[MediaWiki-commits] [Gerrit] Tools: Allow proxy certificate to be manually managed - change (operations/puppet)

Sun, 22 Mar 2015 16:00:59 -0700 

Tim Landscheidt has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/198665

Change subject: Tools: Allow proxy certificate to be manually managed
......................................................................

Tools: Allow proxy certificate to be manually managed

For testing proxy configurations in Toolsbeta it needs to be possible
to specify to use a certificate other than "star.wmflabs.org" that
also does not require adding it to the files/ssl directory.

Change-Id: I0d949a0882809189890ea70af0fb51954f3a2719
---
M modules/toollabs/manifests/proxy.pp
1 file changed, 10 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/65/198665/1

diff --git a/modules/toollabs/manifests/proxy.pp 
b/modules/toollabs/manifests/proxy.pp
index fd2c5aa..e30dcb5 100644
--- a/modules/toollabs/manifests/proxy.pp
+++ b/modules/toollabs/manifests/proxy.pp
@@ -1,18 +1,23 @@
 # A dynamic HTTP routing proxy, based on the dynamicproxy module.
-class toollabs::proxy inherits toollabs {
+class toollabs::proxy(
+    $ssl_certificate_name = 'star.wmflabs.org',
+    $ssl_install_certificate = true,
+) inherits toollabs {
     include toollabs::infrastructure
     include ::redis::client::python
 
-    install_certificate { 'star.wmflabs.org':
-        privatekey => false
+    if $ssl_install_certificate {
+        install_certificate { $ssl_certificate_name:
+            privatekey => false,
+            before     => Class['::dynamicproxy'],
+        }
     }
 
     class { '::dynamicproxy':
         ssl_settings         => ssl_ciphersuite('nginx', 'compat'),
         luahandler           => 'urlproxy',
         resolver             => '10.68.16.1', # eqiad DNS resolver
-        ssl_certificate_name => 'star.wmflabs.org',
-        require              => Install_certificate['star.wmflabs.org']
+        ssl_certificate_name => $ssl_certificate_name,
     }
 
     file { '/usr/local/sbin/proxylistener':

-- 
To view, visit https://gerrit.wikimedia.org/r/198665
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0d949a0882809189890ea70af0fb51954f3a2719
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to