[MediaWiki-commits] [Gerrit] operations/puppet[production]: WIP: TLS configuration for RESTBase

Thu, 09 Mar 2017 13:14:41 -0800 

Eevans has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/342088 )

Change subject: WIP: TLS configuration for RESTBase
......................................................................

WIP: TLS configuration for RESTBase

Change-Id: I8e7348cd39cf62cac66305c6f29defdaa1341668
---
M hieradata/regex.yaml
M modules/restbase/manifests/init.pp
M modules/restbase/templates/config.yaml.erb
3 files changed, 14 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/88/342088/1

diff --git a/hieradata/regex.yaml b/hieradata/regex.yaml
index c69afa3..cccb5f4 100644
--- a/hieradata/regex.yaml
+++ b/hieradata/regex.yaml
@@ -201,6 +201,10 @@
   restbase::skip_updates: true
   cassandra::start_rpc: 'true'
   cassandra::target_version: '2.2'
+  cassandra::cassandra_tls:
+    key: foo
+    cert: bar
+    ca: baz
 
 cassandra_test_codfw:
   __regex: !ruby/regexp /^restbase-test200[1-3]\.codfw\.wmnet$/
diff --git a/modules/restbase/manifests/init.pp 
b/modules/restbase/manifests/init.pp
index fba046a..7740a4c 100644
--- a/modules/restbase/manifests/init.pp
+++ b/modules/restbase/manifests/init.pp
@@ -25,6 +25,9 @@
 # [*cassandra_datacenters*]
 #   The full list of member datacenters.
 #
+# [*cassandra_tls*]
+#   An associative array of TLS options for the Cassandra driver.
+#
 # [*port*]
 #   Port where to run the restbase service. Default: 7231
 #
@@ -100,6 +103,7 @@
     $cassandra_default_consistency = 'localQuorum',
     $cassandra_local_dc = 'datacenter1',
     $cassandra_datacenters = [ 'datacenter1' ],
+    $cassandra_tls  = undef,
     $port           = 7231,
     $salt_key       = 'secretkey',
     $page_size      = 250,
diff --git a/modules/restbase/templates/config.yaml.erb 
b/modules/restbase/templates/config.yaml.erb
index ada8eb1..28a1f22 100644
--- a/modules/restbase/templates/config.yaml.erb
+++ b/modules/restbase/templates/config.yaml.erb
@@ -23,6 +23,12 @@
           username: <%= @cassandra_user %>
           password: <%= @cassandra_password %>
           defaultConsistency: <%= @cassandra_default_consistency %>
+          <% if @cassandra_tls.keys.size > 0 %>
+          tls:
+          <% @cassandra_tls.keys.sort.each do |tls_key| -%>
+             <%= tls_key %>: <%= @cassandra_tls[tls_key] %>
+          <% end ->
+          <% end %>
           storage_groups:
             - name: phase0.group.local
               domains:

-- 
To view, visit https://gerrit.wikimedia.org/r/342088
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8e7348cd39cf62cac66305c6f29defdaa1341668
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Eevans <eev...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to