Dzahn has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/328429 )
Change subject: install: add hiera override to skip Letsencrypt cert creation
......................................................................
install: add hiera override to skip Letsencrypt cert creation
Add a Hiera override to skip the Letsecnrypt cert creation
for apt.wikimedia.org on the hosts that currently don't serve
it but have the role applied.
Bug: T132757
Change-Id: I11a07dbfdc3317422a5f553e9d6b069479d8506c
---
A hieradata/hosts/carbon.yaml
M hieradata/hosts/install1001.yaml
M hieradata/hosts/install2001.yaml
M modules/install_server/manifests/web_server.pp
4 files changed, 12 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/29/328429/1
diff --git a/hieradata/hosts/carbon.yaml b/hieradata/hosts/carbon.yaml
new file mode 100644
index 0000000..a583592
--- /dev/null
+++ b/hieradata/hosts/carbon.yaml
@@ -0,0 +1 @@
+apt::wikimedia::active-host: true
diff --git a/hieradata/hosts/install1001.yaml b/hieradata/hosts/install1001.yaml
index a54dfbb..2984fb1 100644
--- a/hieradata/hosts/install1001.yaml
+++ b/hieradata/hosts/install1001.yaml
@@ -2,3 +2,5 @@
debdeploy::grains:
debdeploy-tftpserver:
value: standard
+
+apt::wikimedia::active-host: false
diff --git a/hieradata/hosts/install2001.yaml b/hieradata/hosts/install2001.yaml
index a54dfbb..2984fb1 100644
--- a/hieradata/hosts/install2001.yaml
+++ b/hieradata/hosts/install2001.yaml
@@ -2,3 +2,5 @@
debdeploy::grains:
debdeploy-tftpserver:
value: standard
+
+apt::wikimedia::active-host: false
diff --git a/modules/install_server/manifests/web_server.pp
b/modules/install_server/manifests/web_server.pp
index 221c2e1..935c7f5 100644
--- a/modules/install_server/manifests/web_server.pp
+++ b/modules/install_server/manifests/web_server.pp
@@ -16,12 +16,14 @@
class install_server::web_server {
include ::nginx
- letsencrypt::cert::integrated { 'apt':
- subjects => 'apt.wikimedia.org',
- puppet_svc => 'nginx',
- system_svc => 'nginx',
+ if hiera('apt::wikimedia::active-host', false) {
+ letsencrypt::cert::integrated { 'apt':
+ subjects => 'apt.wikimedia.org',
+ puppet_svc => 'nginx',
+ system_svc => 'nginx',
+ }
+ # TODO: Monitor SSL?
}
- # TODO: Monitor SSL?
$ssl_settings = ssl_ciphersuite('nginx', 'mid', true)
--
To view, visit https://gerrit.wikimedia.org/r/328429
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I11a07dbfdc3317422a5f553e9d6b069479d8506c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
