Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/250417
Change subject: role::openldap::corp: move into role module
......................................................................
role::openldap::corp: move into role module
Long time coming
Change-Id: I9bcfdce1b5bd413dd9d9a9b52ffcab411278b055
---
M manifests/role/openldap.pp
A modules/role/manifests/openldap/corp.pp
2 files changed, 40 insertions(+), 38 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/17/250417/1
diff --git a/manifests/role/openldap.pp b/manifests/role/openldap.pp
index 657b004..a8c1ddf 100644
--- a/manifests/role/openldap.pp
+++ b/manifests/role/openldap.pp
@@ -1,44 +1,7 @@
-# vim: set ts=4 et sw=4:
+# TODO: Move this elsewhere
@monitoring::group { 'openldap_corp_mirror_eqiad':
description => 'Corp OIT LDAP Mirror'
}
@monitoring::group { 'openldap_corp_mirror_codfw':
description => 'Corp OIT LDAP Mirror codfw'
-}
-
-class role::openldap::corp {
- include passwords::openldap::corp
- include base::firewall
-
- system::role { 'role::openldap::corp':
- description => 'Corp OIT openldap Mirror server'
- }
-
- $master = 'ldap1.corp.wikimedia.org'
- $sync_pass = $passwords::openldap::corp::sync_pass
-
- sslcert::certificate { 'ldap-mirror.wikimedia.org': }
-
- class { '::openldap':
- server_id => 3, # 1 and 2 used in OIT
- suffix => 'dc=corp,dc=wikimedia,dc=org',
- datadir => '/var/lib/ldap/corp',
- master => $master,
- sync_pass => $sync_pass,
- ca => '/etc/ssl/certs/ca-certificates.crt',
- certificate => '/etc/ssl/localcerts/ldap-mirror.wikimedia.org.crt',
- key => '/etc/ssl/private/ldap-mirror.wikimedia.org.key',
- }
-
- ferm::service { 'corp_ldap':
- proto => 'tcp',
- port => '389', # Yes, explicitly not supporting LDAPS (port 636)
- srange => '$ALL_NETWORKS',
- }
-
- monitoring::service { 'corp_ldap_mirror':
- description => 'Corp OIT LDAP Mirror ',
- check_command => 'check_ldap!dc=corp,dc=wikimedia,dc=org',
- critical => true,
- }
}
diff --git a/modules/role/manifests/openldap/corp.pp
b/modules/role/manifests/openldap/corp.pp
new file mode 100644
index 0000000..bda1502
--- /dev/null
+++ b/modules/role/manifests/openldap/corp.pp
@@ -0,0 +1,39 @@
+# A class to setup the corp OIT LDAP mirror. This is used for cheap recipient
+# verification during email accept
+# vim: set ts=4 et sw=4:
+class role::openldap::corp {
+ include passwords::openldap::corp
+ include base::firewall
+
+ system::role { 'role::openldap::corp':
+ description => 'Corp OIT openldap Mirror server'
+ }
+
+ $master = 'ldap1.corp.wikimedia.org'
+ $sync_pass = $passwords::openldap::corp::sync_pass
+
+ sslcert::certificate { 'ldap-mirror.wikimedia.org': }
+
+ class { '::openldap':
+ server_id => 3, # 1 and 2 used in OIT
+ suffix => 'dc=corp,dc=wikimedia,dc=org',
+ datadir => '/var/lib/ldap/corp',
+ master => $master,
+ sync_pass => $sync_pass,
+ ca => '/etc/ssl/certs/ca-certificates.crt',
+ certificate => '/etc/ssl/localcerts/ldap-mirror.wikimedia.org.crt',
+ key => '/etc/ssl/private/ldap-mirror.wikimedia.org.key',
+ }
+
+ ferm::service { 'corp_ldap':
+ proto => 'tcp',
+ port => '389', # Yes, explicitly not supporting LDAPS (port 636)
+ srange => '$ALL_NETWORKS',
+ }
+
+ monitoring::service { 'corp_ldap_mirror':
+ description => 'Corp OIT LDAP Mirror ',
+ check_command => 'check_ldap!dc=corp,dc=wikimedia,dc=org',
+ critical => true,
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/250417
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9bcfdce1b5bd413dd9d9a9b52ffcab411278b055
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
