[MediaWiki-commits] [Gerrit] ldap-mirror: Remove the vary on DC name to complete the migr... - change (operations/puppet)

Alexandros Kosiaris (Code Review) Mon, 02 Nov 2015 05:45:43 -0800

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/250420


Change subject: ldap-mirror: Remove the vary on DC name to complete the 
migration
......................................................................

ldap-mirror: Remove the vary on DC name to complete the migration

complete the migration in the eqiad DC as well by moving to the use of
ldap-corp certificate as well. Remove the population of the old
ldap-mirror certificate

Change-Id: I0d63285f9b1deafd9738dcba9df178dc300becf0
---
M modules/role/manifests/openldap/corp.pp
1 file changed, 2 insertions(+), 13 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/20/250420/1

diff --git a/modules/role/manifests/openldap/corp.pp 
b/modules/role/manifests/openldap/corp.pp
index 6aad47c..08883de 100644
--- a/modules/role/manifests/openldap/corp.pp
+++ b/modules/role/manifests/openldap/corp.pp
@@ -12,20 +12,9 @@
     $master = 'ldap1.corp.wikimedia.org'
     $sync_pass = $passwords::openldap::corp::sync_pass
 
-    sslcert::certificate { 'ldap-mirror.wikimedia.org': }
     # Certificate needs to be readable by slapd
     sslcert::certificate { "ldap-corp.${::site}.wikimedia.org":
         group => 'openldap',
-    }
-
-    # NOTE: Temporary while migration to ldap-corp takes place
-    $certificate => $::site ? {
-        'eqiad' => '/etc/ssl/localcerts/ldap-mirror.wikimedia.org.crt',
-        'codfw' => "/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.crt",
-    }
-    $key => $::site ? {
-        'eqiad' => '/etc/ssl/localcerts/ldap-mirror.wikimedia.org.key',
-        'codfw' => "/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.key",
     }
 
     class { '::openldap':
@@ -35,8 +24,8 @@
         master      => $master,
         sync_pass   => $sync_pass,
         ca          => '/etc/ssl/certs/ca-certificates.crt',
-        certificate => $certificate,
-        key         => $key,
+        certificate => 
"/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.crt",
+        key         => 
"/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.key",
     }
 
     ferm::service { 'corp_ldap':

-- 
To view, visit https://gerrit.wikimedia.org/r/250420
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0d63285f9b1deafd9738dcba9df178dc300becf0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ldap-mirror: Remove the vary on DC name to complete the migr... - change (operations/puppet)

Reply via email to