[MediaWiki-commits] [Gerrit] Add read-only reverse proxy for labs ES - change (operations/puppet)

Tue, 22 Sep 2015 22:57:03 -0700 

EBernhardson has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/240305

Change subject: Add read-only reverse proxy for labs ES
......................................................................

Add read-only reverse proxy for labs ES

Change-Id: I9c2e50ec2fda25e8742fa7f26fd2692e5647f12a
---
M manifests/site.pp
A modules/elasticsearch/manifests/proxy.pp
A templates/nginx/sites/labs-es-proxy.erb
3 files changed, 40 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/05/240305/1

diff --git a/manifests/site.pp b/manifests/site.pp
index 467d28b..79b4777 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2223,6 +2223,7 @@
 
 # Test server for labs ElasticSearch replication
 node 'nobelium.eqiad.wmnet' {
+       include elasticsearch::proxy
     include base::firewall
     include standard
 }
diff --git a/modules/elasticsearch/manifests/proxy.pp 
b/modules/elasticsearch/manifests/proxy.pp
new file mode 100644
index 0000000..bd64637
--- /dev/null
+++ b/modules/elasticsearch/manifests/proxy.pp
@@ -0,0 +1,18 @@
+# == Class elasticsearch::proxy
+# Sets up a simple nginx reverse proxy.
+# This must be included on the same node as an elasticsearch server
+#
+# This depends on the ferm and nginx module's from WMF 
operations/puppet/modules.
+#
+class elasticsearch::proxy {
+       class { '::nginx': }
+       
+       nginx::site { 'elasticsearch-proxy':
+               content => template('nginx/sites/labs-es-proxy.erb')
+       }
+
+       ferm::service { 'http':
+               proto => 'tcp',
+               port => 80,
+       }
+}
diff --git a/templates/nginx/sites/labs-es-proxy.erb 
b/templates/nginx/sites/labs-es-proxy.erb
new file mode 100644
index 0000000..1b7209b
--- /dev/null
+++ b/templates/nginx/sites/labs-es-proxy.erb
@@ -0,0 +1,21 @@
+# This file is managed by puppet. Do not edit.
+
+upstream elasticsearch {
+        server 127.0.0.1:9200;
+        keepalive 15;
+}
+
+server {
+        listen 80 default_server;
+        listen [::]:80 default_server ipv6only=on;
+
+        root /dev/null;
+
+        location / {
+                limit_except GET {
+                        deny all;
+                }
+                proxy_pass http://localhost:9200;
+        }
+}
+

-- 
To view, visit https://gerrit.wikimedia.org/r/240305
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9c2e50ec2fda25e8742fa7f26fd2692e5647f12a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: EBernhardson <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to