BBlack has uploaded a new change for review.
https://gerrit.wikimedia.org/r/161193
Change subject: Add role::cache::ssl::sni
......................................................................
Add role::cache::ssl::sni
Change-Id: Ia4bbdb00113dfe8c6740568c6ed0fa16e2c338a1
---
M manifests/role/cache.pp
1 file changed, 61 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/93/161193/1
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 9544675..4ab4a60 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -573,7 +573,7 @@
}
}
- class ssl($sitename, $certname) {
+ class ssl($sitename, $certname, $default_server=false) {
include certificates::wmf_ca, role::protoproxy::ssl::common
# Assumes that LVS service IPs are setup elsewhere
@@ -582,7 +582,7 @@
# mapping; in other cases we should be OK with the raw name
$check_cert = $certname ? {
'unified.wikimedia.org' => '*.wikipedia.org',
- /^star\.(wiki[mp]edia\.org)$/ => "*.$1",
+ /^star\.(.+)$/ => "*.$1",
default => $certname
}
@@ -599,7 +599,7 @@
protoproxy::localssl { $sitename:
proxy_server_cert_name => $certname,
upstream_port => '80',
- default_server => true,
+ default_server => $default_server,
enabled => true,
}
}
@@ -608,6 +608,64 @@
class { '::role::cache::ssl':
sitename => 'unified',
certname => 'unified.wikimedia.org',
+ default_server => true,
+ }
+ }
+
+ # To replace ssl::unified above after testing...
+ class ssl::sni {
+ class { '::role::cache::ssl':
+ sitename => 'unified',
+ certname => 'unified.wikimedia.org',
+ default_server => true,
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikipedia',
+ certname => 'star.wikipedia.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikimedia',
+ certname => 'star.wikimedia.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wiktionary',
+ certname => 'star.wiktionary.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikiquote',
+ certname => 'star.wikiquote.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikibooks',
+ certname => 'star.wikibooks.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikisource',
+ certname => 'star.wikisource.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikinews',
+ certname => 'star.wikinews.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikiversity',
+ certname => 'star.wikiversity.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikimediafoundation',
+ certname => 'star.wikimediafoundation.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikidata',
+ certname => 'star.wikidata.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikivoyage',
+ certname => 'star.wikivoyage.org',
+ }
+ class { '::role::cache::ssl':
+ sitename => 'star-wikibooks',
+ certname => 'star.wikibooks.org',
}
}
--
To view, visit https://gerrit.wikimedia.org/r/161193
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia4bbdb00113dfe8c6740568c6ed0fa16e2c338a1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
