Madhuvishy has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/341188 )
Change subject: paws-internal: Add support for serving static files
authenticated via ldap
......................................................................
paws-internal: Add support for serving static files authenticated via ldap
Change-Id: Id634feb10d4157d4dd8549bbcbb7d39c0f019f5a
---
A modules/jupyterhub/manifests/static.pp
A modules/jupyterhub/templates/apache/nbstatic.conf.erb
M modules/role/manifests/paws_internal/jupyterhub.pp
3 files changed, 82 insertions(+), 0 deletions(-)
Approvals:
Madhuvishy: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/jupyterhub/manifests/static.pp
b/modules/jupyterhub/manifests/static.pp
new file mode 100644
index 0000000..682941d
--- /dev/null
+++ b/modules/jupyterhub/manifests/static.pp
@@ -0,0 +1,39 @@
+# Setup apache to render static files
+#
+# === Parameters
+#
+# [*sitename*]
+# Name of the site, e.g. paws-internal.wikimedia.org
+#
+# [*static_path*]
+# The base path from which all static files are to be rendered
+#
+# [*url_prefix*]
+# Url prefix that is aliased to the static path
+#
+# [*ldap_groups*]
+# List of ldap groups that can access the site
+
+
+class jupyterhub::static (
+ $sitename,
+ $static_path,
+ $url_prefix,
+ $ldap_groups = [],
+) {
+
+ include ::passwords::ldap::wmf_cluster
+ $proxypass = $passwords::ldap::wmf_cluster::proxypass
+
+ file { $static_path:
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ }
+
+ apache::site { $sitename:
+ content => template('jupyterhub/apache/nbstatic.conf.erb'),
+ }
+
+}
diff --git a/modules/jupyterhub/templates/apache/nbstatic.conf.erb
b/modules/jupyterhub/templates/apache/nbstatic.conf.erb
new file mode 100644
index 0000000..304d47d
--- /dev/null
+++ b/modules/jupyterhub/templates/apache/nbstatic.conf.erb
@@ -0,0 +1,32 @@
+Listen 9000
+
+<VirtualHost *:9000>
+ # ServerAdmin [email protected]
+ ServerName <%= @sitename %>
+
+ DocumentRoot <%= @static_path %>
+
+ ErrorLog /var/log/apache2/error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/access.log wmf
+
+ Alias <%= @url_prefix %> <%= @static_path %>
+
+ <Directory <%= @static_path %>>
+ Options FollowSymLinks
+ Require all granted
+ </Directory>
+
+ <Location <%= @static_path %>>
+ AuthName "PAWS Internal"
+ AuthType Basic
+ AuthBasicProvider ldap
+ AuthLDAPBindDN cn=proxyagent,ou=profile,dc=wikimedia,dc=org
+ AuthLDAPBindPassword <%= @proxypass %>
+ AuthLDAPURL "ldaps://ldap-labs.eqiad.wikimedia.org
ldap-labs.codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn"
+ <% @ldap_groups.each do |group| -%>
+ Require ldap-group <%= group %>
+ <% end -%>
+ </Location>
+
+</VirtualHost>
diff --git a/modules/role/manifests/paws_internal/jupyterhub.pp
b/modules/role/manifests/paws_internal/jupyterhub.pp
index 0db7f87..a9f625a 100644
--- a/modules/role/manifests/paws_internal/jupyterhub.pp
+++ b/modules/role/manifests/paws_internal/jupyterhub.pp
@@ -11,4 +11,15 @@
base_path => '/srv/paws-internal',
wheels_repo => 'operations/wheels/paws-internal',
}
+
+ class { '::jupyterhub::static':
+ sitename => 'paws-internal.wikimedia.org',
+ static_path => '/srv/paws-internal/static',
+ url_prefix => '/public',
+ ldap_groups => [
+ 'cn=ops,ou=groups,dc=wikimedia,dc=org',
+ 'cn=researchers,ou=groups,dc=wikimedia,dc=org',
+ ],
+ }
+
}
--
To view, visit https://gerrit.wikimedia.org/r/341188
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id634feb10d4157d4dd8549bbcbb7d39c0f019f5a
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Madhuvishy <[email protected]>
Gerrit-Reviewer: Madhuvishy <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
