[MediaWiki-commits] [Gerrit] move metrics.wm.o and metrics-api.wm.o behind misc-web - change (operations/puppet)

Mon, 15 Sep 2014 03:35:21 -0700 

Filippo Giunchedi has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/160419

Change subject: move metrics.wm.o and metrics-api.wm.o behind misc-web
......................................................................

move metrics.wm.o and metrics-api.wm.o behind misc-web

this will use the ssl wildcard cert and keep the http -> https to labs
redirection in place

RT #7352

Change-Id: Id1f249f31c6f51896b6b5e57e364ea7c53cd03be
---
M manifests/misc/statistics.pp
M manifests/role/cache.pp
M templates/apache/sites/metrics.wikimedia.org.erb
M templates/varnish/misc.inc.vcl.erb
4 files changed, 3 insertions(+), 33 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/19/160419/1

diff --git a/manifests/misc/statistics.pp b/manifests/misc/statistics.pp
index 5b788a7..8675d30 100644
--- a/manifests/misc/statistics.pp
+++ b/manifests/misc/statistics.pp
@@ -416,10 +416,6 @@
 
     include webserver::apache
     include ::apache::mod::alias
-    include ::apache::mod::ssl
-
-    # install metrics.wikimedia.org SSL certificate
-    install_certificate{ $site_name: }
 
     # Set up the VirtualHost
     apache::site { $site_name:
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 9544675..27474cc 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -1466,6 +1466,7 @@
                 'terbium.eqiad.wmnet', # public_html
                 'neon.wikimedia.org', # monitoring tools (icinga et al)
                 'magnesium.wikimedia.org', # RT and racktables
+                'stat1001.wikimedia.org', # metrics and metrics-api
             ],
             backend_options => [
             {
diff --git a/templates/apache/sites/metrics.wikimedia.org.erb 
b/templates/apache/sites/metrics.wikimedia.org.erb
index 6853c97..9bac6be 100644
--- a/templates/apache/sites/metrics.wikimedia.org.erb
+++ b/templates/apache/sites/metrics.wikimedia.org.erb
@@ -25,32 +25,3 @@
   LogLevel warn
   CustomLog /var/log/apache2/access.metrics.log combined
 </VirtualHost>
-
-<VirtualHost *:443>
-  # Same as above <VirtualHost *:80 />, but as we do not want to
-  # pollute puppet with a separate configuration that we can include
-  # both above and here, and until we can use Apache 2.4 to use
-  # <If />, we have to duplicate the above configuration verbatim.
-
-  # Copied configuration from above <VirtualHost *:80 /> ---------------
-
-  ServerName <%= @site_name %>
-  ServerAlias metrics-api.wikimedia.org
-  ServerAdmin n...@wikimedia.org
-
-  Redirect permanent / <%= @redirect_target %>
-
-  ErrorLog /var/log/apache2/error.metrics.log
-  LogLevel warn
-  CustomLog /var/log/apache2/access.metrics.log combined
-
-  # SSL configuration --------------------------------------------------
-
-  SSLEngine on
-  SSLProtocol +ALL -SSLv2
-  SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
-  SSLHonorCipherOrder on
-  SSLCertificateFile    /etc/ssl/certs/<%= @site_name %>.pem
-  SSLCertificateChainFile /etc/ssl/certs/<%= @site_name %>.chained.pem
-  SSLCertificateKeyFile /etc/ssl/private/<%= @site_name %>.key
-</VirtualHost>
diff --git a/templates/varnish/misc.inc.vcl.erb 
b/templates/varnish/misc.inc.vcl.erb
index 41aacc8..6af4aa2 100644
--- a/templates/varnish/misc.inc.vcl.erb
+++ b/templates/varnish/misc.inc.vcl.erb
@@ -38,6 +38,8 @@
                set req.backend = neon;
        } elsif (req.http.Host == "racktables.wikimedia.org") {
                set req.backend = magnesium;
+       } elsif (req.http.Host == "metrics.wikimedia.org" || req.http.Host == 
"metrics-api.wikimedia.org") {
+               set req.backend = stat1001;
        } else {
                error 404 "Domain not served here";
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/160419
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id1f249f31c6f51896b6b5e57e364ea7c53cd03be
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Filippo Giunchedi <fgiunch...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to