BBlack has uploaded a new change for review. https://gerrit.wikimedia.org/r/203560
Change subject: cache.pp cleanup: fully qualify ssl-related definition names ...................................................................... cache.pp cleanup: fully qualify ssl-related definition names Change-Id: I95e90f044aaa878d73349885aebbdc1633becb9a --- M manifests/role/cache.pp 1 file changed, 9 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/60/203560/1 diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index 4cb8d7d..99a13cf 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -487,7 +487,7 @@ } } -define localssl($certname, $do_ocsp=false, $server_name=$::fqdn, $server_aliases=[], $default_server=false) { +define role::cache::localssl($certname, $do_ocsp=false, $server_name=$::fqdn, $server_aliases=[], $default_server=false) { # Assumes that LVS service IPs are setup elsewhere install_certificate { $certname: @@ -510,14 +510,14 @@ include certificates::wmf_ca_2014_2017 include role::protoproxy::ssl::common - localssl { 'unified': + role::cache::localssl { 'unified': certname => 'uni.wikimedia.org', default_server => true, do_ocsp => true, } - define sni_cert() { - localssl { $name: + define role::cache::ssl_sni::sni_cert() { + role::cache::localssl { $name: certname => "sni.${name}", server_name => $name, server_aliases => ["*.${name}"], @@ -525,7 +525,7 @@ } } - sni_cert { + role::cache::ssl_sni::sni_cert { 'zero.wikipedia.org':; 'm.wikipedia.org':; 'wikipedia.org':; @@ -571,7 +571,7 @@ include certificates::wmf_ca_2014_2017 include role::protoproxy::ssl::common - localssl { + role::cache::localssl { 'wikimedia.org': certname => 'sni.wikimedia.org', server_name => 'wikimedia.org', @@ -1401,16 +1401,16 @@ # Explicitly not adding wmf CA since it is not needed for now include role::protoproxy::ssl::common - localssl { 'unified': + role::cache::localssl { 'unified': certname => 'uni.wikimedia.org', default_server => true, } - localssl { 'wikimedia.org': + role::cache::localssl { 'wikimedia.org': certname => 'sni.wikimedia.org', server_name => 'wikimedia.org', server_aliases => ['*.wikimedia.org'], } - localssl { 'm.wikimedia.org': + role::cache::localssl { 'm.wikimedia.org': certname => 'sni.m.wikimedia.org', server_name => 'm.wikimedia.org', server_aliases => ['*.m.wikimedia.org'], -- To view, visit https://gerrit.wikimedia.org/r/203560 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I95e90f044aaa878d73349885aebbdc1633becb9a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits