[MediaWiki-commits] [Gerrit] r::c::ssl::misc: switch to r::c::localssl like prod SNI - change (operations/puppet)

Mon, 24 Nov 2014 09:23:08 -0800 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/175455

Change subject: r::c::ssl::misc: switch to r::c::localssl like prod SNI
......................................................................

r::c::ssl::misc: switch to r::c::localssl like prod SNI

Change-Id: Ia261825e50d6473e6ee78bd2af38ad8774863e9a
---
M manifests/role/cache.pp
1 file changed, 13 insertions(+), 24 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/55/175455/1

diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index fc7a0c2..c0f6463 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -609,34 +609,23 @@
         }
     }
 
-    class ssl::misc::certs {
-        install_certificate { ['sni.wikimedia.org', 
'star.wmfusercontent.org']: }
-    }
-
-    # This class sets up multiple sites with multiple SSL certs using SNI
+    # As above, but for misc instead of generic prod
     class ssl::misc {
+        #TODO: kill the old wmf_ca
+        include certificates::wmf_ca
+        include certificates::wmf_ca_2014_2017
         include role::protoproxy::ssl::common
-        require ::role::cache::ssl::misc::certs
 
-        # Assumes that LVS service IPs are setup elsewhere
-
-        protoproxy::localssl {
-            'wikimedia':
-                proxy_server_cert_name => 'sni.wikimedia.org',
-                server_name            => 'wikimedia.org',
-                server_aliases         => ['*.wikimedia.org'],
-                default_server         => true;
+        localssl {
+            'wikimedia.org':
+                certname => 'sni.wikimedia.org',
+                server_name => 'wikimedia.org',
+                server_aliases => ['*.wikimedia.org'],
+                default_server => true;
             'wmfusercontent.org':
-                proxy_server_cert_name => 'star.wmfusercontent.org',
-                server_name            => 'wmfusercontent.org',
-                server_aliases         => ['*.wmfusercontent.org'];
-        }
-
-        # FIXME: Icinga monitoring with support for SNI
-
-        monitoring::service { 'https':
-            description   => 'HTTPS',
-            check_command => "check_ssl_cert!*.wikimedia.org",
+                certname => 'star.wmfusercontent.org',
+                server_name => 'wmfusercontent.org',
+                server_aliases => ['*.wmfusercontent.org'],
         }
     }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/175455
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia261825e50d6473e6ee78bd2af38ad8774863e9a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to