[MediaWiki-commits] [Gerrit] certs: inline privatekey=false install_certificate - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: certs: inline privatekey=false install_certificate .. certs: inline privatekey=false install_certificate Inline sslcert::certificate on the handful install_certificate call sites where a privatekey isn't passed (all of them star.wmflabs.org ones) and remove the option from install_certificate altogether. Change-Id: I42dd380c72248086951471633806ebde9ad3d129 --- M manifests/certs.pp M manifests/role/labsproxy.pp M manifests/role/protoproxy.pp M modules/toollabs/manifests/proxy.pp M modules/toollabs/manifests/static.pp 5 files changed, 15 insertions(+), 22 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/certs.pp b/manifests/certs.pp index 95b9a63..f1abe10 100644 --- a/manifests/certs.pp +++ b/manifests/certs.pp @@ -1,13 +1,6 @@ -define install_certificate( -$privatekey=true, -) { +define install_certificate { sslcert::certificate { $name: -source => "puppet:///files/ssl/${name}.crt", -} - -if ( $privatekey == true ) { -Sslcert::Certificate[$name] { -private => "puppet:///private/ssl/${name}.key", -} +source => "puppet:///files/ssl/${name}.crt", +private => "puppet:///private/ssl/${name}.key", } } diff --git a/manifests/role/labsproxy.pp b/manifests/role/labsproxy.pp index 97383c3..2bb3493 100644 --- a/manifests/role/labsproxy.pp +++ b/manifests/role/labsproxy.pp @@ -1,17 +1,17 @@ # A dynamic HTTP routing proxy, based on nginx+lua+redis class role::dynamicproxy::eqiad { -install_certificate{ 'star.wmflabs.org': -privatekey => false -} - include base::firewall + +sslcert::certificate { 'star.wmflabs.org': +source => 'puppet:///files/ssl/star.wmflabs.org.crt', +} class { '::dynamicproxy': ssl_certificate_name => 'star.wmflabs.org', ssl_settings => ssl_ciphersuite('nginx', 'compat'), set_xff => true, luahandler => 'domainproxy', -require => Install_certificate['star.wmflabs.org'] +require => Sslcert::Certificate['star.wmflabs.org'], } include dynamicproxy::api } diff --git a/manifests/role/protoproxy.pp b/manifests/role/protoproxy.pp index e18414a..8ff7e10 100644 --- a/manifests/role/protoproxy.pp +++ b/manifests/role/protoproxy.pp @@ -42,8 +42,8 @@ include standard include role::protoproxy::ssl::common -install_certificate { 'star.wmflabs.org': -privatekey => false, +sslcert::certificate { 'star.wmflabs.org': +source => 'puppet:///files/ssl/star.wmflabs.org.crt', } } diff --git a/modules/toollabs/manifests/proxy.pp b/modules/toollabs/manifests/proxy.pp index 0d1911d..2594bed 100644 --- a/modules/toollabs/manifests/proxy.pp +++ b/modules/toollabs/manifests/proxy.pp @@ -9,9 +9,9 @@ include base::firewall if $ssl_install_certificate { -install_certificate { $ssl_certificate_name: -privatekey => false, -before => Class['::dynamicproxy'], +sslcert::certificate { $ssl_certificate_name: +source => "puppet:///files/ssl/$ssl_certificate_name.crt", +before => Class['::dynamicproxy'], } } diff --git a/modules/toollabs/manifests/static.pp b/modules/toollabs/manifests/static.pp index 7114b7f..ad2939a 100644 --- a/modules/toollabs/manifests/static.pp +++ b/modules/toollabs/manifests/static.pp @@ -9,8 +9,8 @@ include toollabs::infrastructure if $ssl_certificate_name != false { -install_certificate { $ssl_certificate_name: -privatekey => false, +sslcert::certificate { $ssl_certificate_name: +source => "puppet:///files/ssl/$ssl_certificate_name.crt", } } -- To view, visit https://gerrit.wikimedia.org/r/217271 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I42dd380c72248086951471633806ebde9ad3d129 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis Gerrit-Reviewer: Faidon Liambotis Gerrit-Reviewer: Merlijn van Deen Gerrit-Reviewer: Yuvipanda Gerrit-Reviewer: coren Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] certs: inline privatekey=false install_certificate - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/217271 Change subject: certs: inline privatekey=false install_certificate .. certs: inline privatekey=false install_certificate Inline sslcert::certificate on the handful install_certificate call sites where a privatekey isn't passed (all of them star.wmflabs.org ones) and remove the option from install_certificate altogether. Change-Id: I42dd380c72248086951471633806ebde9ad3d129 --- M manifests/certs.pp M manifests/role/labsproxy.pp M manifests/role/protoproxy.pp M modules/toollabs/manifests/proxy.pp M modules/toollabs/manifests/static.pp 5 files changed, 15 insertions(+), 22 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/71/217271/1 diff --git a/manifests/certs.pp b/manifests/certs.pp index 95b9a63..f1abe10 100644 --- a/manifests/certs.pp +++ b/manifests/certs.pp @@ -1,13 +1,6 @@ -define install_certificate( -$privatekey=true, -) { +define install_certificate { sslcert::certificate { $name: -source => "puppet:///files/ssl/${name}.crt", -} - -if ( $privatekey == true ) { -Sslcert::Certificate[$name] { -private => "puppet:///private/ssl/${name}.key", -} +source => "puppet:///files/ssl/${name}.crt", +private => "puppet:///private/ssl/${name}.key", } } diff --git a/manifests/role/labsproxy.pp b/manifests/role/labsproxy.pp index 97383c3..2bb3493 100644 --- a/manifests/role/labsproxy.pp +++ b/manifests/role/labsproxy.pp @@ -1,17 +1,17 @@ # A dynamic HTTP routing proxy, based on nginx+lua+redis class role::dynamicproxy::eqiad { -install_certificate{ 'star.wmflabs.org': -privatekey => false -} - include base::firewall + +sslcert::certificate { 'star.wmflabs.org': +source => 'puppet:///files/ssl/star.wmflabs.org.crt', +} class { '::dynamicproxy': ssl_certificate_name => 'star.wmflabs.org', ssl_settings => ssl_ciphersuite('nginx', 'compat'), set_xff => true, luahandler => 'domainproxy', -require => Install_certificate['star.wmflabs.org'] +require => Sslcert::Certificate['star.wmflabs.org'], } include dynamicproxy::api } diff --git a/manifests/role/protoproxy.pp b/manifests/role/protoproxy.pp index e18414a..8ff7e10 100644 --- a/manifests/role/protoproxy.pp +++ b/manifests/role/protoproxy.pp @@ -42,8 +42,8 @@ include standard include role::protoproxy::ssl::common -install_certificate { 'star.wmflabs.org': -privatekey => false, +sslcert::certificate { 'star.wmflabs.org': +source => 'puppet:///files/ssl/star.wmflabs.org.crt', } } diff --git a/modules/toollabs/manifests/proxy.pp b/modules/toollabs/manifests/proxy.pp index 0d1911d..2594bed 100644 --- a/modules/toollabs/manifests/proxy.pp +++ b/modules/toollabs/manifests/proxy.pp @@ -9,9 +9,9 @@ include base::firewall if $ssl_install_certificate { -install_certificate { $ssl_certificate_name: -privatekey => false, -before => Class['::dynamicproxy'], +sslcert::certificate { $ssl_certificate_name: +source => "puppet:///files/ssl/$ssl_certificate_name.crt", +before => Class['::dynamicproxy'], } } diff --git a/modules/toollabs/manifests/static.pp b/modules/toollabs/manifests/static.pp index 7114b7f..ad2939a 100644 --- a/modules/toollabs/manifests/static.pp +++ b/modules/toollabs/manifests/static.pp @@ -9,8 +9,8 @@ include toollabs::infrastructure if $ssl_certificate_name != false { -install_certificate { $ssl_certificate_name: -privatekey => false, +sslcert::certificate { $ssl_certificate_name: +source => "puppet:///files/ssl/$ssl_certificate_name.crt", } } -- To view, visit https://gerrit.wikimedia.org/r/217271 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I42dd380c72248086951471633806ebde9ad3d129 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits