Tim Landscheidt has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/328466 )
Change subject: apache: Fix some issues with apache::static_site ...................................................................... apache: Fix some issues with apache::static_site apache::static_site: - Uses the function any2array() that is not defined, - specifies the wrong path to the template static_site.conf.erb, - calls apache::site with the non-existent parameter conf_type, and - calls the function is_domain_name() with the parameter $servername which fails when a string constant like $::fqdn is passed. This change fixes those issues. Bug: T153816 Change-Id: I3b48f44a3c6532bacc75eba766e200d183eac299 --- M modules/apache/manifests/static_site.pp M modules/apache/templates/static_site.conf.erb M modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb 3 files changed, 5 insertions(+), 7 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/66/328466/1 diff --git a/modules/apache/manifests/static_site.pp b/modules/apache/manifests/static_site.pp index 81238c8..3bf68de 100644 --- a/modules/apache/manifests/static_site.pp +++ b/modules/apache/manifests/static_site.pp @@ -43,7 +43,6 @@ validate_ensure($ensure) validate_absolute_path($docroot) - $ldap_groups = any2array($restricted_to) $servername_safe = regsubst($servername, '[\W_]', '-', 'G') $servername_real = is_domain_name($servername) ? { true => $servername, @@ -54,7 +53,7 @@ include ::apache::mod::headers include ::apache::mod::rewrite - if ! empty($ldap_groups) { + if ! empty($restricted_to) { include ::apache::mod::authnz_ldap include ::passwords::ldap::production } @@ -67,8 +66,7 @@ apache::site { $name: ensure => $ensure, - content => template('apache/static.conf.erb'), - conf_type => 'sites', + content => template('apache/static_site.conf.erb'), priority => $priority, } } diff --git a/modules/apache/templates/static_site.conf.erb b/modules/apache/templates/static_site.conf.erb index 9c14f8c..65a7156 100644 --- a/modules/apache/templates/static_site.conf.erb +++ b/modules/apache/templates/static_site.conf.erb @@ -11,14 +11,14 @@ Header always merge Vary X-Forwarded-Proto Header set Strict-Transport-Security "max-age=604800" -<%- if @ldap_groups.length -%> +<%- if @restricted_to -%> AuthName "<%= @auth_realm %>" AuthType Basic AuthBasicProvider ldap AuthLDAPBindDN cn=proxyagent,ou=profile,dc=wikimedia,dc=org AuthLDAPBindPassword <%= scope.lookupvar('::passwords::ldap::production::proxypass') %> AuthLDAPURL "ldaps://ldap-labs.eqiad.wikimedia.org ldap-labs.codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn" - <%- @ldap_groups.each do |group| -%> + <%- @restricted_to.each do |group| -%> Require ldap-group "cn=<%= group %>,ou=groups,dc=wikimedia,dc=org" <%- end -%> <%- end -%> diff --git a/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb b/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb index 5826dc0..18f1e57 100644 --- a/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb +++ b/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb @@ -13,7 +13,7 @@ "given #{arguments.size} for 1") end - domain = arguments[0] + domain = arguments[0].dup # Limits (rfc1035, 3.1) domain_max_length=255 -- To view, visit https://gerrit.wikimedia.org/r/328466 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3b48f44a3c6532bacc75eba766e200d183eac299 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits