[MediaWiki-commits] [Gerrit] Gerrit: Require specifing IPv4 and IPv6 addresses to role - change (operations/puppet)

Chad (Code Review) Fri, 08 Jul 2016 15:35:57 -0700

Chad has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/298101


Change subject: Gerrit: Require specifing IPv4 and IPv6 addresses to role
......................................................................

Gerrit: Require specifing IPv4 and IPv6 addresses to role

Allows us to differentiate by node. While we're here, also cleanup
the SSL cert handling. Default where we can, and allow to override
the actual cert being installed in the role in case it doesn't match
the same one as your hostname. Ideally we can pass this down instead
of using it twice

Change-Id: Ia2da8a88287805bbd4b9fb673d75c97bc6e12d30
---
A hieradata/hosts/ytterbium.yaml
M hieradata/role/common/gerrit/server.yaml
M modules/gerrit/manifests/init.pp
M modules/gerrit/manifests/proxy.pp
M modules/role/manifests/gerrit/server.pp
5 files changed, 21 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/01/298101/1

diff --git a/hieradata/hosts/ytterbium.yaml b/hieradata/hosts/ytterbium.yaml
new file mode 100644
index 0000000..f0bd18d
--- /dev/null
+++ b/hieradata/hosts/ytterbium.yaml
@@ -0,0 +1,2 @@
+role::gerrit::server::ipv4: '208.80.154.81'
+role::gerrit::server::ipv6: '2620:0:861:3:208:80:154:81'
diff --git a/hieradata/role/common/gerrit/server.yaml 
b/hieradata/role/common/gerrit/server.yaml
index e73fd44..50d1c31 100644
--- a/hieradata/role/common/gerrit/server.yaml
+++ b/hieradata/role/common/gerrit/server.yaml
@@ -5,8 +5,6 @@
   debdeploy-gerrit:
     value: standard
 role::gerrit::server::host: 'gerrit.wikimedia.org'
-gerrit::proxy::ssl_cert: '%{::role::gerrit::server::host}'
-gerrit::proxy::ssl_cert_key: '%{::role::gerrit::server::host}'
 gerrit::crons::ssh_key: 'ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEAxOlshfr3UaPr8gQ8UVskxHAGG9xb55xDyfqlK7vsAs/p+OXpRB4KZOxHWqI40FpHhW+rFVA0Ugk7vBK13oKCB435TJlHYTJR62qQNb2DVxi5rtvZ7DPnRRlAvdGpRft9JsoWdgsXNqRkkStbkA5cqotvVHDYAgzBnHxWPM8REokQVqil6S/yHkIGtXO5J7F6I1OvYCnG1d1GLT5nDt+ZeyacLpZAhrBlyFD6pCwDUhg4+H4O3HGwtoh5418U4cvzRgYOQQXsU2WW5nBQHE9LXVLoL6UeMYY4yMtaNw207zN6kXcMFKyTuF5qlF5whC7cmM4elhAO2snwIw4C3EyQgw==
 gerrit@production'
 gerrit::jetty::replication:
     github:
diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index 33e069c..34203a5 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -1,6 +1,6 @@
 # Manifest to setup a Gerrit instance
 
-class gerrit($host) {
+class gerrit($host, $sslhost) {
 
     class { 'gerrit::jetty': }
 
diff --git a/modules/gerrit/manifests/proxy.pp 
b/modules/gerrit/manifests/proxy.pp
index 700a29f..d51169f 100644
--- a/modules/gerrit/manifests/proxy.pp
+++ b/modules/gerrit/manifests/proxy.pp
@@ -1,7 +1,7 @@
 class gerrit::proxy(
     $host         = $::gerrit::host,
-    $ssl_cert     = 'ssl-cert-snakeoil',
-    $ssl_cert_key = 'ssl-cert-snakeoil'
+    $ssl_cert     = $::gerrit::sslhost,
+    $ssl_cert_key = $::gerrit::proxy::ssl_cert,
     ) {
 
     $ssl_settings = ssl_ciphersuite('apache', 'compat', true)
diff --git a/modules/role/manifests/gerrit/server.pp 
b/modules/role/manifests/gerrit/server.pp
index bd3aeec..6b523ff 100644
--- a/modules/role/manifests/gerrit/server.pp
+++ b/modules/role/manifests/gerrit/server.pp
@@ -1,10 +1,20 @@
 # modules/role/manifests/gerrit/production.pp
-class role::gerrit::server($host) {
+class role::gerrit::server(
+        $host = undef,
+        $ipv4 = undef,
+        $ipv6 = undef,
+        $sslhost = $::role::gerrit::server::host,
+        ) {
+
         system::role { 'role::gerrit::server': description => 'Gerrit server' }
         include role::backup::host
         include base::firewall
 
-        sslcert::certificate { $host: }
+        if $host == undef or $ipv4 == undef or $ipv6 == undef {
+            fail('role::gerrit::server must have $host $ipv4 and $ipv6 
provided')
+        }
+
+        sslcert::certificate { $sslhost: }
 
         monitoring::service { 'https':
             description   => 'HTTPS',
@@ -15,12 +25,12 @@
 
         interface::ip { 'role::gerrit::server_ipv4':
             interface => 'eth0',
-            address   => '208.80.154.81',
+            address   => $ipv4,
             prefixlen => '32',
         }
         interface::ip { 'role::gerrit::server_ipv6':
             interface => 'eth0',
-            address   => '2620:0:861:3:208:80:154:81',
+            address   => $ipv6,
             prefixlen => '128',
         }
 
@@ -40,6 +50,7 @@
         }
 
         class { '::gerrit':
-            host => $host,
+            host    => $host,
+            sslhost => $sslhost,
         }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/298101
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia2da8a88287805bbd4b9fb673d75c97bc6e12d30
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Chad <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Gerrit: Require specifing IPv4 and IPv6 addresses to role - change (operations/puppet)

Reply via email to