Faidon Liambotis has submitted this change and it was merged. Change subject: certs: inline privatekey=false install_certificate ......................................................................
certs: inline privatekey=false install_certificate Inline sslcert::certificate on the handful install_certificate call sites where a privatekey isn't passed (all of them star.wmflabs.org ones) and remove the option from install_certificate altogether. Change-Id: I42dd380c72248086951471633806ebde9ad3d129 --- M manifests/certs.pp M manifests/role/labsproxy.pp M manifests/role/protoproxy.pp M modules/toollabs/manifests/proxy.pp M modules/toollabs/manifests/static.pp 5 files changed, 15 insertions(+), 22 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/certs.pp b/manifests/certs.pp index 95b9a63..f1abe10 100644 --- a/manifests/certs.pp +++ b/manifests/certs.pp @@ -1,13 +1,6 @@ -define install_certificate( - $privatekey=true, -) { +define install_certificate { sslcert::certificate { $name: - source => "puppet:///files/ssl/${name}.crt", - } - - if ( $privatekey == true ) { - Sslcert::Certificate[$name] { - private => "puppet:///private/ssl/${name}.key", - } + source => "puppet:///files/ssl/${name}.crt", + private => "puppet:///private/ssl/${name}.key", } } diff --git a/manifests/role/labsproxy.pp b/manifests/role/labsproxy.pp index 97383c3..2bb3493 100644 --- a/manifests/role/labsproxy.pp +++ b/manifests/role/labsproxy.pp @@ -1,17 +1,17 @@ # A dynamic HTTP routing proxy, based on nginx+lua+redis class role::dynamicproxy::eqiad { - install_certificate{ 'star.wmflabs.org': - privatekey => false - } - include base::firewall + + sslcert::certificate { 'star.wmflabs.org': + source => 'puppet:///files/ssl/star.wmflabs.org.crt', + } class { '::dynamicproxy': ssl_certificate_name => 'star.wmflabs.org', ssl_settings => ssl_ciphersuite('nginx', 'compat'), set_xff => true, luahandler => 'domainproxy', - require => Install_certificate['star.wmflabs.org'] + require => Sslcert::Certificate['star.wmflabs.org'], } include dynamicproxy::api } diff --git a/manifests/role/protoproxy.pp b/manifests/role/protoproxy.pp index e18414a..8ff7e10 100644 --- a/manifests/role/protoproxy.pp +++ b/manifests/role/protoproxy.pp @@ -42,8 +42,8 @@ include standard include role::protoproxy::ssl::common - install_certificate { 'star.wmflabs.org': - privatekey => false, + sslcert::certificate { 'star.wmflabs.org': + source => 'puppet:///files/ssl/star.wmflabs.org.crt', } } diff --git a/modules/toollabs/manifests/proxy.pp b/modules/toollabs/manifests/proxy.pp index 0d1911d..2594bed 100644 --- a/modules/toollabs/manifests/proxy.pp +++ b/modules/toollabs/manifests/proxy.pp @@ -9,9 +9,9 @@ include base::firewall if $ssl_install_certificate { - install_certificate { $ssl_certificate_name: - privatekey => false, - before => Class['::dynamicproxy'], + sslcert::certificate { $ssl_certificate_name: + source => "puppet:///files/ssl/$ssl_certificate_name.crt", + before => Class['::dynamicproxy'], } } diff --git a/modules/toollabs/manifests/static.pp b/modules/toollabs/manifests/static.pp index 7114b7f..ad2939a 100644 --- a/modules/toollabs/manifests/static.pp +++ b/modules/toollabs/manifests/static.pp @@ -9,8 +9,8 @@ include toollabs::infrastructure if $ssl_certificate_name != false { - install_certificate { $ssl_certificate_name: - privatekey => false, + sslcert::certificate { $ssl_certificate_name: + source => "puppet:///files/ssl/$ssl_certificate_name.crt", } } -- To view, visit https://gerrit.wikimedia.org/r/217271 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I42dd380c72248086951471633806ebde9ad3d129 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Merlijn van Deen <valhall...@arctus.nl> Gerrit-Reviewer: Yuvipanda <yuvipa...@gmail.com> Gerrit-Reviewer: coren <mpellet...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits