[MediaWiki-commits] [Gerrit] operations/puppet[production]: profile::etcd: listen on localhost for clients if a TLS prox...

Giuseppe Lavagetto (Code Review) Thu, 26 Jan 2017 09:04:13 -0800

Giuseppe Lavagetto has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/334376 )


Change subject: profile::etcd: listen on localhost for clients if a TLS proxy 
is present
......................................................................

profile::etcd: listen on localhost for clients if a TLS proxy is present

Change-Id: If9410dedcc03d125edbbf6c9160bfedb2106551f
---
M modules/etcd/manifests/init.pp
M modules/profile/manifests/etcd.pp
2 files changed, 9 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/76/334376/1

diff --git a/modules/etcd/manifests/init.pp b/modules/etcd/manifests/init.pp
index 5cb72ac..ad1b574 100644
--- a/modules/etcd/manifests/init.pp
+++ b/modules/etcd/manifests/init.pp
@@ -16,6 +16,9 @@
 #   The TCP port the ETCD server will advertise to clients. Useful if you
 #   proxy to etcd via nginx or some similar https terminator
 #
+# [*peer_host*]
+#   host (or IP) of the etcd server
+#
 # [*peer_port*]
 #   TCP port for the cluster traffic
 #
@@ -42,6 +45,7 @@
     $host             = '127.0.0.1',
     $client_port      = 2379,
     $adv_client_port  = 2379,
+    $peer_host        = $host,
     $peer_port        = 2380,
     $cluster_name     = $::domain,
     $cluster_state    = undef,
@@ -83,7 +87,7 @@
 
     $client_url = "${scheme}://${host}:${client_port}"
     $adv_client_url = "${adv_scheme}://${host}:${adv_client_port}"
-    $peer_url = "http://${host}:${peer_port}"; # Peer TLS is currently broken?
+    $peer_url = "http://${peer_host}:${peer_port}"; # Peer TLS is currently 
broken?
     $etcd_data_dir = "/var/lib/etcd/${cluster_name}"
 
     file { '/var/lib/etcd':
diff --git a/modules/profile/manifests/etcd.pp 
b/modules/profile/manifests/etcd.pp
index 53c406f..4f5a9c0 100644
--- a/modules/profile/manifests/etcd.pp
+++ b/modules/profile/manifests/etcd.pp
@@ -53,17 +53,20 @@
     }
 
     if $use_proxy {
+        $host = '127.0.0.1'
         $client_port = 2378
         $adv_client_port = 2379
     }
     else {
+        $host = $::fqdn
         $client_port = 2379
         $adv_client_port = 2379
     }
 
     # Service & firewalls
     class { '::etcd':
-        host             => $::fqdn,
+        host             => $host,
+        peer_host        => $::fqdn,
         cluster_name     => $cluster_name,
         cluster_state    => $cluster_state,
         client_port      => $client_port,

-- 
To view, visit https://gerrit.wikimedia.org/r/334376
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If9410dedcc03d125edbbf6c9160bfedb2106551f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: profile::etcd: listen on localhost for clients if a TLS prox...

Reply via email to