Elukey has submitted this change and it was merged. Change subject: Avoid Redis IPsec replication if the host doesn't need it. ......................................................................
Avoid Redis IPsec replication if the host doesn't need it. The redis::multidc::ipsec is currently used by JobQueues and memcached/redis hosts to set up a secure transport between eqiad and codfw. A new host still not configured in hiera to have a replica should not get automatically configured for IPsec to avoid false alarms. Bug: T137345 Change-Id: Ic64af79619119c9727bc4b7b94ba3084e73db003 --- M modules/redis/manifests/multidc/ipsec.pp 1 file changed, 5 insertions(+), 2 deletions(-) Approvals: Elukey: Looks good to me, approved Giuseppe Lavagetto: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/modules/redis/manifests/multidc/ipsec.pp b/modules/redis/manifests/multidc/ipsec.pp index d16df28..ff89c4d 100644 --- a/modules/redis/manifests/multidc/ipsec.pp +++ b/modules/redis/manifests/multidc/ipsec.pp @@ -8,7 +8,10 @@ $my_ip = ipresolve($::fqdn, 4) $ipsec_host_list = redis_shard_hosts($my_ip, $shards) - class { 'role::ipsec': - hosts => $ipsec_host_list + # No reason to define IPsec if the host doesn't need replication. + if size($ipsec_host_list) > 0 { + class { 'role::ipsec': + hosts => $ipsec_host_list + } } } -- To view, visit https://gerrit.wikimedia.org/r/323517 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic64af79619119c9727bc4b7b94ba3084e73db003 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Elukey <ltosc...@wikimedia.org> Gerrit-Reviewer: Elukey <ltosc...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits