Filippo Giunchedi has uploaded a new change for review. https://gerrit.wikimedia.org/r/160419
Change subject: move metrics.wm.o and metrics-api.wm.o behind misc-web ...................................................................... move metrics.wm.o and metrics-api.wm.o behind misc-web this will use the ssl wildcard cert and keep the http -> https to labs redirection in place RT #7352 Change-Id: Id1f249f31c6f51896b6b5e57e364ea7c53cd03be --- M manifests/misc/statistics.pp M manifests/role/cache.pp M templates/apache/sites/metrics.wikimedia.org.erb M templates/varnish/misc.inc.vcl.erb 4 files changed, 3 insertions(+), 33 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/19/160419/1 diff --git a/manifests/misc/statistics.pp b/manifests/misc/statistics.pp index 5b788a7..8675d30 100644 --- a/manifests/misc/statistics.pp +++ b/manifests/misc/statistics.pp @@ -416,10 +416,6 @@ include webserver::apache include ::apache::mod::alias - include ::apache::mod::ssl - - # install metrics.wikimedia.org SSL certificate - install_certificate{ $site_name: } # Set up the VirtualHost apache::site { $site_name: diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index 9544675..27474cc 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -1466,6 +1466,7 @@ 'terbium.eqiad.wmnet', # public_html 'neon.wikimedia.org', # monitoring tools (icinga et al) 'magnesium.wikimedia.org', # RT and racktables + 'stat1001.wikimedia.org', # metrics and metrics-api ], backend_options => [ { diff --git a/templates/apache/sites/metrics.wikimedia.org.erb b/templates/apache/sites/metrics.wikimedia.org.erb index 6853c97..9bac6be 100644 --- a/templates/apache/sites/metrics.wikimedia.org.erb +++ b/templates/apache/sites/metrics.wikimedia.org.erb @@ -25,32 +25,3 @@ LogLevel warn CustomLog /var/log/apache2/access.metrics.log combined </VirtualHost> - -<VirtualHost *:443> - # Same as above <VirtualHost *:80 />, but as we do not want to - # pollute puppet with a separate configuration that we can include - # both above and here, and until we can use Apache 2.4 to use - # <If />, we have to duplicate the above configuration verbatim. - - # Copied configuration from above <VirtualHost *:80 /> --------------- - - ServerName <%= @site_name %> - ServerAlias metrics-api.wikimedia.org - ServerAdmin n...@wikimedia.org - - Redirect permanent / <%= @redirect_target %> - - ErrorLog /var/log/apache2/error.metrics.log - LogLevel warn - CustomLog /var/log/apache2/access.metrics.log combined - - # SSL configuration -------------------------------------------------- - - SSLEngine on - SSLProtocol +ALL -SSLv2 - SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH - SSLHonorCipherOrder on - SSLCertificateFile /etc/ssl/certs/<%= @site_name %>.pem - SSLCertificateChainFile /etc/ssl/certs/<%= @site_name %>.chained.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @site_name %>.key -</VirtualHost> diff --git a/templates/varnish/misc.inc.vcl.erb b/templates/varnish/misc.inc.vcl.erb index 41aacc8..6af4aa2 100644 --- a/templates/varnish/misc.inc.vcl.erb +++ b/templates/varnish/misc.inc.vcl.erb @@ -38,6 +38,8 @@ set req.backend = neon; } elsif (req.http.Host == "racktables.wikimedia.org") { set req.backend = magnesium; + } elsif (req.http.Host == "metrics.wikimedia.org" || req.http.Host == "metrics-api.wikimedia.org") { + set req.backend = stat1001; } else { error 404 "Domain not served here"; } -- To view, visit https://gerrit.wikimedia.org/r/160419 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id1f249f31c6f51896b6b5e57e364ea7c53cd03be Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Filippo Giunchedi <fgiunch...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits