[MediaWiki-commits] [Gerrit] operations/puppet[production]: tendril: skip cert monitoring where Letsencrypt is disabled

Thu, 13 Apr 2017 16:33:00 -0700 

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/348172 )

Change subject: tendril: skip cert monitoring where Letsencrypt is disabled
......................................................................

tendril: skip cert monitoring where Letsencrypt is disabled

Do not add Icinga certificate monitoring if the "do_acme"
variable is false. I was about to add a new variable to
enable/disable monitoring, but we can use this existing one.

"do_acme" is the general override for skipping Letsencrypt
cert renewal on hosts that use the same role but are not
currently the active hosts (as in they don't have the DNS name
the cert is for).

This avoids false positives / acked cruft in Icinga, while the
tendril service is moving from einsteinium to dbmonitor hosts.

Once the migration is complete both LE cert renewal and monitoring
for it can be swiched on with this at once.

Bug: T162183
Change-Id: I7d1b09429070a04334470d629b1a4f106b57df88
---
M modules/role/manifests/tendril.pp
1 file changed, 5 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/72/348172/1

diff --git a/modules/role/manifests/tendril.pp 
b/modules/role/manifests/tendril.pp
index d4d39c3..8e170cf 100644
--- a/modules/role/manifests/tendril.pp
+++ b/modules/role/manifests/tendril.pp
@@ -7,9 +7,11 @@
 
     system::role { 'role::tendril': description => 'tendril server' }
 
-    monitoring::service { 'https-tendril':
-        description   => 'HTTPS-tendril',
-        check_command => 'check_ssl_http_letsencrypt!tendril.wikimedia.org',
+    if hiera('do_acme', true) {
+        monitoring::service { 'https-tendril':
+            description   => 'HTTPS-tendril',
+            check_command => 
'check_ssl_http_letsencrypt!tendril.wikimedia.org',
+        }
     }
 
     class { '::tendril':

-- 
To view, visit https://gerrit.wikimedia.org/r/348172
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7d1b09429070a04334470d629b1a4f106b57df88
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to