diff --git a/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp b/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp index 3d7de9c4..fa3bc54f 100644 --- a/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp +++ b/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp @@ -1,35 +1,35 @@ # Deployment of the swh.counters.journal_client class profile::swh::deploy::counters::journal_client { include ::profile::swh::deploy::base_counters include ::profile::swh::deploy::journal $config_file = lookup('swh::deploy::counters::journal_client::config_file') $config = lookup('swh::deploy::counters::journal_client::config') $user = lookup('swh::deploy::base_counters::user') $group = lookup('swh::deploy::base_counters::group') $service_name = 'swh-counters-journal-client' $unit_name = "${service_name}.service" file {$config_file: ensure => present, owner => 'root', group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } # Template uses variables # - $user # - $group # ::systemd::unit_file {$unit_name: ensure => present, content => template("profile/swh/deploy/journal/${unit_name}.erb"), } ~> service {$service_name: ensure => running, enable => true, } } diff --git a/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp b/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp index bdc04100..c1e5c183 100644 --- a/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp +++ b/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp @@ -1,37 +1,37 @@ # Deployment of the swh.indexer.journal_client class profile::swh::deploy::indexer_journal_client { include ::profile::swh::deploy::base_indexer include ::profile::swh::deploy::journal $config_file = lookup('swh::deploy::indexer_journal_client::config_file') $config_directory = lookup('swh::deploy::base_indexer::config_directory') $config_path = "${config_directory}/${config_file}" $config = lookup('swh::deploy::indexer_journal_client::config') $user = lookup('swh::deploy::indexer_journal_client::user') $group = lookup('swh::deploy::indexer_journal_client::group') $service_name = 'swh-indexer-journal-client' $unit_name = "${service_name}.service" file {$config_path: ensure => present, owner => 'root', group => 'swhdev', - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } # Template uses variables # - $user # - $group # ::systemd::unit_file {$unit_name: ensure => present, content => template("profile/swh/deploy/journal/${unit_name}.erb"), } ~> service {$service_name: ensure => running, enable => true, } } diff --git a/site-modules/profile/manifests/swh/deploy/journal/backfill.pp b/site-modules/profile/manifests/swh/deploy/journal/backfill.pp index 6e57f91a..e52a8f6a 100644 --- a/site-modules/profile/manifests/swh/deploy/journal/backfill.pp +++ b/site-modules/profile/manifests/swh/deploy/journal/backfill.pp @@ -1,31 +1,31 @@ # Deployment of journal backfill configuration class profile::swh::deploy::journal::backfill { include profile::swh::deploy::base_storage include profile::swh::deploy::journal $config_path = lookup('swh::deploy::journal::backfill::config_file') $config = lookup('swh::deploy::journal::backfill::config') $config_logging_path = lookup('swh::deploy::journal::backfill::config_logging_file') $config_logging = lookup('swh::deploy::journal::backfill::config_logging') $user = lookup('swh::deploy::journal::backfill::user') $group = lookup('swh::deploy::journal::backfill::group') file {$config_path: ensure => present, owner => $user, group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n") } file {$config_logging_path: ensure => present, owner => $user, group => $group, mode => '0644', content => inline_template("<%= @config_logging.to_yaml %>\n") } } diff --git a/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp b/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp index 3a9e8aea..67b79f27 100644 --- a/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp +++ b/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp @@ -1,35 +1,35 @@ # Deployment of the swh.search.journal_client class profile::swh::deploy::scheduler::journal_client { include ::profile::swh::deploy::base_scheduler include ::profile::swh::deploy::journal $config_file = lookup('swh::deploy::scheduler::journal_client::config_file') $config = lookup('swh::deploy::scheduler::journal_client::config') $user = lookup('swh::deploy::scheduler::journal_client::user') $group = lookup('swh::deploy::scheduler::journal_client::group') $service_name = 'swh-scheduler-journal-client' $unit_name = "${service_name}.service" file {$config_file: ensure => present, owner => 'root', group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } # Template uses variables # - $user # - $group # ::systemd::unit_file {$unit_name: ensure => present, content => template("profile/swh/deploy/journal/${unit_name}.erb"), } ~> service {$service_name: ensure => running, enable => true, } } diff --git a/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp b/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp index cdc1438c..eee5ef1c 100644 --- a/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp +++ b/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp @@ -1,53 +1,53 @@ # Instance of a worker define profile::swh::deploy::search::journal_client_instance ( $ensure = present, $instance_name = $title, ) { include profile::swh::deploy::base_search $service_name = "swh-search-journal-client@${instance_name}" $config_path = lookup("swh::deploy::search::journal_client::${instance_name}::config_file") $config = lookup("swh::deploy::search::journal_client::${instance_name}::config", Hash, 'deep') $user = lookup('swh::deploy::base_search::user') $group = lookup('swh::deploy::base_search::group') case $ensure { 'present', 'running': { file {$config_path: ensure => 'present', owner => $user, group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } if $ensure == 'running' { $service_ensure = 'running' } else { $service_ensure = undef } service {$service_name: ensure => $service_ensure, enable => true, require => [ File[$config_path], ] } } default: { # clean up service {$service_name: ensure => absent, } -> file {$config_path: ensure => absent, } } } } diff --git a/site-modules/profile/manifests/swh/deploy/worker/instance.pp b/site-modules/profile/manifests/swh/deploy/worker/instance.pp index 7bf82172..1c3bdd5d 100644 --- a/site-modules/profile/manifests/swh/deploy/worker/instance.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/instance.pp @@ -1,84 +1,84 @@ # Instance of a worker define profile::swh::deploy::worker::instance ( $ensure = present, $instance_name = $title, $sentry_name = $title, $limit_no_file = undef, $private_tmp = undef, $merge_policy = 'deep', ) { include ::profile::swh::deploy::worker::base $service_basename = "swh-worker@${instance_name}" $service_name = "${service_basename}.service" $concurrency = lookup("swh::deploy::worker::${instance_name}::concurrency") $max_tasks_per_child = lookup("swh::deploy::worker::${instance_name}::max_tasks_per_child", Integer, first, 5) $loglevel = lookup("swh::deploy::worker::${instance_name}::loglevel") $config_file = lookup("swh::deploy::worker::${instance_name}::config_file") $config = lookup("swh::deploy::worker::${instance_name}::config", Hash, $merge_policy) $sentry_dsn = lookup("swh::deploy::${sentry_name}::sentry_dsn", Optional[String], 'first', undef) $sentry_environment = lookup("swh::deploy::${sentry_name}::sentry_environment", Optional[String], 'first', undef) $sentry_swh_package = lookup("swh::deploy::${sentry_name}::sentry_swh_package", Optional[String], 'first', undef) $celery_hostname = $::profile::swh::deploy::worker::base::celery_hostname case $ensure { 'present', 'running': { # Uses variables # - $concurrency # - $loglevel # - $max_tasks_per_child # - $celery_hostname # - $sentry_{dsn,environment,swh_package} ::systemd::dropin_file {"${service_basename}/parameters.conf": ensure => present, unit => $service_name, filename => 'parameters.conf', content => template('profile/swh/deploy/worker/parameters.conf.erb'), } file {$config_file: ensure => 'present', owner => 'swhworker', group => 'swhworker', - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), } if $ensure == 'running' { $service_ensure = 'running' } else { $service_ensure = undef } service {$service_basename: ensure => $service_ensure, enable => true, require => [ File[$config_file], ] } profile::cron::d {"swh-worker-${instance_name}-autorestart": command => "chronic /usr/local/sbin/swh-worker-ping-restart ${instance_name}@${celery_hostname} ${instance_name}", target => 'swh-worker', minute => 'fqdn_rand/15', require => File['/usr/local/sbin/swh-worker-ping-restart'], } } default: { ::systemd::dropin_file {"${service_basename}/parameters.conf": ensure => absent, unit => $service_name, filename => 'parameters.conf', } file {$config_file: ensure => absent, } } } }