblockplus.org', 'PYTHONPATH=/opt/sitesc ripts'],	4 environment => ['MAILTO=root', 'PYTHONPATH=/opt/sitescripts'],

5 }	5 }

6 »	6

7 class {'ssh':	7 class {'ssh':

8 custom_configuration => 'Match User rsync	8 custom_configuration => 'Match User rsync

9 AllowTcpForwarding no	9 AllowTcpForwarding no

10 X11Forwarding no	10 X11Forwarding no

11 AllowAgentForwarding no	11 AllowAgentForwarding no

12 GatewayPorts no	12 GatewayPorts no

13 ForceCommand rsync --server --sender -vltprz --delete-excluded --exclude CVS . /home/rsync/subscriptions/'	13 ForceCommand rsync --server --sender -vltprz --delete-excluded . /home/rsync /generated/data/'

14 » }	14 }
Felix Dahlke 2013/11/08 08:55:58 Indentation is off here. Indentation is off here. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > Indentation is off here. Done.
15	15

16 #add user	16 user {'rsync':

17 user { 'rsync':	17 ensure => present,
Felix Dahlke 2013/11/08 08:55:58 No space between "{" and "'". No space between "{" and "'". christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > No space between "{" and "'". Done.
18 ensure => present,
Felix Dahlke 2013/11/08 08:55:58 We never align operators on columns, so just a sin We never align operators on columns, so just a single space before "=>" please. Likewise below. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > We never align operators on columns, so just a single space before "=>" please. > Likewise below. Done.
19 comment => 'Filter list mirror user',	18 comment => 'Filter list mirror user',

20 home => '/home/rsync',	19 home => '/home/rsync',

21 managehome => true	20 managehome => true

22 }	21 }

23 »	22

24 file {'/home/rsync/.ssh':	23 file {'/home/rsync/update_repos.sh':

25 » ensure => directory,	24 ensure => file,
Felix Dahlke 2013/11/08 08:55:58 Indentation is off here, should be two spaces. Indentation is off here, should be two spaces. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > Indentation is off here, should be two spaces. Done.
26 » require => User['rsync'],	25 owner => rsync,

27 » owner => rsync,	26 mode => 0700,

28 » mode => 0600;	27 source => 'puppet:///modules/filtermaster/update_repos.sh'
Felix Dahlke 2013/11/08 08:55:58 No semicolon here. No semicolon here. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > No semicolon here. Done.
29 }	28 }

30 »	29

31 file {'/home/rsync/.ssh/authorized_keys':	30 file {'/home/rsync/subscription':

32 » ensure => file,	31 ensure => directory,
Felix Dahlke 2013/11/08 08:55:58 Indentation is off here as well. Indentation is off here as well. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > Indentation is off here as well. Done.
33 » require => [	32 owner => rsync

34 » File['/home/rsync/.ssh'],
Felix Dahlke 2013/11/08 08:55:58 Puppet normally requires parent directories automa Puppet normally requires parent directories automatically, are you sure this is necessary? christian 2013/11/08 11:36:56 I think it's needed to set the permissions of the Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > Puppet normally requires parent directories automatically, are you sure this is > necessary? I think it's needed to set the permissions of the .ssh dir right. SSH don't work if the permissions are not correct. So yes this is necessary in my opinion. Felix Dahlke 2013/11/08 15:49:39 I'd be really surprised if it was necessary. Can y Show quoted text On 2013/11/08 11:36:56, cvervoorts wrote: > On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > > Puppet normally requires parent directories automatically, are you sure this > is > > necessary? > > I think it's needed to set the permissions of the .ssh dir right. SSH don't work > if the permissions are not correct. So yes this is necessary in my opinion. I'd be really surprised if it was necessary. Can you try a fresh provision without this? It should work. If it doesn't, we should figure out why and add a comment here.
35 » User['rsync']

36 » ],

37 » owner => rsync,

38 » mode => 0600,

39 » source => 'puppet:///modules/filtermaster/authorized_keys'

40 }	33 }

41	34

42 file {'/etc/sitescripts':	35 file {'/home/rsync/generated':
Felix Dahlke 2013/11/08 08:55:58 I think you should pass this to the sitescripts cl I think you should pass this to the sitescripts class, instead of sitescripts.ini which I don't think we need. Or am I missing something? christian 2013/11/08 11:36:56 The scripts are not taking the sitescripts.ini fil Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > I think you should pass this to the sitescripts class, instead of > sitescripts.ini which I don't think we need. Or am I missing something? The scripts are not taking the sitescripts.ini file. They need a sitescripts file. Don't know why. Also the content of the file is only need for the filtermaster Felix Dahlke 2013/11/08 15:49:39 You use sitescriptsini_source at the bottom of the Show quoted text On 2013/11/08 11:36:56, cvervoorts wrote: > On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > > I think you should pass this to the sitescripts class, instead of > > sitescripts.ini which I don't think we need. Or am I missing something? > > The scripts are not taking the sitescripts.ini file. They need a sitescripts > file. Don't know why. Also the content of the file is only need for the > filtermaster You use sitescriptsini_source at the bottom of the file - it points to a now nonexistent file (sitescripts.ini). How I see it, you should be able to get rid of this file resource here and just point to puppet:///modules/filtermaster/sitescripts down there.
43 ensure => file,	36 ensure => directory,
Felix Dahlke 2013/11/08 08:55:58 Indentation's off again. Indentation's off again. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > Indentation's off again. Done.
44 owner => root,	37 owner => rsync

45 mode => 0644,	38 }

46 source => 'puppet:///modules/filtermaster/sitescripts'	39

	40 file {'/home/rsync/.ssh':

	41 ensure => directory,

	42 owner => rsync,

	43 mode => 0600

47 }	44 }

48	45

49 #donwload the repos	46 file {'/home/rsync/.ssh/authorized_keys':

50	47 ensure => file,

51 exec { "fetch_easylist":	48 owner => rsync,
Felix Dahlke 2013/11/08 08:55:58 No space before ", " should actually be '. Likewis No space before ", " should actually be '. Likewise below. More importantly, seeing how the below exec blocks are nearly identical, I think we should use a class for this to reduce duplication.
52 command => "hg clone https://hg.adblockplus.org/easylist /home/rsync/subscri ption/easylist",	49 mode => 0600,

53 path => ["/usr/bin/", "/bin/"],	50 source => 'puppet:///modules/private/rsync@easylist-downloads.adblockplus.or g.pub'

54 require => Package['mercurial'],

55 user => rsync,

56 timeout => 0,

57 onlyif => "test ! -d /home/rsync/subscription/easylist"

58 }

59 »

60 exec { "fetch_easylist_germany":

61 command => "hg clone https://hg.adblockplus.org/easylistgermany /home/rsync/ subscription/easylistgermany",

62 path => ["/usr/bin/", "/bin/"],

63 require => Package['mercurial'],

64 user => rsync,

65 timeout => 0,

66 onlyif => "test ! -d /home/rsync/subscription/easylistgermany"

67 }	51 }

68	52

69 exec { "fetch_easylist_italy":	53 file {'/etc/ssh/ssh_host_rsa_key':

70 command => "hg clone https://hg.adblockplus.org/easylistitaly /home/rsync/su bscription/easylistitaly",	54 require => Package['openssh-server'],

71 path => ["/usr/bin/", "/bin/"],	55 notify => Service['ssh'],

72 require => Package['mercurial'],	56 ensure => file,

73 user => rsync,	57 owner => root,

74 timeout => 0,	58 group => root,

75 onlyif => "test ! -d /home/rsync/subscription/easylistitaly"	59 source => 'puppet:///modules/private/filtermaster.adblockplus.org_ssh.key'

76 }

77

78 exec { "fetch_easylist_combinations":

79 command => "hg clone https://hg.adblockplus.org/easylistcombinations /home/r sync/subscription/easylistcombinations",

80 path => ["/usr/bin/", "/bin/"],

81 require => Package['mercurial'],

82 user => rsync,

83 timeout => 0,

84 onlyif => "test ! -d /home/rsync/subscription/easylistcombinations"

85 }

86

87 exec { "fetch_malwaredomains":

88 command => "hg clone https://hg.adblockplus.org/malwaredomains /home/rsync/s ubscription/malwaredomains",

89 path => ["/usr/bin/", "/bin/"],

90 require => Package['mercurial'],

91 user => rsync,

92 timeout => 0,

93 onlyif => "test ! -d /home/rsync/subscription/malwaredomains"

94 }

95

96 exec { "fetch_ruadlist":

97 command => "hg clone https://hg.adblockplus.org/ruadlist /home/rsync/subscri ption/ruadlist",

98 path => ["/usr/bin/", "/bin/"],

99 require => Package['mercurial'],

100 user => rsync,

101 timeout => 0,

102 onlyif => "test ! -d /home/rsync/subscription/ruadlist"

103 }	60 }

104	61

105 exec { "fetch_listefr":	62 file {'/etc/ssh/ssh_host_rsa_key.pub':

106 command => "hg clone https://hg.adblockplus.org/listefr /home/rsync/subscrip tion/listefr",	63 require => Package['openssh-server'],

107 path => ["/usr/bin/", "/bin/"],	64 notify => Service['ssh'],

108 require => Package['mercurial'],	65 ensure => file,

109 user => rsync,	66 owner => root,

110 timeout => 0,	67 group => root,

111 onlyif => "test ! -d /home/rsync/subscription/listefr"	68 source => 'puppet:///modules/private/filtermaster.adblockplus.org_ssh.pub'

112 }

113

114 exec { "fetch_exceptionrules":

115 command => "hg clone https://hg.adblockplus.org/exceptionrules /home/rsync/s ubscription/exceptionrules",

116 path => ["/usr/bin/", "/bin/"],

117 require => Package['mercurial'],

118 user => rsync,

119 timeout => 0,

120 onlyif => "test ! -d /home/rsync/subscription/exceptionrules"

121 }	69 }

122	70

123 #cron entrys	71 package {['p7zip-full']:}

124	72

125 cron { updateSubscription:	73 define repo_download() {
Felix Dahlke 2013/11/08 08:55:58 No space after "{", and updateSubscription should No space after "{", and updateSubscription should be 'update_subscription' for consistency. Likewise below ("updateMalware"). christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > No space after "{", and updateSubscription should be 'update_subscription' for > consistency. Likewise below ("updateMalware"). Done.
	74 exec {"fetch_${title}":

	75 command => "hg clone https://hg.adblockplus.org/${title} /home/rsync/subsc ription/${title}",

	76 path => ["/usr/bin/", "/bin/"],

	77 require => Package['mercurial'],

	78 user => rsync,

	79 timeout => 0,

	80 onlyif => "test ! -d /home/rsync/subscription/${title}"

	81 }

	82 }

	83

	84 repo_download {['easylist',

	85 'easylistgermany',

	86 'easylistitaly',

	87 'easylistcombinations',

	88 'malwaredomains',

	89 'ruadlist',

	90 'listefr',

	91 'exceptionrules',

	92 'easylistdutch',

	93 'facebookfilters',

	94 'antiadblockfilters'

	95 ]:

	96 }

	97

	98 cron {'update_subscription':

126 ensure => present,	99 ensure => present,

127 command => "python -m sitescripts.subscriptions.bin.updateSubscriptionDownlo ads 3>&1 1>/dev/null 2>&3 \| perl -pe 's/^/\"[\" . scalar localtime() . \"] \"/e' >> /tmp/subscription_errors && chmod 666 /tmp/subscription_errors 2>/dev/null",	100 command => "python -m sitescripts.subscriptions.bin.updateSubscriptionDownlo ads 3>&1 1>/dev/null 2>&3 \| perl -pe 's/^/\"[\" . scalar localtime() . \"] \"/e' >> /tmp/subscription_errors && chmod 666 /tmp/subscription_errors 2>/dev/null",

128 user => rsync,	101 user => rsync,

129 require => [	102 require => User['rsync'],

130 User['rsync']	103 minute => '*/10'

131 ],

132 minute => '*/10'

133 }	104 }

134 »	105
Felix Dahlke 2013/11/08 08:55:58 One empty line is enough. One empty line is enough. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > One empty line is enough. Done.
135 »	106 cron {'update_malware':

136 cron { updateMalware:

137 ensure => present,	107 ensure => present,

138 command => "python -m sitescripts.subscriptions.bin.updateMalwareDomainsList ",	108 command => "python -m sitescripts.subscriptions.bin.updateMalwareDomainsList ",

139 user => rsync,	109 user => rsync,

	110 require => User['rsync'],

	111 hour => '*/6',

	112 minute => 15

	113 }

	114

	115 cron {'update_repos':

	116 ensure => present,

	117 command => "/home/rsync/update_repos.sh",

	118 user => rsync,

140 require => [	119 require => [

141 User['rsync']	120 User['rsync'],

	121 File['/home/rsync/update_repos.sh']

142 ],	122 ],

143 hour => '*/6',	123 minute => '8-58/10'

144 minute => 15

145 }	124 }

146	125

147 # cron { forwardErrors:
Felix Dahlke 2013/11/08 08:55:58 Please remove this code, it's commented out anyway Please remove this code, it's commented out anyway. christian 2013/11/08 11:36:56 Done. Show quoted text On 2013/11/08 08:55:58, Felix H. Dahlke wrote: > Please remove this code, it's commented out anyway. Done.
148 # ensure => present,

149 # command => "/srv/www/vhosts/adblockplus.org/files/forward_subscription _errors.sh",

150 # user => rsync,

151 # require => [

152 # User['rsync']

153 # ],

154 # hour => 0,

155 # minute => 0

156 # }

157

158 class {'sitescripts':	126 class {'sitescripts':

159 sitescriptsini_source => 'puppet:///modules/filtermaster/sitescripts.ini'	127 sitescriptsini_source => 'puppet:///modules/filtermaster/sitescripts'

160 }	128 }

161	129 }

162 }»

LEFT	RIGHT