[MediaWiki-commits] [Gerrit] logstash: fix ldap_bindpass - change (operations/puppet)

Tue, 11 Aug 2015 09:12:25 -0700 

Filippo Giunchedi has submitted this change and it was merged.

Change subject: logstash: fix ldap_bindpass
......................................................................


logstash: fix ldap_bindpass

I tried to move ldap_bindpass into hiera in Ia042191 but the scoped
lookup I used there doesn't work. It just passes an empty string to the
puppet class at runtime. As a quick fix, change back to the prior logic
of pulling the private password setting into scope inside the class
itself.

Change-Id: I2d45c21e227052cf705468fff1f02364a4686cb4
---
M hieradata/role/common/logstash.yaml
M manifests/role/kibana.pp
2 files changed, 3 insertions(+), 3 deletions(-)

Approvals:
  Filippo Giunchedi: Verified; Looks good to me, approved



diff --git a/hieradata/role/common/logstash.yaml 
b/hieradata/role/common/logstash.yaml
index f77985e..9aac92d 100644
--- a/hieradata/role/common/logstash.yaml
+++ b/hieradata/role/common/logstash.yaml
@@ -45,7 +45,6 @@
 role::kibana::auth_type: ldap
 role::kibana::auth_realm: WMF Labs (use wiki login name not shell) - 
nda/ops/wmf
 role::kibana::ldap_authurl: ldaps://ldap-eqiad.wikimedia.org 
ldap-codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn
-role::kibana::ldap_bindpass: 
"%{scope('passwords::ldap::production::proxypass')}"
 role::kibana::ldap_binddn: cn=proxyagent,ou=profile,dc=wikimedia,dc=org
 role::kibana::ldap_groups:
   - cn=ops,ou=groups,dc=wikimedia,dc=org
diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp
index 5b8d5e8..7616e8b 100644
--- a/manifests/role/kibana.pp
+++ b/manifests/role/kibana.pp
@@ -14,7 +14,6 @@
 # - $auth_realm: HTTP basic auth realm description
 # - $auth_file: Path to htpasswd file for $auth_type == 'local'
 # - $ldap_authurl: AuthLDAPURL for $auth_type == 'ldap'
-# - $ldap_bindpass: AuthLDAPBindPassword for $auth_type == 'ldap'
 # - $ldap_binddn: AuthLDAPBindDN for $auth_type == 'ldap'
 # - $ldap_groups: List of ldap-group names for $auth_type == 'ldap'
 #
@@ -28,7 +27,6 @@
     $auth_realm    = undef,
     $auth_file     = undef,
     $ldap_authurl  = undef,
-    $ldap_bindpass = undef,
     $ldap_binddn   = undef,
     $ldap_groups   = [],
 ) {
@@ -46,6 +44,9 @@
         include ::apache::mod::authnz_ldap
         include ::passwords::ldap::production
 
+        # FIXME: move this into hiera config
+        $ldap_bindpass = $passwords::ldap::production::proxypass
+
     } elsif $auth_type == 'local' {
         include ::apache::mod::authz_groupfile
         include ::apache::mod::authz_user

-- 
To view, visit https://gerrit.wikimedia.org/r/230798
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2d45c21e227052cf705468fff1f02364a4686cb4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to