[MediaWiki-commits] [Gerrit] operations/puppet[production]: Put ganglia behind LDAP authentication

Mon, 04 Sep 2017 06:14:27 -0700 

Muehlenhoff has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/374320 )

Change subject: Put ganglia behind LDAP authentication
......................................................................


Put ganglia behind LDAP authentication

ganglia.wikimedia.org is deprecated for quite a while. frtech still
relies on it, so it can't be fully disabled yet, but limit access
to members of ops, nda and wmf for the remaining support time line.

Change-Id: If8c10e7d60631081e6685a2288217064c6dcaf32
---
M modules/ganglia/manifests/web.pp
1 file changed, 13 insertions(+), 0 deletions(-)

Approvals:
  Muehlenhoff: Looks good to me, approved
  Alexandros Kosiaris: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/modules/ganglia/manifests/web.pp b/modules/ganglia/manifests/web.pp
index 1e56d35..d8a74d7 100644
--- a/modules/ganglia/manifests/web.pp
+++ b/modules/ganglia/manifests/web.pp
@@ -9,6 +9,7 @@
     include ::apache::mod::ssl
     include ::apache::mod::rewrite
     include ::apache::mod::headers
+    include ::apache::mod::authnz_ldap
 
     $ganglia_servername = 'ganglia.wikimedia.org'
     $ganglia_serveralias = 'uranium.wikimedia.org'
@@ -29,6 +30,18 @@
         ensure => $ensure,
     }
 
+    $auth_ldap = {
+        name          => 'nda/ops/wmf',
+        bind_dn       => 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org',
+        bind_password => $passwords::ldap::production::proxypass,
+        url           => 'ldaps://ldap-labs.eqiad.wikimedia.org 
ldap-labs.codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn',
+        groups        => [
+            'cn=ops,ou=groups,dc=wikimedia,dc=org',
+            'cn=nda,ou=groups,dc=wikimedia,dc=org',
+            'cn=wmf,ou=groups,dc=wikimedia,dc=org',
+        ],
+    }
+
     apache::site { $ganglia_servername:
         content => template("ganglia/${ganglia_servername}.erb"),
     }

-- 
To view, visit https://gerrit.wikimedia.org/r/374320
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If8c10e7d60631081e6685a2288217064c6dcaf32
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to