Yuvipanda has submitted this change and it was merged.
Change subject: toollabs: Add class and role for static file server
......................................................................
toollabs: Add class and role for static file server
Bug: T84982
Change-Id: I189e488eb98987f4394884dd01ab57709b032345
---
M manifests/role/labstools.pp
A modules/toollabs/manifests/static.pp
A modules/toollabs/templates/static-server.conf.erb
3 files changed, 81 insertions(+), 0 deletions(-)
Approvals:
Yuvipanda: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/labstools.pp b/manifests/role/labstools.pp
index 471902f..e602f0e 100644
--- a/manifests/role/labstools.pp
+++ b/manifests/role/labstools.pp
@@ -45,6 +45,14 @@
system::role { 'role::labs::tools::proxy': description => 'Tool labs
generic web proxy' }
}
+ class static inherits role::labs::tools::common {
+ include toollabs::static
+
+ system::role { 'role::labs::tools::static':
+ description => 'Tool Labs static http server',
+ }
+ }
+
class mailrelay inherits role::labs::tools::common {
system::role { 'role::labs::tools::mailrelay': description => 'Tool
Labs mail relay' }
diff --git a/modules/toollabs/manifests/static.pp
b/modules/toollabs/manifests/static.pp
new file mode 100644
index 0000000..96a199f
--- /dev/null
+++ b/modules/toollabs/manifests/static.pp
@@ -0,0 +1,20 @@
+# = Class: toollabs::proxy
+#
+# A static http server, serving static files from NFS
+class toollabs::static(
+ $resolver = '10.68.16.1',
+ $ssl_certificate_name = 'star.wmflabs.org',
+ $ssl_settings = ssl_ciphersuite('nginx', 'compat'),
+) inherits toollabs {
+ include toollabs::infrastructure
+
+ if $ssl_certificate_name != false {
+ install_certificate { $ssl_certificate_name:
+ privatekey => false,
+ }
+ }
+
+ nginx::site { 'static-server':
+ content => template('toollabs/static-server.conf.erb'),
+ }
+}
diff --git a/modules/toollabs/templates/static-server.conf.erb
b/modules/toollabs/templates/static-server.conf.erb
new file mode 100644
index 0000000..9d1a924
--- /dev/null
+++ b/modules/toollabs/templates/static-server.conf.erb
@@ -0,0 +1,53 @@
+#Copyright 2013 Yuvi Panda <[email protected]>
+#
+#Licensed under the Apache License, Version 2.0 (the "License");
+#you may not use this file except in compliance with the License.
+#You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+#Unless required by applicable law or agreed to in writing, software
+#distributed under the License is distributed on an "AS IS" BASIS,
+#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#See the License for the specific language governing permissions and
+#limitations under the License.
+
+server {
+ resolver <%= @resolver %>;
+
+ listen 80;
+
+ <%- if @ssl_certificate_name != false -%>
+ # Serve both HTTP and HTTPS
+ listen 443 default_server ssl spdy;
+
+ ssl_certificate /etc/ssl/certs/<%= @ssl_certificate_name %>.chained.pem;
+ ssl_certificate_key /etc/ssl/private/<%= @ssl_certificate_name %>.key;
+
+ # Copied from templates/nginx/nginx.conf.erb. Eugh
+ # Enable a shared cache, since it is defined at this level
+ # it will be used for all virtual hosts. 1m = 4000 active sessions,
+ # so we are allowing 200,000 active sessions.
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_timeout 5m;
+
+ <%= @ssl_settings.join("\n") %>
+
+ <%- end -%>
+
+ # Block requests with no UA string
+ if ($http_user_agent = "") {
+ return 403 "Requests must have a user agent";
+ }
+
+ # GZIP ALL THE THINGS!
+ gzip on;
+ gzip_proxied any;
+ gzip_types text/plain text/css text/xml application/json
application/javascript application/x-javascript text/javascript;
+
+ location ~ ^/([^/]+)(/.*)?$ {
+ autoindex on;
+ root /data/project/$1/public_html/static;
+ try_files $2 $2.html $2/index.html $2/;
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/181053
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I189e488eb98987f4394884dd01ab57709b032345
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
