Dzahn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/335389 )
Change subject: installserver::nginx: use "do_acme" in Hiera instead of custom
var
......................................................................
installserver::nginx: use "do_acme" in Hiera instead of custom var
Instead of using the custom "apt::wikimedia::active-host" variable
in Hiera, use the standard "do_acme: false" to disable Letsencrypt
cert creation. This should avoid issues with nginx not starting
when the LE config snippet is not generated.
Change-Id: Ica12256f6ecf1f62c43c1246f357af0ef7ce6131
---
D hieradata/hosts/carbon.yaml
M hieradata/hosts/install1001.yaml
M hieradata/hosts/install1002.yaml
M hieradata/hosts/install2001.yaml
M hieradata/hosts/install2002.yaml
M modules/install_server/manifests/web_server.pp
6 files changed, 10 insertions(+), 12 deletions(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/hieradata/hosts/carbon.yaml b/hieradata/hosts/carbon.yaml
deleted file mode 100644
index a583592..0000000
--- a/hieradata/hosts/carbon.yaml
+++ /dev/null
@@ -1 +0,0 @@
-apt::wikimedia::active-host: true
diff --git a/hieradata/hosts/install1001.yaml b/hieradata/hosts/install1001.yaml
index 2984fb1..f009bff 100644
--- a/hieradata/hosts/install1001.yaml
+++ b/hieradata/hosts/install1001.yaml
@@ -3,4 +3,4 @@
debdeploy-tftpserver:
value: standard
-apt::wikimedia::active-host: false
+do_acme: false
diff --git a/hieradata/hosts/install1002.yaml b/hieradata/hosts/install1002.yaml
index 2984fb1..f009bff 100644
--- a/hieradata/hosts/install1002.yaml
+++ b/hieradata/hosts/install1002.yaml
@@ -3,4 +3,4 @@
debdeploy-tftpserver:
value: standard
-apt::wikimedia::active-host: false
+do_acme: false
diff --git a/hieradata/hosts/install2001.yaml b/hieradata/hosts/install2001.yaml
index 2984fb1..f009bff 100644
--- a/hieradata/hosts/install2001.yaml
+++ b/hieradata/hosts/install2001.yaml
@@ -3,4 +3,4 @@
debdeploy-tftpserver:
value: standard
-apt::wikimedia::active-host: false
+do_acme: false
diff --git a/hieradata/hosts/install2002.yaml b/hieradata/hosts/install2002.yaml
index 2984fb1..f009bff 100644
--- a/hieradata/hosts/install2002.yaml
+++ b/hieradata/hosts/install2002.yaml
@@ -3,4 +3,4 @@
debdeploy-tftpserver:
value: standard
-apt::wikimedia::active-host: false
+do_acme: false
diff --git a/modules/install_server/manifests/web_server.pp
b/modules/install_server/manifests/web_server.pp
index 935c7f5..ed978a8 100644
--- a/modules/install_server/manifests/web_server.pp
+++ b/modules/install_server/manifests/web_server.pp
@@ -16,14 +16,13 @@
class install_server::web_server {
include ::nginx
- if hiera('apt::wikimedia::active-host', false) {
- letsencrypt::cert::integrated { 'apt':
- subjects => 'apt.wikimedia.org',
- puppet_svc => 'nginx',
- system_svc => 'nginx',
- }
- # TODO: Monitor SSL?
+ letsencrypt::cert::integrated { 'apt':
+ subjects => 'apt.wikimedia.org',
+ puppet_svc => 'nginx',
+ system_svc => 'nginx',
}
+ # TODO: Monitor SSL?
+
$ssl_settings = ssl_ciphersuite('nginx', 'mid', true)
--
To view, visit https://gerrit.wikimedia.org/r/335389
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ica12256f6ecf1f62c43c1246f357af0ef7ce6131
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
