[MediaWiki-commits] [Gerrit] enable OCSP Stapling everywhere - change (operations/puppet)

Wed, 25 Mar 2015 08:53:13 -0700 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/199624

Change subject: enable OCSP Stapling everywhere
......................................................................

enable OCSP Stapling everywhere

Change-Id: Ic2c4c6844cd64f0159e306c2ace89ca0b24dd7bf
---
M manifests/role/cache.pp
1 file changed, 2 insertions(+), 18 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/24/199624/1

diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index b7a1f91..bcc0385 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -654,34 +654,18 @@
         include certificates::wmf_ca_2014_2017
         include role::protoproxy::ssl::common
 
-        # Test OCSP on cp1008 only initially
-        if $::hostname == 'cp1008' {
-            $ocsp_test = true
-        }
-        else {
-            $ocsp_test = false
-        }
-
         localssl { 'unified':
             certname => 'uni.wikimedia.org',
             default_server => true,
-            do_ocsp => $ocsp_test,
+            do_ocsp => true,
         }
 
         define sni_cert() {
-            # Test OCSP on cp1008 only initially
-            if $::hostname == 'cp1008' {
-                $ocsp_test = true
-            }
-            else {
-                $ocsp_test = false
-            }
-
             localssl { $name:
                 certname => "sni.${name}",
                 server_name => $name,
                 server_aliases => ["*.${name}"],
-                do_ocsp => $ocsp_test,
+                do_ocsp => true,
             }
         }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/199624
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic2c4c6844cd64f0159e306c2ace89ca0b24dd7bf
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to