Alexandros Kosiaris has submitted this change and it was merged.
Change subject: ldap-corp: Instruct openldap certificate usage based on DC
......................................................................
ldap-corp: Instruct openldap certificate usage based on DC
Vary the certificate name used based on the DC to have a more
streamlined and eventless transition. Start the transition with codfw
where the LDAP server is unused
Change-Id: Id4c2330af6f36f880740fed9d1dc7b02d62c582a
---
M modules/role/manifests/openldap/corp.pp
1 file changed, 12 insertions(+), 2 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/role/manifests/openldap/corp.pp
b/modules/role/manifests/openldap/corp.pp
index 8a644e0..a906084 100644
--- a/modules/role/manifests/openldap/corp.pp
+++ b/modules/role/manifests/openldap/corp.pp
@@ -18,6 +18,16 @@
group => 'openldap',
}
+ # NOTE: Temporary while migration to ldap-corp takes place
+ $certificate = $::site ? {
+ 'eqiad' => '/etc/ssl/localcerts/ldap-mirror.wikimedia.org.crt',
+ 'codfw' => "/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.crt",
+ }
+ $key = $::site ? {
+ 'eqiad' => '/etc/ssl/private/ldap-mirror.wikimedia.org.key',
+ 'codfw' => "/etc/ssl/private/ldap-corp.${::site}.wikimedia.org.key",
+ }
+
class { '::openldap':
server_id => 3, # 1 and 2 used in OIT
suffix => 'dc=corp,dc=wikimedia,dc=org',
@@ -25,8 +35,8 @@
master => $master,
sync_pass => $sync_pass,
ca => '/etc/ssl/certs/ca-certificates.crt',
- certificate => '/etc/ssl/localcerts/ldap-mirror.wikimedia.org.crt',
- key => '/etc/ssl/private/ldap-mirror.wikimedia.org.key',
+ certificate => $certificate,
+ key => $key,
}
ferm::service { 'corp_ldap':
--
To view, visit https://gerrit.wikimedia.org/r/250419
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id4c2330af6f36f880740fed9d1dc7b02d62c582a
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
