[MediaWiki-commits] [Gerrit] ishmael behind varnish, make neon a backend - change (operations/puppet)

[Dzahn (Code Review)]

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/154969

Change subject: ishmael behind varnish, make neon a backend
......................................................................

ishmael behind varnish, make neon a backend

- put ishmael.wikimedia.org behind misc. varnish

- in order to do that, make neon a varnish backend
  (even if neon has a public IP)

- delete the SSL part of the Apache config which
  is now not handled by Apache anymore, copy
  the setup from the :443 part over to :80

this runs on 'neon', which is also: icinga and tendril

Change-Id: I653e1b303d76f5e339281601b1b451e564720ac4
---
M manifests/role/cache.pp
M modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
M templates/varnish/misc.inc.vcl.erb
3 files changed, 4 insertions(+), 15 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/69/154969/1

diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 223e773..f39994f 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -1425,6 +1425,7 @@
                 'logstash1003.eqiad.wmnet',
                 'radon.eqiad.wmnet', # phab instance for legal
                 'iridium.eqiad.wmnet', # main phab
+                'neon.wikimedia.org', # monitoring tools (icinga et al)
             ],
             backend_options => [
             {
diff --git a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb 
b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
index 20c8277..4888a89 100644
--- a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
+++ b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
@@ -2,15 +2,9 @@
 # !! this file is managed by puppet !!
 
 NameVirtualHost *:80
-NameVirtualHost *:443
 
-<VirtualHost *:443>
+<VirtualHost *:80>
     ServerName <%= @site_name %>
-    SSLEngine On
-    SSLCertificateFile /etc/ssl/private/ishmael.wikimedia.org.pem
-    SSLCertificateKeyFile /etc/ssl/private/ishmael.wikimedia.org.key
-    SSLCACertificateFile /etc/ssl/certs/RapidSSL_CA.pem
-    <%= @ssl_settings.join("\n") %>
     DocumentRoot <%= @docroot %>
 
     <Directory "<%= @docroot %>">
@@ -33,11 +27,3 @@
     </Directory>
 </VirtualHost>
 
-<VirtualHost *:80>
-    ServerName <%= @site_name %>
-    DocumentRoot <%= @docroot %>
-
-    RewriteEngine on
-    RewriteCond %{SERVER_PORT} !^443$
-    RewriteRule ^/(.*)$ https://<%= @site_name %>/$1 [L,R]
-</VirtualHost>
diff --git a/templates/varnish/misc.inc.vcl.erb 
b/templates/varnish/misc.inc.vcl.erb
index 2293b62..191735f 100644
--- a/templates/varnish/misc.inc.vcl.erb
+++ b/templates/varnish/misc.inc.vcl.erb
@@ -28,6 +28,8 @@
                set req.backend = iridium;
        } elsif (req.http.Host == "contacts.wikimedia.org") {
                set req.backend = zirconium;
+       } elsif (req.http.Host == "ishmael.wikimedia.org") {
+               set req.backend = neon;
        } else {
                error 404 "Domain not served here";
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/154969
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I653e1b303d76f5e339281601b1b451e564720ac4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits