Dzahn has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/378360 )
Change subject: gerrit: fix host for TLS cert/monitoring if on slave ...................................................................... gerrit: fix host for TLS cert/monitoring if on slave Ensure that the right hostname (gerrit-slave vs gerrit) is used for the Letsencrypt cert and also Icinga monitoring if on a slave host. Add the $slave parameter that was already used in init also in the proxy class and pass it through to be able to set host based on slave status. Add $domain parameter to reduced hardcoded "wikimedia.org". Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4 --- M modules/gerrit/manifests/init.pp M modules/gerrit/manifests/proxy.pp 2 files changed, 15 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/60/378360/1 diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp index eb04d71..4c407fd 100644 --- a/modules/gerrit/manifests/init.pp +++ b/modules/gerrit/manifests/init.pp @@ -14,6 +14,7 @@ class { '::gerrit::proxy': require => Class['gerrit::jetty'], slave_hosts => $slave_hosts, + slave => $slave, } if !$slave { diff --git a/modules/gerrit/manifests/proxy.pp b/modules/gerrit/manifests/proxy.pp index ea32251..1238f93 100644 --- a/modules/gerrit/manifests/proxy.pp +++ b/modules/gerrit/manifests/proxy.pp @@ -1,25 +1,33 @@ class gerrit::proxy( - $host = $::gerrit::host, - $slave_hosts = [], - $maint_mode = false, + $host = $::gerrit::host, + $domain = 'wikimedia.org' + $slave_hosts = [], + $slave = false, + $maint_mode = false, ) { + if $slave { + $tls_host = "gerrit-slave.${domain}" + } else { + $tls_host = $host + } + letsencrypt::cert::integrated { 'gerrit': - subjects => $host, + subjects => $tls_host, puppet_svc => 'apache2', system_svc => 'apache2', } monitoring::service { 'https': description => 'HTTPS', - check_command => "check_ssl_http_letsencrypt!${host}", + check_command => "check_ssl_http_letsencrypt!${tls_host}", contact_group => 'admins,gerrit', } $ssl_settings = ssl_ciphersuite('apache', 'mid', true) apache::site { $host: - content => template('gerrit/gerrit.wikimedia.org.erb'), + content => template("gerrit/gerrit.${domain}.erb'), } # Error page stuff -- To view, visit https://gerrit.wikimedia.org/r/378360 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <dz...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits