Filippo Giunchedi has submitted this change and it was merged. Change subject: logstash: fix ldap_bindpass ......................................................................
logstash: fix ldap_bindpass I tried to move ldap_bindpass into hiera in Ia042191 but the scoped lookup I used there doesn't work. It just passes an empty string to the puppet class at runtime. As a quick fix, change back to the prior logic of pulling the private password setting into scope inside the class itself. Change-Id: I2d45c21e227052cf705468fff1f02364a4686cb4 --- M hieradata/role/common/logstash.yaml M manifests/role/kibana.pp 2 files changed, 3 insertions(+), 3 deletions(-) Approvals: Filippo Giunchedi: Verified; Looks good to me, approved diff --git a/hieradata/role/common/logstash.yaml b/hieradata/role/common/logstash.yaml index f77985e..9aac92d 100644 --- a/hieradata/role/common/logstash.yaml +++ b/hieradata/role/common/logstash.yaml @@ -45,7 +45,6 @@ role::kibana::auth_type: ldap role::kibana::auth_realm: WMF Labs (use wiki login name not shell) - nda/ops/wmf role::kibana::ldap_authurl: ldaps://ldap-eqiad.wikimedia.org ldap-codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn -role::kibana::ldap_bindpass: "%{scope('passwords::ldap::production::proxypass')}" role::kibana::ldap_binddn: cn=proxyagent,ou=profile,dc=wikimedia,dc=org role::kibana::ldap_groups: - cn=ops,ou=groups,dc=wikimedia,dc=org diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp index 5b8d5e8..7616e8b 100644 --- a/manifests/role/kibana.pp +++ b/manifests/role/kibana.pp @@ -14,7 +14,6 @@ # - $auth_realm: HTTP basic auth realm description # - $auth_file: Path to htpasswd file for $auth_type == 'local' # - $ldap_authurl: AuthLDAPURL for $auth_type == 'ldap' -# - $ldap_bindpass: AuthLDAPBindPassword for $auth_type == 'ldap' # - $ldap_binddn: AuthLDAPBindDN for $auth_type == 'ldap' # - $ldap_groups: List of ldap-group names for $auth_type == 'ldap' # @@ -28,7 +27,6 @@ $auth_realm = undef, $auth_file = undef, $ldap_authurl = undef, - $ldap_bindpass = undef, $ldap_binddn = undef, $ldap_groups = [], ) { @@ -46,6 +44,9 @@ include ::apache::mod::authnz_ldap include ::passwords::ldap::production + # FIXME: move this into hiera config + $ldap_bindpass = $passwords::ldap::production::proxypass + } elsif $auth_type == 'local' { include ::apache::mod::authz_groupfile include ::apache::mod::authz_user -- To view, visit https://gerrit.wikimedia.org/r/230798 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I2d45c21e227052cf705468fff1f02364a4686cb4 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BryanDavis <bda...@wikimedia.org> Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits