[MediaWiki-commits] [Gerrit] operations/puppet[production]: Labs ldap: Further attempt to get the keystone IP in an acl

Mon, 05 Dec 2016 14:48:31 -0800 

Andrew Bogott has submitted this change and it was merged.

Change subject: Labs ldap: Further attempt to get the keystone IP in an acl
......................................................................


Labs ldap: Further attempt to get the keystone IP in an acl

Change-Id: Icd1309b407d69318ad6d143a97ac034e00e3a7a7
---
D hieradata/hosts/labtestservices2001.yaml
M modules/openldap/templates/labs-acls.erb
M modules/role/manifests/openldap/labs.pp
3 files changed, 1 insertion(+), 4 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/hieradata/hosts/labtestservices2001.yaml 
b/hieradata/hosts/labtestservices2001.yaml
deleted file mode 100644
index ca0b81f..0000000
--- a/hieradata/hosts/labtestservices2001.yaml
+++ /dev/null
@@ -1 +0,0 @@
-labs_keystone_host: "labtestcontrol2001.wikimedia.org"
diff --git a/modules/openldap/templates/labs-acls.erb 
b/modules/openldap/templates/labs-acls.erb
index 62fc6fe..db66711 100644
--- a/modules/openldap/templates/labs-acls.erb
+++ b/modules/openldap/templates/labs-acls.erb
@@ -13,4 +13,4 @@
 # novaobserver is an account used only for keystone access.  We don't want it
 #  to appear on wikitech, gerrit, etc. so limit access only to the keystone 
host
 access to dn=uid=novaobserver,ou=people,dc=wikimedia,dc=org
-       by peername.ip=<%= @labs_keystone_ip %> anonymous read
+       by 
peername.ip=<%=scope.function_ipresolve([scope.function_hiera(['labs_keystone_host']),
 4])%> anonymous read
diff --git a/modules/role/manifests/openldap/labs.pp 
b/modules/role/manifests/openldap/labs.pp
index a16d517..ba95b10 100644
--- a/modules/role/manifests/openldap/labs.pp
+++ b/modules/role/manifests/openldap/labs.pp
@@ -7,8 +7,6 @@
     $ldapconfig = hiera_hash('labsldapconfig', {})
     $ldap_labs_hostname = $ldapconfig['hostname']
 
-    $labs_keystone_ip = ipresolve(hiera('labs_keystone_host'),4)
-
     system::role { 'role::openldap::labs':
         description => 'LDAP servers for labs (based on OpenLDAP)'
     }

-- 
To view, visit https://gerrit.wikimedia.org/r/325433
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Icd1309b407d69318ad6d143a97ac034e00e3a7a7
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to