[MediaWiki-commits] [Gerrit] volatile puppet reqs should go to frontend only - change (operations/puppet)

Wed, 12 Mar 2014 03:58:28 -0700 

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/118251

Change subject: volatile puppet reqs should go to frontend only
......................................................................

volatile puppet reqs should go to frontend only

The frontend was already proxying file_metadata puppet requests to
itself only but file_content requests where proxied to all backends. Fix
that by proxying these requests to the frontend alone
While at it add some explanatory comments

Change-Id: Id2ccf65d453a2878eb00fea1e0c65f5ec526cac2
---
M modules/puppetmaster/templates/puppetmaster.erb
1 file changed, 7 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/51/118251/1

diff --git a/modules/puppetmaster/templates/puppetmaster.erb 
b/modules/puppetmaster/templates/puppetmaster.erb
index d4a2014..170eec9 100644
--- a/modules/puppetmaster/templates/puppetmaster.erb
+++ b/modules/puppetmaster/templates/puppetmaster.erb
@@ -35,10 +35,17 @@
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
 
        SSLProxyEngine on
+       # Certificates should only be in the frontend. It is terminating SSL 
connections from clients and authenticating them
+       # The connection to the backends is also SSL encrypted but by frontend 
and backends do not authenticate connections
        ProxyPassMatch ^/([^/]+/certificate.*)$ https://<%= @fqdn %>:8141
+       # Reports should only be in one place. Choosing the frontend by default 
for simplicity
        ProxyPassMatch ^/([^/]+/report/.*)$ https://<%= @fqdn %>:8141
+       # File buckets should only be in one place. Choosing the frontend by 
default for simplicity
        ProxyPassMatch ^/([^/]+/file_bucket_file/md5/.*)$ https://<%= @fqdn 
%>:8141
+       # Volatile should only be in one place. Choosing the frontend by 
default for simplicity
        ProxyPassMatch ^/([^/]+/file_metadata(s)?/volatile/.*)$ https://<%= 
@fqdn %>:8141
+       ProxyPassMatch ^/([^/]+/file_content/volatile/.*)$ https://<%= @fqdn 
%>:8141
+       # The rest gets balanced
        ProxyPass / balancer://mycluster/
        <Proxy balancer://mycluster>
          <%- @workers.each do |worker| -%>

-- 
To view, visit https://gerrit.wikimedia.org/r/118251
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id2ccf65d453a2878eb00fea1e0c65f5ec526cac2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to