Hashar has uploaded a new change for review.
https://gerrit.wikimedia.org/r/62977
Change subject: protoproxy proxy_addresses is now optional
......................................................................
protoproxy proxy_addresses is now optional
The protoproxy nginx configuration will always listen on the real server
IP which is required for LVS-DR. On labs, the instance will only have
one real address so the proxy_addresses is not needed added since the
site already listen on the real server IP.
Change-Id: I8b44b269006be9cb43d2ba5ef4d2bc70d20149a8
---
M manifests/protoproxy.pp
M templates/nginx/sites/proxy.erb
2 files changed, 17 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/77/62977/1
diff --git a/manifests/protoproxy.pp b/manifests/protoproxy.pp
index 9fef300..115bbce 100644
--- a/manifests/protoproxy.pp
+++ b/manifests/protoproxy.pp
@@ -9,8 +9,10 @@
#
# [*proxy_addresses*]
# Additional IP address to listen to. IPv6 addresses will be skipped
-# unless *IpV6_enabled* is true. The hash first level is made of sites
+# unless *IpV6_enabled* is true. The hash first level is made of sites
# entries, the IP are passed as an array.
+# This is optional, the site will always listen on the server real IP.
+# Defaults to {}
#
# [*proxy_server_name*]
#
@@ -39,7 +41,7 @@
# Defaults to {}
#
define proxy_configuration(
- $proxy_addresses,
+ $proxy_addresses={},
$proxy_server_name,
$proxy_server_cert_name,
$proxy_backend,
diff --git a/templates/nginx/sites/proxy.erb b/templates/nginx/sites/proxy.erb
index 9db7c12..6412628 100644
--- a/templates/nginx/sites/proxy.erb
+++ b/templates/nginx/sites/proxy.erb
@@ -27,13 +27,20 @@
# SSL proxying
server {
-<% proxy_addresses[site].each do |proxy_address| -%>
-<% if proxy_address[0,1] == "[" and !(has_variable?("enable_ipv6_proxy") and
ipv6_enabled == true) then
- # Skip IPv6 address
- next
-end -%>
+<%
+# proxy_addresses is optional or migth be empty for the current site
+if proxy_addresses.has_key?(site) then
+ proxy_addresses[site].each do |proxy_address|
+ if proxy_address[0,1] == "[" and
!(has_variable?("enable_ipv6_proxy") and ipv6_enabled == true) then
+ # Skip IPv6 address
+ next
+ end
+-%>
listen <%= proxy_address %>:443<% if proxy_address ==
proxy_addresses[site][0] -%> <%= proxy_listen_flags %><% end -%>;
-<% end -%>
+<%
+ end # .each
+end # if
+-%>
# For LVS-DR, we must listen to the RIP and the VIP addresses
listen <%= ipaddress %>:443;
ssl on;
--
To view, visit https://gerrit.wikimedia.org/r/62977
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8b44b269006be9cb43d2ba5ef4d2bc70d20149a8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
