[MediaWiki-commits] [Gerrit] deployment: make the keyholder key path configurable - change (operations/puppet)

Tue, 16 Dec 2014 00:14:16 -0800 

Giuseppe Lavagetto has submitted this change and it was merged.

Change subject: deployment: make the keyholder key path configurable
......................................................................


deployment: make the keyholder key path configurable

This is the correct fix for bug T75520 - contrary to what was done in
I08c24578596506a1a8baedb7f4a42c2c78be295a we do not change the logic of
the class, we just allow to change the key location via hiera, and leave
the default value to be the one we use in production.

Change-Id: Iba742c94aa3df7497fbff52a856d7ba16cf22cc7
Signed-off-by: Giuseppe Lavagetto <[email protected]>
---
M manifests/role/deployment.pp
1 file changed, 5 insertions(+), 2 deletions(-)

Approvals:
  Giuseppe Lavagetto: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index 0a5f36a..75f898b 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -130,7 +130,10 @@
     }
 }
 
-class role::deployment::deployment_servers::common {
+class role::deployment::deployment_servers::common(
+    # Source of the key, change this if not in production, with hiera.
+    $key_source = 'puppet:///private/ssh/tin/mwdeploy_rsa',
+) {
     # Can't include this while scap is present on tin:
     # include misc::deployment::scripts
 
@@ -154,7 +157,7 @@
     class { '::keyholder': trusted_group => 'wikidev', } ->
     class { '::keyholder::monitoring': } ->
     keyholder::private_key { 'mwdeploy_rsa':
-        source  => 'puppet:///private/ssh/tin/mwdeploy_rsa',
+        source  => $key_source,
     }
 }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/180126
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iba742c94aa3df7497fbff52a856d7ba16cf22cc7
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to