modules/filtermaster/manifests/init.pp - Issue 6029451183783936: Add Filtermaster

Delta Between Two Patch Sets: modules/filtermaster/manifests/init.pp

Issue 6029451183783936: Add Filtermaster (Closed)

Left Patch Set: Use a define for the repo download Created Nov. 8, 2013, 2:35 p.m.

Right Patch Set: All Done Created Nov. 14, 2013, 3:26 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 class filtermaster {	1 class filtermaster {

2 Cron {	2 Cron {

3 environment => ['MAILTO=ROOT', 'PYTHONPATH=/opt/sitescripts'],	3 #TODO change email
Wladimir Palant 2013/11/08 15:32:06 Add a TODO comment so that you don't forget to cha Add a TODO comment so that you don't forget to change the MAILTO variable before committing? christian 2013/11/08 16:25:01 Done. Show quoted text On 2013/11/08 15:32:06, Wladimir Palant wrote: > Add a TODO comment so that you don't forget to change the MAILTO variable before > committing? Done.
	4 environment => ['MAILTO=root', 'PYTHONPATH=/opt/sitescripts'],

4 }	5 }

5 »	6

6 class {'ssh':	7 class {'ssh':

7 custom_configuration => 'Match User rsync	8 custom_configuration => 'Match User rsync

8 AllowTcpForwarding no	9 AllowTcpForwarding no

9 X11Forwarding no	10 X11Forwarding no

10 AllowAgentForwarding no	11 AllowAgentForwarding no

11 GatewayPorts no	12 GatewayPorts no

12 ForceCommand rsync --server --sender -vltprz --delete-excluded --exclude CVS . /home/rsync/subscriptions/'	13 ForceCommand rsync --server --sender -vltprz --delete-excluded . /home/rsync /generated/data/'
Wladimir Palant 2013/11/08 15:32:06 /home/rsync/subscriptions isn't what you want to s /home/rsync/subscriptions isn't what you want to sync, /home/rsync/subscriptions/files/subscriptions is (as per your sitescripts.ini). --exclude CVS is unnecessary, you don't have CVS syncing any more. Note: there is a change under review (http://codereview.adblockplus.org/28037010/), once it is committed there will be an additional data/ at the end of the path. christian 2013/11/08 16:25:01 Done. Show quoted text On 2013/11/08 15:32:06, Wladimir Palant wrote: > /home/rsync/subscriptions isn't what you want to sync, > /home/rsync/subscriptions/files/subscriptions is (as per your sitescripts.ini). > > --exclude CVS is unnecessary, you don't have CVS syncing any more. > > Note: there is a change under review > (http://codereview.adblockplus.org/28037010/), once it is committed there will > be an additional data/ at the end of the path. Done.
13 }	14 }

14	15

15 user {'rsync':	16 user {'rsync':

16 ensure => present,	17 ensure => present,

17 comment => 'Filter list mirror user',	18 comment => 'Filter list mirror user',

18 home => '/home/rsync',	19 home => '/home/rsync',

19 managehome => true	20 managehome => true

20 }	21 }

21 »	22

	23 file {'/home/rsync/update_repos.sh':

	24 ensure => file,

	25 owner => rsync,

	26 mode => 0700,

	27 source => 'puppet:///modules/filtermaster/update_repos.sh'

	28 }

	29

	30 file {'/home/rsync/subscription':

	31 ensure => directory,

	32 owner => rsync

	33 }

	34

	35 file {'/home/rsync/generated':

	36 ensure => directory,

	37 owner => rsync

	38 }

	39

22 file {'/home/rsync/.ssh':	40 file {'/home/rsync/.ssh':

23 ensure => directory,	41 ensure => directory,

24 require => User['rsync'],

25 owner => rsync,	42 owner => rsync,

26 mode => 0600	43 mode => 0600

27 }	44 }

28 »	45

29 file {'/home/rsync/.ssh/authorized_keys':	46 file {'/home/rsync/.ssh/authorized_keys':

30 ensure => file,	47 ensure => file,

31 require => [

32 File['/home/rsync/.ssh'],

33 User['rsync']

34 ],

35 owner => rsync,	48 owner => rsync,

36 mode => 0600,	49 mode => 0600,

37 source => 'puppet:///modules/filtermaster/authorized_keys'	50 source => 'puppet:///modules/private/rsync@easylist-downloads.adblockplus.or g.pub'

38 }	51 }

39	52

40 file {'/etc/sitescripts':	53 file {'/etc/ssh/ssh_host_rsa_key':

	54 require => Package['openssh-server'],

	55 notify => Service['ssh'],

41 ensure => file,	56 ensure => file,

42 owner => root,	57 owner => root,

43 mode => 0644,	58 group => root,

44 source => 'puppet:///modules/filtermaster/sitescripts'	59 source => 'puppet:///modules/private/filtermaster.adblockplus.org_ssh.key'

45 }	60 }

46	61

47 #donwload the repos	62 file {'/etc/ssh/ssh_host_rsa_key.pub':
Wladimir Palant 2013/11/08 15:32:06 Typo: donwload => download Typo: donwload => download Felix Dahlke 2013/11/08 15:49:39 I'd actually remove this, "repo_download" pretty m Show quoted text On 2013/11/08 15:32:06, Wladimir Palant wrote: > Typo: donwload => download I'd actually remove this, "repo_download" pretty much says it all. christian 2013/11/08 16:25:01 Done. Show quoted text On 2013/11/08 15:32:06, Wladimir Palant wrote: > Typo: donwload => download Done.
	63 require => Package['openssh-server'],

