Muehlenhoff has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/375805 )
Change subject: Extend Ganglia Apache config for LDAP authentication
......................................................................
Extend Ganglia Apache config for LDAP authentication
Change-Id: I15dd4f9bca6f5d09f8e14ad46316551db14a4860
---
M modules/ganglia/manifests/web.pp
M modules/ganglia/templates/ganglia.wikimedia.org.erb
2 files changed, 13 insertions(+), 11 deletions(-)
Approvals:
Muehlenhoff: Looks good to me, approved
Elukey: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/modules/ganglia/manifests/web.pp b/modules/ganglia/manifests/web.pp
index a0f7d99..0cfa8ad 100644
--- a/modules/ganglia/manifests/web.pp
+++ b/modules/ganglia/manifests/web.pp
@@ -31,17 +31,7 @@
ensure => $ensure,
}
- $auth_ldap = {
- name => 'nda/ops/wmf',
- bind_dn => 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org',
- bind_password => $passwords::ldap::production::proxypass,
- url => 'ldaps://ldap-labs.eqiad.wikimedia.org
ldap-labs.codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn',
- groups => [
- 'cn=ops,ou=groups,dc=wikimedia,dc=org',
- 'cn=nda,ou=groups,dc=wikimedia,dc=org',
- 'cn=wmf,ou=groups,dc=wikimedia,dc=org',
- ],
- }
+ $proxypass = $passwords::ldap::production::proxypass
apache::site { $ganglia_servername:
content => template("ganglia/${ganglia_servername}.erb"),
diff --git a/modules/ganglia/templates/ganglia.wikimedia.org.erb
b/modules/ganglia/templates/ganglia.wikimedia.org.erb
index 4a6395f..c0fb1e3 100644
--- a/modules/ganglia/templates/ganglia.wikimedia.org.erb
+++ b/modules/ganglia/templates/ganglia.wikimedia.org.erb
@@ -28,6 +28,18 @@
Require all granted
</Directory>
+ <Location />
+ AuthName "WMF Labs (use wiki login name not shell)"
+ AuthType Basic
+ AuthBasicProvider ldap
+ AuthLDAPBindDN cn=proxyagent,ou=profile,dc=wikimedia,dc=org
+ AuthLDAPBindPassword <%= @proxypass %>
+ AuthLDAPURL "ldaps://ldap-labs.eqiad.wikimedia.org
ldap-labs.codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn"
+ Require ldap-group cn=ops,ou=groups,dc=wikimedia,dc=org
+ Require ldap-group cn=wmf,ou=groups,dc=wikimedia,dc=org
+ Require ldap-group cn=nda,ou=groups,dc=wikimedia,dc=org
+ </Location>
+
Alias /latest <%= @ganglia_webdir %>
RedirectMatch ^/$ https://<%= @ganglia_servername %>/latest
--
To view, visit https://gerrit.wikimedia.org/r/375805
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I15dd4f9bca6f5d09f8e14ad46316551db14a4860
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: Elukey <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
