[MediaWiki-commits] [Gerrit] nagios: fix check for unified certificate - change (operations/puppet)

Tue, 23 Dec 2014 10:25:16 -0800 

Faidon Liambotis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/181604

Change subject: nagios: fix check for unified certificate
......................................................................

nagios: fix check for unified certificate

We currently call check_ssl with *.wikipedia.org, and as * is not a
valid character in a domain, check_ssl isn't very happy.

Kill that clause for now, since check_ssl doesn't have a way to check
without SNI anyway.

Change-Id: Ica9c6027b97a40da04f501e83bb52647cd1b4f42
---
M manifests/role/cache.pp
1 file changed, 3 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/04/181604/1

diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 60708b0..09137ae 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -529,18 +529,12 @@
     define localssl($certname, $server_name=$::fqdn, $server_aliases=[], 
$default_server=false) {
         # Assumes that LVS service IPs are setup elsewhere
 
-        # For unified or star certs we need to do a bit of
-        # mapping; in other cases we should be OK with the raw name
-        $check_cert = $certname ? {
-            'unified.wikimedia.org' => '*.wikipedia.org',
-            'uni.wikimedia.org'     => '*.wikipedia.org',
-            default                 => $certname
-        }
-
         # Nagios monitoring
+        # FIXME: figure out a way to monitor the unified certificate
+        # (unified.wikimedia.org / uni.wikimedia.org) without SNI
         monitoring::service { "https_${name}":
             description   => "HTTPS_${name}",
-            check_command => "check_ssl_http!${check_cert}",
+            check_command => "check_ssl_http!${certname}",
         }
 
         install_certificate { $certname:

-- 
To view, visit https://gerrit.wikimedia.org/r/181604
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ica9c6027b97a40da04f501e83bb52647cd1b4f42
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to