BryanDavis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/230798
Change subject: logstash: fix ldap_bindpass
......................................................................
logstash: fix ldap_bindpass
I tried to move ldap_bindpass into hiera in Ia042191 but the scoped
lookup I used there doesn't work. It just passes an empty string to the
puppet class at runtime. As a quick fix, change back to the prior logic
of pulling the private password setting into scope inside the class
itself.
Change-Id: I2d45c21e227052cf705468fff1f02364a4686cb4
---
M hieradata/role/common/logstash.yaml
M manifests/role/kibana.pp
2 files changed, 3 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/98/230798/1
diff --git a/hieradata/role/common/logstash.yaml
b/hieradata/role/common/logstash.yaml
index f77985e..9aac92d 100644
--- a/hieradata/role/common/logstash.yaml
+++ b/hieradata/role/common/logstash.yaml
@@ -45,7 +45,6 @@
role::kibana::auth_type: ldap
role::kibana::auth_realm: WMF Labs (use wiki login name not shell) -
nda/ops/wmf
role::kibana::ldap_authurl: ldaps://ldap-eqiad.wikimedia.org
ldap-codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn
-role::kibana::ldap_bindpass:
"%{scope('passwords::ldap::production::proxypass')}"
role::kibana::ldap_binddn: cn=proxyagent,ou=profile,dc=wikimedia,dc=org
role::kibana::ldap_groups:
- cn=ops,ou=groups,dc=wikimedia,dc=org
diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp
index 5b8d5e8..7616e8b 100644
--- a/manifests/role/kibana.pp
+++ b/manifests/role/kibana.pp
@@ -14,7 +14,6 @@
# - $auth_realm: HTTP basic auth realm description
# - $auth_file: Path to htpasswd file for $auth_type == 'local'
# - $ldap_authurl: AuthLDAPURL for $auth_type == 'ldap'
-# - $ldap_bindpass: AuthLDAPBindPassword for $auth_type == 'ldap'
# - $ldap_binddn: AuthLDAPBindDN for $auth_type == 'ldap'
# - $ldap_groups: List of ldap-group names for $auth_type == 'ldap'
#
@@ -28,7 +27,6 @@
$auth_realm = undef,
$auth_file = undef,
$ldap_authurl = undef,
- $ldap_bindpass = undef,
$ldap_binddn = undef,
$ldap_groups = [],
) {
@@ -46,6 +44,9 @@
include ::apache::mod::authnz_ldap
include ::passwords::ldap::production
+ # FIXME: move this into hiera config
+ $ldap_bindpass = $passwords::ldap::production::proxypass
+
} elsif $auth_type == 'local' {
include ::apache::mod::authz_groupfile
include ::apache::mod::authz_user
--
To view, visit https://gerrit.wikimedia.org/r/230798
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2d45c21e227052cf705468fff1f02364a4686cb4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
