[MediaWiki-commits] [Gerrit] operations/puppet[production]: role::puppet_compiler: bind ssl to 0.0.0.0

[Giuseppe Lavagetto (Code Review)]

Giuseppe Lavagetto has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/370445 )

Change subject: role::puppet_compiler: bind ssl to 0.0.0.0
......................................................................


role::puppet_compiler: bind ssl to 0.0.0.0

* Install openjdk-8
* Bind the jetty app to listen on 0.0.0.0
* configure puppet to connect to puppetdb via
  the fqdn

Change-Id: I3b27971660ffa5e0965ae53d77c73b5a9d836a99
---
M modules/puppet_compiler/manifests/init.pp
M modules/puppetdb/manifests/app.pp
2 files changed, 20 insertions(+), 8 deletions(-)

Approvals:
  Giuseppe Lavagetto: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/puppet_compiler/manifests/init.pp 
b/modules/puppet_compiler/manifests/init.pp
index af68ba2..0741787 100644
--- a/modules/puppet_compiler/manifests/init.pp
+++ b/modules/puppet_compiler/manifests/init.pp
@@ -94,16 +94,20 @@
         rmdirs  => true,
     }
 
+
+    require_pacakge('openjdk-8-jdk')
+
     # Add a puppetdb instance with a local database.
     class { 'puppetdb::app':
         db_driver  => 'hsqldb',
         heap_size  => '2G',
         db_rw_host => undef,
         perform_gc => true,
+        bind_ip    => '0.0.0.0',
     }
 
     class { 'puppetmaster::puppetdb::client':
-        host => 'localhost',
+        host => $::fqdn,
         port => 8081,
     }
 }
diff --git a/modules/puppetdb/manifests/app.pp 
b/modules/puppetdb/manifests/app.pp
index 15b01c5..69a7a43 100644
--- a/modules/puppetdb/manifests/app.pp
+++ b/modules/puppetdb/manifests/app.pp
@@ -12,6 +12,7 @@
     $db_password=undef,
     $perform_gc=false,
     $heap_size='4G',
+    $bind_ip=undef,
 ) {
     requires_os('debian >= jessie')
 
@@ -98,15 +99,22 @@
         group           => 'puppetdb',
 
     }
+    $jetty_settings = {
+        'port'        => 8080,
+        'ssl-port'    => 8081,
+        'ssl-key'     => '/etc/puppetdb/ssl/server.key',
+        'ssl-cert'    => '/etc/puppetdb/ssl/cert.pem',
+        'ssl-ca-cert' => $ca_path,
+    }
+    if $bind_ip {
+        $actual_jetty_settings = merge($jetty_settings, {'ssl-host' => 
$bind_ip})
+    }
+    else {
+        $actual_jetty_settings = $jetty_settings
+    }
 
     puppetdb::config { 'jetty':
-        settings => {
-            'port'        => 8080,
-            'ssl-port'    => 8081,
-            'ssl-key'     => '/etc/puppetdb/ssl/server.key',
-            'ssl-cert'    => '/etc/puppetdb/ssl/cert.pem',
-            'ssl-ca-cert' => $ca_path,
-        },
+        settings => $actual_jetty_settings,
         require  => Base::Expose_puppet_certs['/etc/puppetdb'],
     }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/370445
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3b27971660ffa5e0965ae53d77c73b5a9d836a99
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits