Dzahn has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/378360 )
Change subject: gerrit: fix host for TLS cert/monitoring if on slave ...................................................................... gerrit: fix host for TLS cert/monitoring if on slave Ensure that the right hostname (gerrit-slave vs gerrit) is used for the Letsencrypt cert and also Icinga monitoring if on a slave host. Add the $slave parameter that was already used in init also in the proxy class and pass it through to be able to set host based on slave status. Some more small changes to make puppet-lint perfect. Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4 --- D hieradata/hosts/gerrit2001.yaml M modules/gerrit/manifests/crons.pp M modules/gerrit/manifests/init.pp M modules/gerrit/manifests/jetty.pp M modules/gerrit/manifests/proxy.pp R modules/gerrit/templates/apache.erb 6 files changed, 18 insertions(+), 6 deletions(-) Approvals: Paladox: Looks good to me, but someone else must approve jenkins-bot: Verified Dzahn: Looks good to me, approved diff --git a/hieradata/hosts/gerrit2001.yaml b/hieradata/hosts/gerrit2001.yaml deleted file mode 100644 index 370806d..0000000 --- a/hieradata/hosts/gerrit2001.yaml +++ /dev/null @@ -1 +0,0 @@ -do_acme: false diff --git a/modules/gerrit/manifests/crons.pp b/modules/gerrit/manifests/crons.pp index 0102be9..bbb9b8e 100644 --- a/modules/gerrit/manifests/crons.pp +++ b/modules/gerrit/manifests/crons.pp @@ -1,3 +1,4 @@ +# sets up cron jobs for Gerrit class gerrit::crons() { cron { 'list_mediawiki_extensions': # Gerrit is missing a public list of projects. diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp index eb04d71..6f88341 100644 --- a/modules/gerrit/manifests/init.pp +++ b/modules/gerrit/manifests/init.pp @@ -13,7 +13,9 @@ class { '::gerrit::proxy': require => Class['gerrit::jetty'], + host => $host, slave_hosts => $slave_hosts, + slave => $slave, } if !$slave { diff --git a/modules/gerrit/manifests/jetty.pp b/modules/gerrit/manifests/jetty.pp index 0d776d3..3702603 100644 --- a/modules/gerrit/manifests/jetty.pp +++ b/modules/gerrit/manifests/jetty.pp @@ -1,3 +1,5 @@ +# sets up jetty for gerrit +# https://projects.eclipse.org/projects/rt.jetty/developer class gerrit::jetty( $db_host = 'localhost', $replication = '', diff --git a/modules/gerrit/manifests/proxy.pp b/modules/gerrit/manifests/proxy.pp index ea32251..d4bf91e 100644 --- a/modules/gerrit/manifests/proxy.pp +++ b/modules/gerrit/manifests/proxy.pp @@ -1,25 +1,33 @@ +# sets up a TLS proxy for Gerrit class gerrit::proxy( $host = $::gerrit::host, - $slave_hosts = [], + $slave_hosts = $::gerrit::slave_hosts, + $slave = false, $maint_mode = false, ) { + if $slave { + $tls_host = $slave_hosts[0] + } else { + $tls_host = $host + } + letsencrypt::cert::integrated { 'gerrit': - subjects => $host, + subjects => $tls_host, puppet_svc => 'apache2', system_svc => 'apache2', } monitoring::service { 'https': description => 'HTTPS', - check_command => "check_ssl_http_letsencrypt!${host}", + check_command => "check_ssl_http_letsencrypt!${tls_host}", contact_group => 'admins,gerrit', } $ssl_settings = ssl_ciphersuite('apache', 'mid', true) - apache::site { $host: - content => template('gerrit/gerrit.wikimedia.org.erb'), + apache::site { $tls_host: + content => template('gerrit/apache.erb'), } # Error page stuff diff --git a/modules/gerrit/templates/gerrit.wikimedia.org.erb b/modules/gerrit/templates/apache.erb similarity index 100% rename from modules/gerrit/templates/gerrit.wikimedia.org.erb rename to modules/gerrit/templates/apache.erb -- To view, visit https://gerrit.wikimedia.org/r/378360 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4 Gerrit-PatchSet: 11 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <dz...@wikimedia.org> Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org> Gerrit-Reviewer: Chad <ch...@wikimedia.org> Gerrit-Reviewer: Dzahn <dz...@wikimedia.org> Gerrit-Reviewer: Paladox <thomasmulhall...@yahoo.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits