[MediaWiki-commits] [Gerrit] operations/puppet[production]: gerrit: fix host for TLS cert/monitoring if on slave

Fri, 15 Sep 2017 20:09:07 -0700 

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/378360 )

Change subject: gerrit: fix host for TLS cert/monitoring if on slave
......................................................................

gerrit: fix host for TLS cert/monitoring if on slave

Ensure that the right hostname (gerrit-slave vs gerrit) is
used for the Letsencrypt cert and also Icinga monitoring if
on a slave host.

Add the $slave parameter that was already used in init also in
the proxy class and pass it through to be able to set host
based on slave status.

Add $domain parameter to reduced hardcoded "wikimedia.org".

Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4
---
M modules/gerrit/manifests/init.pp
M modules/gerrit/manifests/proxy.pp
2 files changed, 15 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/60/378360/1

diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index eb04d71..4c407fd 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -14,6 +14,7 @@
     class { '::gerrit::proxy':
         require     => Class['gerrit::jetty'],
         slave_hosts => $slave_hosts,
+        slave       => $slave,
     }
 
     if !$slave {
diff --git a/modules/gerrit/manifests/proxy.pp 
b/modules/gerrit/manifests/proxy.pp
index ea32251..1238f93 100644
--- a/modules/gerrit/manifests/proxy.pp
+++ b/modules/gerrit/manifests/proxy.pp
@@ -1,25 +1,33 @@
 class gerrit::proxy(
-    $host         = $::gerrit::host,
-    $slave_hosts  = [],
-    $maint_mode   = false,
+    $host = $::gerrit::host,
+    $domain = 'wikimedia.org'
+    $slave_hosts = [],
+    $slave = false,
+    $maint_mode = false,
     ) {
 
+    if $slave {
+        $tls_host = "gerrit-slave.${domain}"
+    } else {
+        $tls_host = $host
+    }
+
     letsencrypt::cert::integrated { 'gerrit':
-        subjects   => $host,
+        subjects   => $tls_host,
         puppet_svc => 'apache2',
         system_svc => 'apache2',
     }
 
     monitoring::service { 'https':
         description   => 'HTTPS',
-        check_command => "check_ssl_http_letsencrypt!${host}",
+        check_command => "check_ssl_http_letsencrypt!${tls_host}",
         contact_group => 'admins,gerrit',
     }
 
     $ssl_settings = ssl_ciphersuite('apache', 'mid', true)
 
     apache::site { $host:
-        content => template('gerrit/gerrit.wikimedia.org.erb'),
+        content => template("gerrit/gerrit.${domain}.erb'),
     }
 
     # Error page stuff

-- 
To view, visit https://gerrit.wikimedia.org/r/378360
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to