[MediaWiki-commits] [Gerrit] Serve geowiki's private data through statistics websever - change (operations/puppet)

Ottomata (Code Review) Thu, 14 Nov 2013 08:55:48 -0800

Ottomata has submitted this change and it was merged.

Change subject: Serve geowiki's private data through statistics websever
......................................................................



Serve geowiki's private data through statistics websever

Card: analytics 1252
Change-Id: Ic0c48870b4eda65a331d2d358fcdf14409a8135d
---
M manifests/misc/statistics.pp
M manifests/role/statistics.pp
M templates/apache/sites/stats.wikimedia.org.erb
3 files changed, 40 insertions(+), 3 deletions(-)

Approvals:
  Ottomata: Verified; Looks good to me, approved



diff --git a/manifests/misc/statistics.pp b/manifests/misc/statistics.pp
index 19a5aa6..b081ca8 100644
--- a/manifests/misc/statistics.pp
+++ b/manifests/misc/statistics.pp
@@ -253,8 +253,12 @@
 
 # stats.wikimedia.org
 class misc::statistics::sites::stats {
+    require misc::statistics::geowiki::data::private
+
     $site_name = "stats.wikimedia.org"
     $docroot = "/srv/$site_name/htdocs"
+    $geowiki_private_directory = "$docroot/geowiki-private"
+    $geowiki_private_htpasswd_file = "/etc/apache2/htpasswd.stats-geowiki"
 
     # add htpasswd file for stats.wikimedia.org
     file { "/etc/apache2/htpasswd.stats":
@@ -264,6 +268,23 @@
         source  => "puppet:///private/apache/htpasswd.stats",
     }
 
+    # add htpasswd file for private geowiki data
+    file { $geowiki_private_htpasswd_file:
+        owner   => "root",
+        group   => "www-data",
+        mode    => '0640',
+        source  => "puppet:///private/apache/htpasswd.stats-geowiki",
+    }
+
+    # link geowiki checkout from docroot
+    file { $geowiki_private_directory:
+        ensure  => "link",
+        target  => 
$misc::statistics::geowiki::data::private::geowiki_private_data_path,
+        owner   => "root",
+        group   => "www-data",
+        mode    => '0750',
+    }
+
     install_certificate{ $site_name: }
 
     file {
diff --git a/manifests/role/statistics.pp b/manifests/role/statistics.pp
index b34cec8..419c264 100644
--- a/manifests/role/statistics.pp
+++ b/manifests/role/statistics.pp
@@ -45,9 +45,7 @@
                # reportcard.wikimedia.org
                misc::statistics::sites::reportcard,
                # rsync public datasets from stat1 hourly
-               misc::statistics::public_datasets,
-               # rsync geowiki's data-private from stat1 daily
-               misc::statistics::geowiki::data::private
+               misc::statistics::public_datasets
 }
 
 class role::statistics::private inherits role::statistics {
diff --git a/templates/apache/sites/stats.wikimedia.org.erb 
b/templates/apache/sites/stats.wikimedia.org.erb
index 617a975..4d4a9d5 100644
--- a/templates/apache/sites/stats.wikimedia.org.erb
+++ b/templates/apache/sites/stats.wikimedia.org.erb
@@ -62,6 +62,13 @@
        RewriteEngine On
        RewriteCond %{HTTP_HOST} stats.wikipedia.org
        RewriteRule ^(.*)$ http://stats.wikimedia.org$1 [R=301,L]
+
+       # Force https for geowiki's private data
+       <Directory "<%= 
scope.lookupvar('misc::statistics::sites::stats::geowiki_private_directory') 
%>">
+               RewriteEngine On
+               RewriteCond %{HTTPS} !on
+               RewriteRule (.*) https://%{HTTP_HOST}/%{REQUEST_URI} 
[redirect=301,last]
+       </Directory>
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -77,6 +84,17 @@
        SSLCertificateFile    /etc/ssl/certs/stats.wikimedia.org.pem
        SSLCertificateKeyFile /etc/ssl/private/stats.wikimedia.org.key
        SSLCertificateChainFile /etc/ssl/certs/stats.wikimedia.org.chained.pem
+
+       # Settings for geowiki's private data
+       <Directory "<%= 
scope.lookupvar('misc::statistics::sites::stats::geowiki_private_directory') 
%>">
+               AllowOverride None
+               Order allow,deny
+               Allow from all
+               AuthName "Geowiki's 'foundation only' files"
+               AuthType Basic
+               AuthUserFile "<%= 
scope.lookupvar('misc::statistics::sites::stats::geowiki_private_htpasswd_file')
 %>"
+               Require valid-user
+       </Directory>
 </VirtualHost>
 
 # vim: filetype=apache

-- 
To view, visit https://gerrit.wikimedia.org/r/94626
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic0c48870b4eda65a331d2d358fcdf14409a8135d
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: QChris <christ...@quelltextlich.at>
Gerrit-Reviewer: CSteipp <cste...@wikimedia.org>
Gerrit-Reviewer: Ottomata <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Serve geowiki's private data through statistics websever - change (operations/puppet)

Reply via email to