Giuseppe Lavagetto has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/375800 )
Change subject: jobrunner: add nginx service
......................................................................
jobrunner: add nginx service
Bug: T174599
Change-Id: I8a70f41d128d288fc5e23cf19c8cf82f1efda5d2
---
M conftool-data/node/codfw.yaml
M conftool-data/node/eqiad.yaml
M conftool-data/service/mediawiki.yaml
A files/ssl/jobrunner.svc.codfw.wmnet.crt
A files/ssl/jobrunner.svc.eqiad.wmnet.crt
A modules/profile/manifests/mediawiki/jobrunner_tls.pp
M modules/role/manifests/mediawiki/jobrunner.pp
7 files changed, 115 insertions(+), 30 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/00/375800/1
diff --git a/conftool-data/node/codfw.yaml b/conftool-data/node/codfw.yaml
index b36675d..9246606 100644
--- a/conftool-data/node/codfw.yaml
+++ b/conftool-data/node/codfw.yaml
@@ -142,21 +142,21 @@
mw2244.codfw.wmnet: [apache2,nginx]
mw2245.codfw.wmnet: [apache2,nginx]
jobrunner:
- mw2153.codfw.wmnet: [apache2]
- mw2154.codfw.wmnet: [apache2]
- mw2155.codfw.wmnet: [apache2]
- mw2156.codfw.wmnet: [apache2]
- mw2157.codfw.wmnet: [apache2]
- mw2158.codfw.wmnet: [apache2]
- mw2159.codfw.wmnet: [apache2]
- mw2160.codfw.wmnet: [apache2]
- mw2161.codfw.wmnet: [apache2]
- mw2162.codfw.wmnet: [apache2]
- mw2243.codfw.wmnet: [apache2]
- mw2247.codfw.wmnet: [apache2]
- mw2248.codfw.wmnet: [apache2]
- mw2249.codfw.wmnet: [apache2]
- mw2250.codfw.wmnet: [apache2]
+ mw2153.codfw.wmnet: [apache2,nginx]
+ mw2154.codfw.wmnet: [apache2,nginx]
+ mw2155.codfw.wmnet: [apache2,nginx]
+ mw2156.codfw.wmnet: [apache2,nginx]
+ mw2157.codfw.wmnet: [apache2,nginx]
+ mw2158.codfw.wmnet: [apache2,nginx]
+ mw2159.codfw.wmnet: [apache2,nginx]
+ mw2160.codfw.wmnet: [apache2,nginx]
+ mw2161.codfw.wmnet: [apache2,nginx]
+ mw2162.codfw.wmnet: [apache2,nginx]
+ mw2243.codfw.wmnet: [apache2,nginx]
+ mw2247.codfw.wmnet: [apache2,nginx]
+ mw2248.codfw.wmnet: [apache2,nginx]
+ mw2249.codfw.wmnet: [apache2,nginx]
+ mw2250.codfw.wmnet: [apache2,nginx]
videoscaler:
mw2118.codfw.wmnet: [apache2]
mw2119.codfw.wmnet: [apache2]
diff --git a/conftool-data/node/eqiad.yaml b/conftool-data/node/eqiad.yaml
index 358c376..1b2a252 100644
--- a/conftool-data/node/eqiad.yaml
+++ b/conftool-data/node/eqiad.yaml
@@ -8,21 +8,21 @@
mw1259.eqiad.wmnet: [apache2]
mw1260.eqiad.wmnet: [apache2]
jobrunner:
- mw1161.eqiad.wmnet: [apache2]
- mw1162.eqiad.wmnet: [apache2]
- mw1163.eqiad.wmnet: [apache2]
- mw1164.eqiad.wmnet: [apache2]
- mw1165.eqiad.wmnet: [apache2]
- mw1166.eqiad.wmnet: [apache2]
- mw1167.eqiad.wmnet: [apache2]
- mw1299.eqiad.wmnet: [apache2]
- mw1300.eqiad.wmnet: [apache2]
- mw1301.eqiad.wmnet: [apache2]
- mw1302.eqiad.wmnet: [apache2]
- mw1303.eqiad.wmnet: [apache2]
- mw1304.eqiad.wmnet: [apache2]
- mw1305.eqiad.wmnet: [apache2]
- mw1306.eqiad.wmnet: [apache2]
+ mw1161.eqiad.wmnet: [apache2,nginx]
+ mw1162.eqiad.wmnet: [apache2,nginx]
+ mw1163.eqiad.wmnet: [apache2,nginx]
+ mw1164.eqiad.wmnet: [apache2,nginx]
+ mw1165.eqiad.wmnet: [apache2,nginx]
+ mw1166.eqiad.wmnet: [apache2,nginx]
+ mw1167.eqiad.wmnet: [apache2,nginx]
+ mw1299.eqiad.wmnet: [apache2,nginx]
+ mw1300.eqiad.wmnet: [apache2,nginx]
+ mw1301.eqiad.wmnet: [apache2,nginx]
+ mw1302.eqiad.wmnet: [apache2,nginx]
+ mw1303.eqiad.wmnet: [apache2,nginx]
+ mw1304.eqiad.wmnet: [apache2,nginx]
+ mw1305.eqiad.wmnet: [apache2,nginx]
+ mw1306.eqiad.wmnet: [apache2,nginx]
api_appserver:
mw1189.eqiad.wmnet: [apache2,nginx]
mw1190.eqiad.wmnet: [apache2,nginx]
diff --git a/conftool-data/service/mediawiki.yaml
b/conftool-data/service/mediawiki.yaml
index fd50d17..2b601bd 100644
--- a/conftool-data/service/mediawiki.yaml
+++ b/conftool-data/service/mediawiki.yaml
@@ -67,6 +67,14 @@
datacenters:
- eqiad
- codfw
+ nginx:
+ port: 443
+ default_values:
+ "pooled": "no"
+ "weight": 10
+ datacenters:
+ - eqiad
+ - codfw
testserver:
apache2:
port: 80
diff --git a/files/ssl/jobrunner.svc.codfw.wmnet.crt
b/files/ssl/jobrunner.svc.codfw.wmnet.crt
new file mode 100644
index 0000000..962556d
--- /dev/null
+++ b/files/ssl/jobrunner.svc.codfw.wmnet.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXDCCAkSgAwIBAgICDIQwDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgUHVw
+cGV0IENBOiBwYWxsYWRpdW0uZXFpYWQud21uZXQwHhcNMTcwOTAzMDk0ODExWhcN
+MjIwOTAzMDk0ODExWjCBgzEiMCAGA1UEAwwZam9icnVubmVyLnN2Yy5jb2Rmdy53
+bW5ldDEjMCEGA1UECgwaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+c2NvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmCEu5sFU1306AVv1vuuI0aBs
+9VcUkz1KwhrP49HXJAn7KWT6UvOj/cSVSpy4ywiBQcabqCqcQ0vmjQ1KXwFwyKOB
++zCB+DA1BglghkgBhvhCAQ0EKFB1cHBldCBSdWJ5L09wZW5TU0wgSW50ZXJuYWwg
+Q2VydGlmaWNhdGUwPwYDVR0RBDgwNoIZam9icnVubmVyLmRpc2NvdmVyeS53bW5l
+dIIZam9icnVubmVyLnN2Yy5jb2Rmdy53bW5ldDAOBgNVHQ8BAf8EBAMCBaAwIAYD
+VR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+VR0OBBYEFMjfTpgozgMJqWb9gCLw0j7UcMp4MB8GA1UdIwQYMBaAFFnkhjB+Aq8N
+AKZ07Zr2DheubK66MA0GCSqGSIb3DQEBCwUAA4ICAQBGMfg0AE9J8TPTVP+8ZE4e
+SGuF7fF9FYw4+9QmLM4wMW0cfHJzoEfh1m9kMk1qGPhIMUVgJHJQ/QkTwDNT6krG
+V5nDHi1ZOuIcfvswJILn4MKiczz9EQRMndFp/xNW6M+m0/OGRZVBe5kh4tHfWdmW
+3/nzCiC0sXQWmGb4ZkmjBw5O77I7SnCU8M0VkVUhWheauC0E5U4Psizdj1ccFAiT
+LMN2WyVxruS/vYMkm9FHKyVEsKxzXXyTOBz28uHJ0uBvQNYG/IDAF49IHsN3aXLV
+hdeVb6AMfcw4B2PSCAQO2KRUNGPtOlZlPMlrqZZ62RJPkxEF0M4KV+KYA1iCtdBq
+VCco1v1eLz7FqrhoItmQK/FNW06YattU2Tc+GTL0yDZ98f6yrgfi2DK2r/2yQXKt
+T4iJCoulzczhrQ/qCM4d+7IcuDFt9kvdFIgz61imFyUDMShD34sxsM9NsB2yR/du
+0nNvLF15ayEW7nwtssUGapIBfJuZ9LZ3PEFzxe2kUCDY3i0331grlsHkMKy2Jdkz
+bHUkp01cemVqfvEQEvcY5QnKItJE7afD9A72jMc7bwhpFJkoJz8Q6Xvk4vOuZ5dA
+cLMJATSFUBLfxC/KK1D5b6CUTfEKaGD2iJctiGsT7jtW/yUyeVoa0QrT1SB8YeWU
+GbvN7qX6YjWorfzcbUjhOw==
+-----END CERTIFICATE-----
diff --git a/files/ssl/jobrunner.svc.eqiad.wmnet.crt
b/files/ssl/jobrunner.svc.eqiad.wmnet.crt
new file mode 100644
index 0000000..758e690
--- /dev/null
+++ b/files/ssl/jobrunner.svc.eqiad.wmnet.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXDCCAkSgAwIBAgICDIMwDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgUHVw
