Demon has uploaded a new change for review.
https://gerrit.wikimedia.org/r/60688
Change subject: Swap gerrit to new gerrit.wikimedia.org certificate
......................................................................
Swap gerrit to new gerrit.wikimedia.org certificate
Change-Id: I22cb4db2c47f2cb7e0fb3a58a7b0055fb14ce965
---
M manifests/gerrit.pp
M manifests/role/gerrit.pp
M manifests/site.pp
M templates/apache/sites/gerrit.wikimedia.org.erb
4 files changed, 5 insertions(+), 10 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/88/60688/1
diff --git a/manifests/gerrit.pp b/manifests/gerrit.pp
index 0b51e01..40935b9 100644
--- a/manifests/gerrit.pp
+++ b/manifests/gerrit.pp
@@ -13,7 +13,6 @@
$ssh_key="",
$ssl_cert="ssl-cert-snakeoil",
$ssl_cert_key="ssl-cert-snakeoil",
- $ssl_ca="wmf-ca",
$replication="",
$smtp_host="") {
@@ -46,7 +45,6 @@
no_apache => $no_apache,
ssl_cert => $ssl_cert,
ssl_cert_key => $ssl_cert_key,
- ssl_ca => $ssl_ca,
host => $host
}
@@ -276,8 +274,7 @@
class gerrit::proxy( $no_apache = true,
$host = "",
$ssl_cert="",
- $ssl_cert_key="",
- $ssl_ca="") {
+ $ssl_cert_key="") {
if !$no_apache {
require webserver::apache
diff --git a/manifests/role/gerrit.pp b/manifests/role/gerrit.pp
index db95221..715c778 100644
--- a/manifests/role/gerrit.pp
+++ b/manifests/role/gerrit.pp
@@ -11,7 +11,6 @@
ssh_key =>
"AAAAB3NzaC1yc2EAAAADAQABAAABAQDIb6jbDSyzSD/Pw8PfERVKtNkXgUteOTmZJjHtbOjuoC7Ty6dbvUMX+45GedcD1wAYkWEY26RhI1lW2yEwKvh7VWkKixXqPNyrQGvI+ldjYEyWsGlEHCNqsh37mJD5K3cwr7X/PMaxzxh7rjTk4uRKjtiga9bz1vTDRDaNlXcj84kifsu7xmCY1E+OL4oqqy7b3SKhOpcpZc7n5GonfRSeon5uFHVUjoZ57xQ8x2736zbuLBwMRKtaB+V63cU9ArL90XdVrWfbjI4Fzfex4tBG9fOvt8lINR62cjH5Lova2kZ6VBeUnJYdZ8V1mOSwtITjwkE0K98FNZdqaANZAH7V",
ssl_cert => "star.wmflabs",
ssl_cert_key => "star.wmflabs",
- ssl_ca => "wmf-labs"
}
}
@@ -24,9 +23,8 @@
db_host => "db1048.eqiad.wmnet",
host => "gerrit.wikimedia.org",
ssh_key =>
"AAAAB3NzaC1yc2EAAAABIwAAAQEAxOlshfr3UaPr8gQ8UVskxHAGG9xb55xDyfqlK7vsAs/p+OXpRB4KZOxHWqI40FpHhW+rFVA0Ugk7vBK13oKCB435TJlHYTJR62qQNb2DVxi5rtvZ7DPnRRlAvdGpRft9JsoWdgsXNqRkkStbkA5cqotvVHDYAgzBnHxWPM8REokQVqil6S/yHkIGtXO5J7F6I1OvYCnG1d1GLT5nDt+ZeyacLpZAhrBlyFD6pCwDUhg4+H4O3HGwtoh5418U4cvzRgYOQQXsU2WW5nBQHE9LXVLoL6UeMYY4yMtaNw207zN6kXcMFKyTuF5qlF5whC7cmM4elhAO2snwIw4C3EyQgw==",
- ssl_cert => "star.wikimedia.org",
- ssl_cert_key => "star.wikimedia.org",
- ssl_ca => "Equifax_Secure_CA",
+ ssl_cert => "gerrit.wikimedia.org",
+ ssl_cert_key => "gerrit.wikimedia.org",
replication => {
# If adding a new entry, remember to add the
fingerprint to gerrit2's known_hosts
"inside-wmf" => {
diff --git a/manifests/site.pp b/manifests/site.pp
index b5c9603..976530b 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1561,7 +1561,7 @@
}
node "manganese.wikimedia.org" {
- install_certificate{ "star.wikimedia.org": }
+ install_certificate{ "gerrit.wikimedia.org": }
$sudo_privs = [ 'ALL = NOPASSWD: /usr/local/sbin/add-ldap-user',
'ALL = NOPASSWD: /usr/local/sbin/delete-ldap-user',
diff --git a/templates/apache/sites/gerrit.wikimedia.org.erb
b/templates/apache/sites/gerrit.wikimedia.org.erb
index d8c285c..5fae0e0 100644
--- a/templates/apache/sites/gerrit.wikimedia.org.erb
+++ b/templates/apache/sites/gerrit.wikimedia.org.erb
@@ -49,7 +49,7 @@
SSLEngine on
SSLCertificateFile /etc/ssl/certs/<%= ssl_cert %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= ssl_cert_key %>.key
- SSLCACertificateFile /etc/ssl/certs/<%= ssl_ca %>.pem
+ SSLCACertificatePath /etc/ssl/certs/
RedirectMatch ^/$ https://<%= host %>/r/
RedirectMatch ^/gitweb/(.*)$ https://<%= host %>/r/gitweb?p=$1
--
To view, visit https://gerrit.wikimedia.org/r/60688
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I22cb4db2c47f2cb7e0fb3a58a7b0055fb14ce965
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Demon <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
