Elukey has submitted this change and it was merged.
Change subject: Avoid Redis IPsec replication if the host doesn't need it.
......................................................................
Avoid Redis IPsec replication if the host doesn't need it.
The redis::multidc::ipsec is currently used by JobQueues
and memcached/redis hosts to set up a secure transport
between eqiad and codfw. A new host still not configured
in hiera to have a replica should not get automatically
configured for IPsec to avoid false alarms.
Bug: T137345
Change-Id: Ic64af79619119c9727bc4b7b94ba3084e73db003
---
M modules/redis/manifests/multidc/ipsec.pp
1 file changed, 5 insertions(+), 2 deletions(-)
Approvals:
Elukey: Looks good to me, approved
Giuseppe Lavagetto: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/modules/redis/manifests/multidc/ipsec.pp
b/modules/redis/manifests/multidc/ipsec.pp
index d16df28..ff89c4d 100644
--- a/modules/redis/manifests/multidc/ipsec.pp
+++ b/modules/redis/manifests/multidc/ipsec.pp
@@ -8,7 +8,10 @@
$my_ip = ipresolve($::fqdn, 4)
$ipsec_host_list = redis_shard_hosts($my_ip, $shards)
- class { 'role::ipsec':
- hosts => $ipsec_host_list
+ # No reason to define IPsec if the host doesn't need replication.
+ if size($ipsec_host_list) > 0 {
+ class { 'role::ipsec':
+ hosts => $ipsec_host_list
+ }
}
}
--
To view, visit https://gerrit.wikimedia.org/r/323517
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic64af79619119c9727bc4b7b94ba3084e73db003
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Elukey <ltosc...@wikimedia.org>
Gerrit-Reviewer: Elukey <ltosc...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