+cGV0IENBOiBwYWxsYWRpdW0uZXFpYWQud21uZXQwHhcNMTcwOTAzMDk0NzMwWhcN
+MjIwOTAzMDk0NzMwWjCBgzEiMCAGA1UEAwwZam9icnVubmVyLnN2Yy5lcWlhZC53
+bW5ldDEjMCEGA1UECgwaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+c2NvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdsb6JRjBLZEGobn7yQmLadCB
+SUjR6ePf41sxALEQ3Y4Nf6hbrPG3d/vlkT6TAH/PKuKo9VYEBhSHCDh2kdXnqaOB
++zCB+DA1BglghkgBhvhCAQ0EKFB1cHBldCBSdWJ5L09wZW5TU0wgSW50ZXJuYWwg
+Q2VydGlmaWNhdGUwPwYDVR0RBDgwNoIZam9icnVubmVyLmRpc2NvdmVyeS53bW5l
+dIIZam9icnVubmVyLnN2Yy5lcWlhZC53bW5ldDAOBgNVHQ8BAf8EBAMCBaAwIAYD
+VR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+VR0OBBYEFBDwiTgnn6kUuXnYnausvfbDdOsgMB8GA1UdIwQYMBaAFFnkhjB+Aq8N
+AKZ07Zr2DheubK66MA0GCSqGSIb3DQEBCwUAA4ICAQAwe5pwmbNcEbDv7kGr0l/5
+3s630SfV1AjdXEktCtpjg83pzmYMrmbj0BIevlkC60I5s8pzr27dnuvscuT4SGn+
+HmKhafgj8WSP7xwLHSAuRFDPtUf98mi0iBL7bhZnsFiVBHpAHBvc63GCI3tRmG+V
+95jeetpVAwcp+hrFia+ra7VBlQYtppf5rrDe+zMYU3xf8qxB8W3JDAGofhyFzdh4
+1NrEp/xOJ/kY2bXdy7rPy8lSp3KOH1GCVcTg3U+wzCBXH6p6zLaCOr88qUAoj0hV
+PLfG2e6Ljey7kLLbu8bfi4eyUoY5CqlUFxs7+J9/yNHvFqaf1Vlh4AWoc/Y68dls
+Mxt5DlGWwGriuf5LAvNwU5XsWkqum0ilDQP0mbivT7B2Qm4OvoPKhgLGBIQrVV/x
+nLy1tBwYN6lzmM1g3gGnDG97GAemUnuQDZkhiVoTIf4k4+K7w6c4I7kmWxttKRxf
++BynK+YIsUGazPf+eCDBiVOjrk/v3rsEcz96C130GZN1CQZKYlAxzyzy3fAvwZ3R
+T8tmXOO41Mgpgz3mfFp+nUJ3jOOHkvaeSjD6oYC4glzJjChvBp5rRICnVDJMC37M
+YrXEoedCG7WpKnTcZ1rY+mOsVpqIh3F/mtV4Wfzb51CfaWH09FKHo1TsY/pjQPKm
+o/cpoyWsTmOm01Utp4WYlQ==
+-----END CERTIFICATE-----
diff --git a/modules/profile/manifests/mediawiki/jobrunner_tls.pp
b/modules/profile/manifests/mediawiki/jobrunner_tls.pp
new file mode 100644
index 0000000..f344a5e
--- /dev/null
+++ b/modules/profile/manifests/mediawiki/jobrunner_tls.pp
@@ -0,0 +1,19 @@
+# === Class profile::mediawiki::jobrunner_tls
+#
+# Sets up the TLS proxy to the jobrunner rpc endpoints
+#
+class profile::mediawiki::jobrunner_tls {
+ require ::profile::mediawiki::jobrunner
+ # TODO: include this once the lvs is ready to be set up
+ #include ::role::lvs::realservear
+ $certname = "jobrunner.svc.${::site}.wmnet"
+ tlsproxy::localssl { 'unified':
+ server_name => $certname,
+ certs => [$certname],
+ certs_active => [$certname],
+ default_server => true,
+ do_ocsp => false,
+ upstream_ports => [$::profile::mediawiki::jobrunner::port],
+ access_log => false,
+ }
+}
diff --git a/modules/role/manifests/mediawiki/jobrunner.pp
b/modules/role/manifests/mediawiki/jobrunner.pp
index 78f2c27..af7b793 100644
--- a/modules/role/manifests/mediawiki/jobrunner.pp
+++ b/modules/role/manifests/mediawiki/jobrunner.pp
@@ -9,4 +9,10 @@
include ::profile::prometheus::hhvm_exporter
include ::profile::mediawiki::jobrunner
+
+ # TODO: change role used in beta
+ if hiera('has_lvs', true) {
+ include ::profile::mediawiki::jobrunner_tls
+ }
+
}
--
To view, visit https://gerrit.wikimedia.org/r/375800
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8a70f41d128d288fc5e23cf19c8cf82f1efda5d2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
