From 3be22cf5ec6fee57f82b1dd61e1ca83cbaf623b8 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Mon, 24 Mar 2014 07:07:33 -0700 Subject: [PATCH] Load storyboard superusers from yaml file There are actions, such as deleting projects, that should only be done by superusers. For that to work, we need to have superusers. Change-Id: I827446788ca53018a6d2c76eaf667b6fe4065f80 --- .../files/storyboard/superusers.yaml | 14 +++++++++++ .../openstack_project/manifests/storyboard.pp | 2 ++ modules/storyboard/manifests/init.pp | 24 +++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 modules/openstack_project/files/storyboard/superusers.yaml diff --git a/modules/openstack_project/files/storyboard/superusers.yaml b/modules/openstack_project/files/storyboard/superusers.yaml new file mode 100644 index 0000000000..d19be315a0 --- /dev/null +++ b/modules/openstack_project/files/storyboard/superusers.yaml @@ -0,0 +1,14 @@ +- openid: https://login.launchpad.net/+id/mPsHkf3 + email: krotscheck@gmail.com +- openid: https://login.launchpad.net/+id/eMmhAdr + email: slukjanov@mirantis.com +- openid: https://login.launchpad.net/+id/cWwF3rJ + email: corvus@gnu.org +- openid: https://login.launchpad.net/+id/4dfrAmY + email: mordred@inaugust.com +- openid: https://login.launchpad.net/+id/43rCcdx + email: fungi@yuggoth.org +- openid: https://login.launchpad.net/+id/GAyNmDX + email: thierry@openstack.org +- openid: https://login.launchpad.net/+id/DJtBT7D + email: clark.boylan@gmail.com diff --git a/modules/openstack_project/manifests/storyboard.pp b/modules/openstack_project/manifests/storyboard.pp index bc395bb0b2..bcd6cf9190 100644 --- a/modules/openstack_project/manifests/storyboard.pp +++ b/modules/openstack_project/manifests/storyboard.pp @@ -20,6 +20,8 @@ class openstack_project::storyboard( mysql_user => $mysql_user, projects_file => 'puppet:///modules/openstack_project/review.projects.yaml', + superusers_file => + 'puppet:///modules/openstack_project/storyboard/superusers.yaml', ssl_cert_file => '/etc/ssl/certs/storyboard.openstack.org.pem', ssl_key_file => diff --git a/modules/storyboard/manifests/init.pp b/modules/storyboard/manifests/init.pp index 97f71f0b6d..560cb77129 100644 --- a/modules/storyboard/manifests/init.pp +++ b/modules/storyboard/manifests/init.pp @@ -20,6 +20,7 @@ class storyboard ( $mysql_password, $mysql_user, $projects_file, + $superusers_file, $ssl_cert_file, $ssl_key_file, $ssl_chain_file, @@ -100,6 +101,18 @@ class storyboard ( ], } + file { '/etc/storyboard/superusers.yaml': + ensure => present, + owner => 'storyboard', + mode => '0400', + source => $superusers_file, + replace => true, + require => [ + File['/etc/storyboard'], + User['storyboard'], + ], + } + exec { 'migrate-storyboard-db': command => 'storyboard-db-manage --config-file /etc/storyboard/storyboard.conf upgrade head', path => '/usr/local/bin:/usr/bin:/bin/', @@ -121,6 +134,17 @@ class storyboard ( ], } + exec { 'load-superusers-yaml': + command => 'storyboard-db-manage --config-file /etc/storyboard/storyboard.conf load_superusers /etc/storyboard/superusers.yaml', + path => '/usr/local/bin:/usr/bin:/bin/', + refreshonly => true, + subscribe => File['/etc/storyboard/superusers.yaml'], + require => [ + File['/etc/storyboard/superusers.yaml'], + Exec['migrate-storyboard-db'], + ], + } + file { '/var/log/storyboard': ensure => directory, owner => 'storyboard',