New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Major Update to Work With 2.3.1 (latest) #172
Conversation
…ome of the old code to archive directory
…up of stanley user is complete
…cies comparied to shell scripts
This fixes #159 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the contribution! A lot of sync-up & overhaul work here.
I left a couple of comments to address.
Additionally, I think bumping the version 0.14.1
-> 1.0.0
is a bit of optimistic, - this module probably needs more iterations and testing from the users in the battlefield before we can tag it stable 1.0.0
. So I'd go more conservative path like 0.14.1
-> 0.2.0
, with faster iterations & version increase in future.
@@ -35,7 +36,7 @@ | |||
'repos' => 'main', | |||
'include_src' => false, | |||
'key' => '8756C4F765C9AC3CB6B85D62379CE192D401AB61', | |||
'key_source' => 'https://bintray.com/user/downloadSubjectPublicKey?username=bintray', | |||
'key_source' => 'https://bintray.com/user/downloadSubjectPublicKey?username=bintray' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bintray was an old try and not used anymore, - we use PackageCloud in favor of Bintray.
So all Bintray occurencies could be removed now.
@@ -12,7 +13,7 @@ | |||
'repos' => 'main', | |||
'include_src' => false, | |||
'key' => '1E26DCC8B9D4E6FCB65CC22E40A96AE06B8C7982', | |||
'key_source' => 'https://downloads.stackstorm.net/deb/pubkey.gpg', | |||
'key_source' => 'https://downloads.stackstorm.net/deb/pubkey.gpg' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything pointing to download.stackstorm.net
could be removed as well.
It's old st2 =< 0.13
repo, not available anymore.
CHANGELOG.md
Outdated
@@ -1,5 +1,137 @@ | |||
# Changelog | |||
|
|||
## 1.0.0 (Aug 6, 2017) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's still a way big road and more work till we can version it as 1.0.0
.
Could we tag it more conservatively, like 0.2.0
?
CHANGELOG.md
Outdated
|
||
#### manifests/auth_user.pp | ||
|
||
- Dependency issues here where the `htpasswd` file was sometimes trying to be created before the `/etc/st2` directory was created, and other times it was trying to be created after the st2 services had started. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we include for every new change listed in CHANGELOG if it's a bug, feature, enhancement or a breaking change?
manifests/pack.pp
Outdated
ensure => file, | ||
mode => '0440', | ||
mode => '0755', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need 0755
here? As I understand these are permissions for /opt/stackstorm/configs/*.yml
files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was just going by what's present in my "one liner" install:
# ls -al /opt/stackstorm/configs/
total 16
drwxr-xr-x. 2 st2 root 109 Jul 27 11:27 .
drwxr-xr-x. 11 root root 204 Aug 2 21:46 ..
-rwxr-xr-x. 1 st2 root 148 Jun 30 10:42 activedirectory.yaml
-rwxr-xr-x. 1 st2 root 72 Jun 29 23:16 digitalocean.yaml
-rwxr-xr-x. 1 st2 root 17 Jun 13 09:40 testconfigdefault.yaml
-rwxr-xr-x. 1 st2 root 162 Jun 7 13:01 vsphere.yaml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+x
flag is not needed on those yaml files, so 0640
should be fine.
manifests/params.pp
Outdated
@@ -190,10 +197,7 @@ | |||
} | |||
} elsif $::operatingsystem == 'Ubuntu' { | |||
$init_type = $::operatingsystemmajrelease ? { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we use init_type
somewhere when the init files are included in packaging?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No we don't, i'll removed this.
There are a few other variables in this params class that are unused. I'll try to clean them up the best i can.
For some reason it changing the permissions to
|
'priority' => '10', | ||
'content' => "%${_robots_group_name} ALL=(ALL) NOPASSWD: SETENV: ALL", | ||
# note: passes in $name variable into template | ||
'content' => template('st2/etc/sudoers.d/user.erb'), | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Under ubuntu xenial Vagrant, found that something breaks paswordless sudo for the default user after running the provisioner.
Will check later what's going on there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So before running the Puppet-st2
, I have the following:
ubuntu@ubuntu16:~$ sudo ls -la /etc/sudoers.d/
total 16
drwxr-x--- 2 root root 4096 Aug 8 15:35 .
drwxr-xr-x 91 root root 4096 Aug 8 15:35 ..
-r--r----- 1 root root 123 Aug 8 15:35 90-cloud-init-users
-r--r----- 1 root root 958 Mar 30 2016 README
Running the Puppet provisioner removes that file, - that's why it breaks exsiting sudoers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guessing if Puppet's sudo module has some default flag with removes previous sudo records.
@armab i still agree with your permissions decision, however i found the code in the base repo that sets these permissions to 775 https://github.com/StackStorm/st2/blob/master/contrib/packs/actions/pack_mgmt/download.py#L219-L238 For now i'll just ensure that the packs/ directory and all files under it are owned by group |
Removed several unused files. Updated code based on review from armab
1 similar comment
@nmaludy Thanks for the pointer! It turned into internal discussion with StackStorm team and StackStorm/st2#3660 we think we should enhance that in st2 core. |
@armab i fixed the problem with extra "unmanaged" This "purge prevention" will be the default behavior in this st2 module. My change also tries to be smart and externally compatible for users that wish to configure the sudo package however they like (maybe they want the purge feature). In this case the code detects if the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work 👍
As discussed before, we tag this version as 1.0.0-beta
, which will allow us to release bugfix version like 1.0.0-rc
(or 1.0.0-rc1
, 1.0.0-rc2
if needed) before stable 1.0.0
.
Major Update to Work With 2.3.1 (latest)
Intro
Lots of work has been done here and i'll try to summarize as best i can.
Overview
When starting work on this module it failed to install numerous components in the
profiles
directory. Most of this was due to failures in external packages (rabbitmq, mongodb, postgres, etc), dependency/ordering issues in the code (you'll see lots of updates to with -> ), and/or changes to the st2 code since the module was last updated.manifests/auth/standalone.pp
::st2
variables.htpasswd
file to be created after the st2 services were startingmanifests/auth_user.pp
htpasswd
file was sometimes trying to be created before the/etc/st2
directory was created, and other times it was trying to be created after the st2 services had started.manifests/init.pp
manifests/kv.pp
Service
resource was incorrectmanifests/notices.pp
manifests/pack.pp
manifests/params.pp
st2_server_packages
variable into various components to align more with what ansible-st2 and the "one liner" shell scripts do in their functions.st2_services
into its components similar tost2_server_packages
. FYI: The mistral services are handled by the mistral install instead of being grouped together intost2 server
.manifests/profile/client.pp
manifests/profile/fullinstall.pp
manifests/profile/mistral.pp
manifests/profile/mongodb.pp
manifests/profile/nginx.pp
manifests/profile/nodejs.pp
manifests/profile/postgresql.pp
manifests/profile/rabbitmq.pp
manifests/profile/repos.pp
manifests/profile/selinux.pp
manifests/profile/server.pp
manifests/profile/web.pp
manifests/rbac.pp
manifests/server/datastore_keys.pp
manifests/stanley.pp
manifests/user.pp
metadata.json
spec/*