[MediaWiki-commits] [Gerrit] certs: inline privatekey=false install_certificate - change (operations/puppet)

Faidon Liambotis (Code Review) Wed, 10 Jun 2015 06:46:19 -0700

Faidon Liambotis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/217271


Change subject: certs: inline privatekey=false install_certificate
......................................................................

certs: inline privatekey=false install_certificate

Inline sslcert::certificate on the handful install_certificate call
sites where a privatekey isn't passed (all of them star.wmflabs.org
ones) and remove the option from install_certificate altogether.

Change-Id: I42dd380c72248086951471633806ebde9ad3d129
---
M manifests/certs.pp
M manifests/role/labsproxy.pp
M manifests/role/protoproxy.pp
M modules/toollabs/manifests/proxy.pp
M modules/toollabs/manifests/static.pp
5 files changed, 15 insertions(+), 22 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/71/217271/1

diff --git a/manifests/certs.pp b/manifests/certs.pp
index 95b9a63..f1abe10 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -1,13 +1,6 @@
-define install_certificate(
-    $privatekey=true,
-) {
+define install_certificate {
     sslcert::certificate { $name:
-        source => "puppet:///files/ssl/${name}.crt",
-    }
-
-    if ( $privatekey == true ) {
-        Sslcert::Certificate[$name] {
-            private => "puppet:///private/ssl/${name}.key",
-        }
+        source  => "puppet:///files/ssl/${name}.crt",
+        private => "puppet:///private/ssl/${name}.key",
     }
 }
diff --git a/manifests/role/labsproxy.pp b/manifests/role/labsproxy.pp
index 97383c3..2bb3493 100644
--- a/manifests/role/labsproxy.pp
+++ b/manifests/role/labsproxy.pp
@@ -1,17 +1,17 @@
 # A dynamic HTTP routing proxy, based on nginx+lua+redis
 class role::dynamicproxy::eqiad {
-    install_certificate{ 'star.wmflabs.org':
-        privatekey => false
-    }
-
     include base::firewall
+
+    sslcert::certificate { 'star.wmflabs.org':
+        source => 'puppet:///files/ssl/star.wmflabs.org.crt',
+    }
 
     class { '::dynamicproxy':
         ssl_certificate_name => 'star.wmflabs.org',
         ssl_settings         => ssl_ciphersuite('nginx', 'compat'),
         set_xff              => true,
         luahandler           => 'domainproxy',
-        require              => Install_certificate['star.wmflabs.org']
+        require              => Sslcert::Certificate['star.wmflabs.org'],
     }
     include dynamicproxy::api
 }
diff --git a/manifests/role/protoproxy.pp b/manifests/role/protoproxy.pp
index e18414a..8ff7e10 100644
--- a/manifests/role/protoproxy.pp
+++ b/manifests/role/protoproxy.pp
@@ -42,8 +42,8 @@
     include standard
     include role::protoproxy::ssl::common
 
-    install_certificate { 'star.wmflabs.org':
-        privatekey => false,
+    sslcert::certificate { 'star.wmflabs.org':
+        source => 'puppet:///files/ssl/star.wmflabs.org.crt',
     }
 
 }
diff --git a/modules/toollabs/manifests/proxy.pp 
b/modules/toollabs/manifests/proxy.pp
index 0d1911d..2594bed 100644
--- a/modules/toollabs/manifests/proxy.pp
+++ b/modules/toollabs/manifests/proxy.pp
@@ -9,9 +9,9 @@
     include base::firewall
 
     if $ssl_install_certificate {
-        install_certificate { $ssl_certificate_name:
-            privatekey => false,
-            before     => Class['::dynamicproxy'],
+        sslcert::certificate { $ssl_certificate_name:
+            source => "puppet:///files/ssl/$ssl_certificate_name.crt",
+            before => Class['::dynamicproxy'],
         }
     }
 
diff --git a/modules/toollabs/manifests/static.pp 
b/modules/toollabs/manifests/static.pp
index 7114b7f..ad2939a 100644
--- a/modules/toollabs/manifests/static.pp
+++ b/modules/toollabs/manifests/static.pp
@@ -9,8 +9,8 @@
     include toollabs::infrastructure
 
     if $ssl_certificate_name != false {
-        install_certificate { $ssl_certificate_name:
-            privatekey => false,
+        sslcert::certificate { $ssl_certificate_name:
+            source => "puppet:///files/ssl/$ssl_certificate_name.crt",
         }
     }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/217271
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I42dd380c72248086951471633806ebde9ad3d129
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] certs: inline privatekey=false install_certificate - change (operations/puppet)

Reply via email to