[MediaWiki-commits] [Gerrit] Use LDAP, requiring ops, for icinga admin - change (operations/puppet)

Ryan Lane (Code Review) Wed, 27 Feb 2013 16:55:19 -0800

Ryan Lane has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/51315



Change subject: Use LDAP, requiring ops, for icinga admin
......................................................................

Use LDAP, requiring ops, for icinga admin

Change-Id: I56a7d37e4cbc3100ed0bc92c9e03f1ef7537cd87
---
M manifests/misc/icinga.pp
R templates/apache/sites/icinga.wikimedia.org.erb
2 files changed, 7 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/15/51315/1

diff --git a/manifests/misc/icinga.pp b/manifests/misc/icinga.pp
index 385c809..90d7a43 100644
--- a/manifests/misc/icinga.pp
+++ b/manifests/misc/icinga.pp
@@ -83,7 +83,7 @@
                        owner => root,
                        group => root,
                        mode => 0444,
-                       source => 
"puppet:///files/apache/sites/icinga.wikimedia.org";
+                       content => 
template("apache/sites/icinga.wikimedia.org.erb");
        }
 
                # remove icinga default config
diff --git a/files/apache/sites/icinga.wikimedia.org 
b/templates/apache/sites/icinga.wikimedia.org.erb
similarity index 89%
rename from files/apache/sites/icinga.wikimedia.org
rename to templates/apache/sites/icinga.wikimedia.org.erb
index 32eece0..48da461 100644
--- a/files/apache/sites/icinga.wikimedia.org
+++ b/templates/apache/sites/icinga.wikimedia.org.erb
@@ -83,10 +83,13 @@
                AllowOverride AuthConfig
                Order Allow,Deny
                Allow From All
-               AuthName "Icinga Access"
+               AuthName "WMF Labs"
                AuthType Basic
-               AuthUserFile /etc/icinga/htpasswd.users
-               require valid-user
+               AuthBasicProvider ldap
+               AuthLDAPBindDN cn=proxyagent,ou=profile,dc=wikimedia,dc=org
+               AuthLDAPBindPassword <%= proxypass %>
+               AuthLDAPURL "ldap://virt0.wikimedia.org 
virt1000.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn"
+               Require ldap-group cn=wmf,ou=groups,dc=wikimedia,dc=org
        </DirectoryMatch>
        <IfModule !mod_alias.c>
                LoadModule alias_module modules/mod_alias.so

-- 
To view, visit https://gerrit.wikimedia.org/r/51315
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I56a7d37e4cbc3100ed0bc92c9e03f1ef7537cd87
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ryan Lane <rl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Use LDAP, requiring ops, for icinga admin - change (operations/puppet)

Reply via email to