[MediaWiki-commits] [Gerrit] operations/puppet[production]: service::node: Do not use the proxy by default

Mon, 27 Mar 2017 12:43:54 -0700 

Mobrovac has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/344996 )

Change subject: service::node: Do not use the proxy by default
......................................................................

service::node: Do not use the proxy by default

The basic assumption and starting point for services in production
should be that they do not need access to resources outside of the WMF
production environment. Consequently, we shouldn't activate it by
default, but only if a service explicitly needs it.

This commit effectively affects only Graphoid, as it is the only service
that uses service::node's configuration file compilation feature, and it
doesn't need the proxy, so remove the no_proxy_list configuration
variable from its manifest.

Bug: T97530
Change-Id: If50030e4014bb30e30e96d438eba062a4bbfe0a5
---
M modules/graphoid/manifests/init.pp
M modules/service/manifests/node.pp
M modules/service/templates/node/config.yaml.erb
3 files changed, 6 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/96/344996/1

diff --git a/modules/graphoid/manifests/init.pp 
b/modules/graphoid/manifests/init.pp
index 46cd6a4..81f4af8 100644
--- a/modules/graphoid/manifests/init.pp
+++ b/modules/graphoid/manifests/init.pp
@@ -42,9 +42,6 @@
             timeout        => $timeout,
             headers        => $headers,
             errorHeaders   => $error_headers,
-            no_proxy_list  => inline_template(
-                '<%= @allowed_domains.values.flatten.sort.join(",") %>'
-            ),
         },
         has_spec        => true,
         healthcheck_url => '',
diff --git a/modules/service/manifests/node.pp 
b/modules/service/manifests/node.pp
index fb466fc..c91fa7a 100644
--- a/modules/service/manifests/node.pp
+++ b/modules/service/manifests/node.pp
@@ -69,6 +69,10 @@
 # [*starter_script*]
 #   The script used for starting the service. Default: src/server.js
 #
+# [*use_proxy*]
+#   Whether the service needs to use the proxy to access external resources.
+#   Default: false
+#
 # [*local_logging*]
 #   Whether to store log entries on the target node as well. Default: true
 #
@@ -158,6 +162,7 @@
     $starter_module  = './src/app.js',
     $entrypoint      = '',
     $starter_script  = 'src/server.js',
+    $use_proxy       = false,
     $local_logging   = true,
     $logging_name    = $title,
     $statsd_prefix   = $title,
diff --git a/modules/service/templates/node/config.yaml.erb 
b/modules/service/templates/node/config.yaml.erb
index 7bddd9c..bb9ad50 100644
--- a/modules/service/templates/node/config.yaml.erb
+++ b/modules/service/templates/node/config.yaml.erb
@@ -68,7 +68,7 @@
       # to restrict to a particular domain, use:
       # cors: restricted.domain.org
       # URL of the outbound proxy to use (complete with protocol)
-      proxy: <%= cvars['proxy'] %>
+      <%= @use_proxy ? '' : '# ' -%>proxy: <%= cvars['proxy'] %>
       # the template used for contacting the MW API
       mwapi_req:
         method: post

-- 
To view, visit https://gerrit.wikimedia.org/r/344996
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If50030e4014bb30e30e96d438eba062a4bbfe0a5
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mobrovac <mobro...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to