[MediaWiki-commits] [Gerrit] ldap-mirror: Remove the vary on DC name to complete the migr... - change (operations/puppet)

Alexandros Kosiaris (Code Review) Fri, 13 Nov 2015 10:37:45 -0800

Alexandros Kosiaris has submitted this change and it was merged.

Change subject: ldap-mirror: Remove the vary on DC name to complete the 
migration
......................................................................



ldap-mirror: Remove the vary on DC name to complete the migration

complete the migration in the eqiad DC as well by moving to the use of
ldap-corp certificate as well. Remove the population of the old
ldap-mirror certificate

Change-Id: I0d63285f9b1deafd9738dcba9df178dc300becf0
---
M modules/role/manifests/openldap/corp.pp
1 file changed, 3 insertions(+), 13 deletions(-)

Approvals:
  Alexandros Kosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/role/manifests/openldap/corp.pp 
b/modules/role/manifests/openldap/corp.pp
index edde1f0..1995e2c 100644
--- a/modules/role/manifests/openldap/corp.pp
+++ b/modules/role/manifests/openldap/corp.pp
@@ -12,20 +12,10 @@
     $master = 'ldap1.corp.wikimedia.org'
     $sync_pass = $passwords::openldap::corp::sync_pass
 
-    sslcert::certificate { 'ldap-mirror.wikimedia.org': }
+    sslcert::certificate { 'ldap-mirror.wikimedia.org': ensure => absent }
     # Certificate needs to be readable by slapd
     sslcert::certificate { "ldap-corp.${::site}.wikimedia.org":
         group => 'openldap',
-    }
-
-    # NOTE: Temporary while migration to ldap-corp takes place
-    $certificate = $::site ? {
-        'eqiad' => '/etc/ssl/localcerts/ldap-mirror.wikimedia.org.crt',
-        'codfw' => "/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.crt",
-    }
-    $key = $::site ? {
-        'eqiad' => '/etc/ssl/private/ldap-mirror.wikimedia.org.key',
-        'codfw' => "/etc/ssl/private/ldap-corp.${::site}.wikimedia.org.key",
     }
 
     class { '::openldap':
@@ -35,8 +25,8 @@
         master      => $master,
         sync_pass   => $sync_pass,
         ca          => '/etc/ssl/certs/ca-certificates.crt',
-        certificate => $certificate,
-        key         => $key,
+        certificate => 
"/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.crt",
+        key         => 
"/etc/ssl/localcerts/ldap-corp.${::site}.wikimedia.org.key",
     }
 
     ferm::service { 'corp_ldap':

-- 
To view, visit https://gerrit.wikimedia.org/r/250420
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0d63285f9b1deafd9738dcba9df178dc300becf0
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ldap-mirror: Remove the vary on DC name to complete the migr... - change (operations/puppet)

Reply via email to