[MediaWiki-commits] [Gerrit] SPDY support toggle, off for cp1008 canary - change (operations/puppet)

Sat, 06 Feb 2016 09:44:40 -0800 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/268892

Change subject: SPDY support toggle, off for cp1008 canary
......................................................................

SPDY support toggle, off for cp1008 canary

Bug: T125979
Change-Id: Ieb8dd08349d655ad32bdb905374dff6634acddac
---
M hieradata/hosts/cp1008.yaml
M modules/tlsproxy/manifests/localssl.pp
M modules/tlsproxy/templates/localssl.erb
3 files changed, 8 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/92/268892/1

diff --git a/hieradata/hosts/cp1008.yaml b/hieradata/hosts/cp1008.yaml
index 0898300..83fc5db 100644
--- a/hieradata/hosts/cp1008.yaml
+++ b/hieradata/hosts/cp1008.yaml
@@ -1,3 +1,4 @@
 debdeploy::grains:
   debdeploy-cp:
     value: canary
+tlsproxy::localssl::do_spdy: false
diff --git a/modules/tlsproxy/manifests/localssl.pp 
b/modules/tlsproxy/manifests/localssl.pp
index 09b03fe..ed0c79b 100644
--- a/modules/tlsproxy/manifests/localssl.pp
+++ b/modules/tlsproxy/manifests/localssl.pp
@@ -27,6 +27,10 @@
 #   correct configuration directives in the site's nginx config file as well
 #   as creates the OCSP data file itself and ensures a cron is running to
 #   keep it up to date.
+#
+# [*do_spdy*]
+#   Boolean, default true.  Enables SPDY/3.1 protocol support
+#
 
 define tlsproxy::localssl(
     $certs,
@@ -35,6 +39,7 @@
     $default_server = false,
     $upstream_port  = '80',
     $do_ocsp        = false,
+    $do_spdy        = true,
     $skip_private   = false,
 ) {
     require tlsproxy::instance
diff --git a/modules/tlsproxy/templates/localssl.erb 
b/modules/tlsproxy/templates/localssl.erb
index ef39f6b..465522c 100644
--- a/modules/tlsproxy/templates/localssl.erb
+++ b/modules/tlsproxy/templates/localssl.erb
@@ -3,8 +3,8 @@
 
 # SSL proxying
 server {
-       listen [::]:443 <%= @default_server ? "default_server deferred 
backlog=4096 reuseport ipv6only=on " : "" %>ssl spdy;
-       listen 443 <%= @default_server ? "default_server deferred backlog=4096 
reuseport " : "" %>ssl spdy;
+       listen [::]:443 <%= @default_server ? "default_server deferred 
backlog=4096 reuseport ipv6only=on " : "" %>ssl <% if @do_spdy %>spdy<% end %>;
+       listen 443 <%= @default_server ? "default_server deferred backlog=4096 
reuseport " : "" %>ssl <% if @do_spdy %>spdy<% end %>;
        ssl on;
        server_name <%= ([@server_name] + @server_aliases).join(" ") %>;
 

-- 
To view, visit https://gerrit.wikimedia.org/r/268892
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ieb8dd08349d655ad32bdb905374dff6634acddac
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to