[MediaWiki-commits] [Gerrit] certs: inline privatekey=false install_certificate - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: certs: inline privatekey=false install_certificate
..
certs: inline privatekey=false install_certificate
Inline sslcert::certificate on the handful install_certificate call
sites where a privatekey isn't passed (all of them star.wmflabs.org
ones) and remove the option from install_certificate altogether.
Change-Id: I42dd380c72248086951471633806ebde9ad3d129
---
M manifests/certs.pp
M manifests/role/labsproxy.pp
M manifests/role/protoproxy.pp
M modules/toollabs/manifests/proxy.pp
M modules/toollabs/manifests/static.pp
5 files changed, 15 insertions(+), 22 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/certs.pp b/manifests/certs.pp
index 95b9a63..f1abe10 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -1,13 +1,6 @@
-define install_certificate(
-$privatekey=true,
-) {
+define install_certificate {
sslcert::certificate { $name:
-source => "puppet:///files/ssl/${name}.crt",
-}
-
-if ( $privatekey == true ) {
-Sslcert::Certificate[$name] {
-private => "puppet:///private/ssl/${name}.key",
-}
+source => "puppet:///files/ssl/${name}.crt",
+private => "puppet:///private/ssl/${name}.key",
}
}
diff --git a/manifests/role/labsproxy.pp b/manifests/role/labsproxy.pp
index 97383c3..2bb3493 100644
--- a/manifests/role/labsproxy.pp
+++ b/manifests/role/labsproxy.pp
@@ -1,17 +1,17 @@
# A dynamic HTTP routing proxy, based on nginx+lua+redis
class role::dynamicproxy::eqiad {
-install_certificate{ 'star.wmflabs.org':
-privatekey => false
-}
-
include base::firewall
+
+sslcert::certificate { 'star.wmflabs.org':
+source => 'puppet:///files/ssl/star.wmflabs.org.crt',
+}
class { '::dynamicproxy':
ssl_certificate_name => 'star.wmflabs.org',
ssl_settings => ssl_ciphersuite('nginx', 'compat'),
set_xff => true,
luahandler => 'domainproxy',
-require => Install_certificate['star.wmflabs.org']
+require => Sslcert::Certificate['star.wmflabs.org'],
}
include dynamicproxy::api
}
diff --git a/manifests/role/protoproxy.pp b/manifests/role/protoproxy.pp
index e18414a..8ff7e10 100644
--- a/manifests/role/protoproxy.pp
+++ b/manifests/role/protoproxy.pp
@@ -42,8 +42,8 @@
include standard
include role::protoproxy::ssl::common
-install_certificate { 'star.wmflabs.org':
-privatekey => false,
+sslcert::certificate { 'star.wmflabs.org':
+source => 'puppet:///files/ssl/star.wmflabs.org.crt',
}
}
diff --git a/modules/toollabs/manifests/proxy.pp
b/modules/toollabs/manifests/proxy.pp
index 0d1911d..2594bed 100644
--- a/modules/toollabs/manifests/proxy.pp
+++ b/modules/toollabs/manifests/proxy.pp
@@ -9,9 +9,9 @@
include base::firewall
if $ssl_install_certificate {
-install_certificate { $ssl_certificate_name:
-privatekey => false,
-before => Class['::dynamicproxy'],
+sslcert::certificate { $ssl_certificate_name:
+source => "puppet:///files/ssl/$ssl_certificate_name.crt",
+before => Class['::dynamicproxy'],
}
}
diff --git a/modules/toollabs/manifests/static.pp
b/modules/toollabs/manifests/static.pp
index 7114b7f..ad2939a 100644
--- a/modules/toollabs/manifests/static.pp
+++ b/modules/toollabs/manifests/static.pp
@@ -9,8 +9,8 @@
include toollabs::infrastructure
if $ssl_certificate_name != false {
-install_certificate { $ssl_certificate_name:
-privatekey => false,
+sslcert::certificate { $ssl_certificate_name:
+source => "puppet:///files/ssl/$ssl_certificate_name.crt",
}
}
--
To view, visit https://gerrit.wikimedia.org/r/217271
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I42dd380c72248086951471633806ebde9ad3d129
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis
Gerrit-Reviewer: Faidon Liambotis
Gerrit-Reviewer: Merlijn van Deen
Gerrit-Reviewer: Yuvipanda
Gerrit-Reviewer: coren
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] certs: inline privatekey=false install_certificate - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/217271
Change subject: certs: inline privatekey=false install_certificate
..
certs: inline privatekey=false install_certificate
Inline sslcert::certificate on the handful install_certificate call
sites where a privatekey isn't passed (all of them star.wmflabs.org
ones) and remove the option from install_certificate altogether.
Change-Id: I42dd380c72248086951471633806ebde9ad3d129
---
M manifests/certs.pp
M manifests/role/labsproxy.pp
M manifests/role/protoproxy.pp
M modules/toollabs/manifests/proxy.pp
M modules/toollabs/manifests/static.pp
5 files changed, 15 insertions(+), 22 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/71/217271/1
diff --git a/manifests/certs.pp b/manifests/certs.pp
index 95b9a63..f1abe10 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -1,13 +1,6 @@
-define install_certificate(
-$privatekey=true,
-) {
+define install_certificate {
sslcert::certificate { $name:
-source => "puppet:///files/ssl/${name}.crt",
-}
-
-if ( $privatekey == true ) {
-Sslcert::Certificate[$name] {
-private => "puppet:///private/ssl/${name}.key",
-}
+source => "puppet:///files/ssl/${name}.crt",
+private => "puppet:///private/ssl/${name}.key",
}
}
diff --git a/manifests/role/labsproxy.pp b/manifests/role/labsproxy.pp
index 97383c3..2bb3493 100644
--- a/manifests/role/labsproxy.pp
+++ b/manifests/role/labsproxy.pp
@@ -1,17 +1,17 @@
# A dynamic HTTP routing proxy, based on nginx+lua+redis
class role::dynamicproxy::eqiad {
-install_certificate{ 'star.wmflabs.org':
-privatekey => false
-}
-
include base::firewall
+
+sslcert::certificate { 'star.wmflabs.org':
+source => 'puppet:///files/ssl/star.wmflabs.org.crt',
+}
class { '::dynamicproxy':
ssl_certificate_name => 'star.wmflabs.org',
ssl_settings => ssl_ciphersuite('nginx', 'compat'),
set_xff => true,
luahandler => 'domainproxy',
-require => Install_certificate['star.wmflabs.org']
+require => Sslcert::Certificate['star.wmflabs.org'],
}
include dynamicproxy::api
}
diff --git a/manifests/role/protoproxy.pp b/manifests/role/protoproxy.pp
index e18414a..8ff7e10 100644
--- a/manifests/role/protoproxy.pp
+++ b/manifests/role/protoproxy.pp
@@ -42,8 +42,8 @@
include standard
include role::protoproxy::ssl::common
-install_certificate { 'star.wmflabs.org':
-privatekey => false,
+sslcert::certificate { 'star.wmflabs.org':
+source => 'puppet:///files/ssl/star.wmflabs.org.crt',
}
}
diff --git a/modules/toollabs/manifests/proxy.pp
b/modules/toollabs/manifests/proxy.pp
index 0d1911d..2594bed 100644
--- a/modules/toollabs/manifests/proxy.pp
+++ b/modules/toollabs/manifests/proxy.pp
@@ -9,9 +9,9 @@
include base::firewall
if $ssl_install_certificate {
-install_certificate { $ssl_certificate_name:
-privatekey => false,
-before => Class['::dynamicproxy'],
+sslcert::certificate { $ssl_certificate_name:
+source => "puppet:///files/ssl/$ssl_certificate_name.crt",
+before => Class['::dynamicproxy'],
}
}
diff --git a/modules/toollabs/manifests/static.pp
b/modules/toollabs/manifests/static.pp
index 7114b7f..ad2939a 100644
--- a/modules/toollabs/manifests/static.pp
+++ b/modules/toollabs/manifests/static.pp
@@ -9,8 +9,8 @@
include toollabs::infrastructure
if $ssl_certificate_name != false {
-install_certificate { $ssl_certificate_name:
-privatekey => false,
+sslcert::certificate { $ssl_certificate_name:
+source => "puppet:///files/ssl/$ssl_certificate_name.crt",
}
}
--
To view, visit https://gerrit.wikimedia.org/r/217271
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I42dd380c72248086951471633806ebde9ad3d129
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