	64 notify => Service['ssh'],

	65 ensure => file,

	66 owner => root,

	67 group => root,

	68 source => 'puppet:///modules/private/filtermaster.adblockplus.org_ssh.pub'

	69 }

48	70

49 define repo_download( $name ) {	71 package {['p7zip-full']:}

50 exec { "fetch_${title}":	72

51 command => "hg clone https://hg.adblockplus.org/${name} /home/rsync/subsc ription/${name}",	73 define repo_download() {

	74 exec {"fetch_${title}":

	75 command => "hg clone https://hg.adblockplus.org/${title} /home/rsync/subsc ription/${title}",

52 path => ["/usr/bin/", "/bin/"],	76 path => ["/usr/bin/", "/bin/"],

53 require => Package['mercurial'],	77 require => Package['mercurial'],

54 user => rsync,	78 user => rsync,

55 timeout => 0,	79 timeout => 0,

56 onlyif => "test ! -d /home/rsync/subscription/${name}"	80 onlyif => "test ! -d /home/rsync/subscription/${title}"

57 }	81 }
Wladimir Palant 2013/11/08 15:32:06 What about a cron job to update these repositories What about a cron job to update these repositories? christian 2013/11/08 16:25:01 Don't "updateSubscriptionDownloads" update all rep Show quoted text On 2013/11/08 15:32:06, Wladimir Palant wrote: > What about a cron job to update these repositories? Don't "updateSubscriptionDownloads" update all repos? Is there a need for an additional cron job?
58 }	82 }

59	83

60 repo_download {'easylist':	84 repo_download {['easylist',

61 name => "easylist"	85 'easylistgermany',

	86 'easylistitaly',

	87 'easylistcombinations',

	88 'malwaredomains',

	89 'ruadlist',

	90 'listefr',

	91 'exceptionrules',

	92 'easylistdutch',

	93 'facebookfilters',

	94 'antiadblockfilters'

	95 ]:

62 }	96 }

63	97

64 repo_download {'easylist_germany':	98 cron {'update_subscription':

65 name => "easylistgermany"	99 ensure => present,
Wladimir Palant 2013/11/08 15:32:06 This looks redundant, why not drop the $name param This looks redundant, why not drop the $name parameter and only use $title? Then it would simply be: repo_download {'easylistgermany': } Felix Dahlke 2013/11/08 15:49:39 Yes, then you could actually do this: repo_downlo Show quoted text On 2013/11/08 15:32:06, Wladimir Palant wrote: > This looks redundant, why not drop the $name parameter and only use $title? Then > it would simply be: > > repo_download {'easylistgermany': } Yes, then you could actually do this: repo_download {['easylistgermany', 'easylist_italy', '...']: }
	100 command => "python -m sitescripts.subscriptions.bin.updateSubscriptionDownlo ads 3>&1 1>/dev/null 2>&3 \| perl -pe 's/^/\"[\" . scalar localtime() . \"] \"/e' >> /tmp/subscription_errors && chmod 666 /tmp/subscription_errors 2>/dev/null",

	101 user => rsync,

	102 require => User['rsync'],

	103 minute => '*/10'

	104 }

	105

	106 cron {'update_malware':

	107 ensure => present,

	108 command => "python -m sitescripts.subscriptions.bin.updateMalwareDomainsList ",

	109 user => rsync,

	110 require => User['rsync'],

	111 hour => '*/6',

	112 minute => 15

	113 }

	114

	115 cron {'update_repos':

	116 ensure => present,

	117 command => "/home/rsync/update_repos.sh",

	118 user => rsync,

	119 require => [

	120 User['rsync'],

	121 File['/home/rsync/update_repos.sh']

	122 ],

	123 minute => '8-58/10'

66 }	124 }

67	125

68 repo_download {'easylist_italy':	126 class {'sitescripts':

69 name => "easylistitaly"	127 sitescriptsini_source => 'puppet:///modules/filtermaster/sitescripts'

70 }	128 }

71	129 }

72 repo_download {'easylist_combinations':

73 name => "easylistcombinations"

74 }

75

76 repo_download {'malwaredomains':

77 name => "malwaredomains"

78 }

79

80 repo_download {'ruadlist':

81 name => "ruadlist"

82 }

83

84 repo_download {'listefr':

85 name => "listefr"

86 }

87

88 repo_download {'exceptionrules':

89 name => "exceptionrules"

90 }

91

92 cron {update_subscription:
Felix Dahlke 2013/11/08 15:49:39 Still needs to go in '' for consistency, same belo Still needs to go in '' for consistency, same below.
93 ensure => present,

94 command => "python -m sitescripts.subscriptions.bin.updateSubscriptionDownlo ads 3>&1 1>/dev/null 2>&3 \| perl -pe 's/^/\"[\" . scalar localtime() . \"] \"/e' >> /tmp/subscription_errors && chmod 666 /tmp/subscription_errors 2>/dev/null",

95 user => rsync,

96 require => [

97 User['rsync']

98 ],

99 minute => '*/10'

100 }

101 » »

102 cron {update_malware:

103 ensure => present,

104 command => "python -m sitescripts.subscriptions.bin.updateMalwareDomainsList ",

105 user => rsync,

106 require => [

107 User['rsync']

108 ],

109 hour => '*/6',

110 minute => 15

111 }

112 }»

LEFT	RIGHT