Andrew Bogott has submitted this change and it was merged.
Change subject: Added a basic nginx module and two (labs) use cases.
......................................................................
Added a basic nginx module and two (labs) use cases.
This will eventually replace the nginx_site def in
generic-definitions.
Change-Id: I35f848c7c5583eaa199c892284e230c8376e3939
---
A manifests/role/labsproxy.pp
A modules/nginx/manifests/init.pp
A templates/nginx/sites/labs-proxy.erb
3 files changed, 124 insertions(+), 0 deletions(-)
Approvals:
Andrew Bogott: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/labsproxy.pp b/manifests/role/labsproxy.pp
new file mode 100644
index 0000000..033fbff
--- /dev/null
+++ b/manifests/role/labsproxy.pp
@@ -0,0 +1,29 @@
+# Install an http proxy for pmtpa labs instances.
+#
+# If this is installed, addresses like foo.pmtpa-proxy.wmflabs.org will
+# be directed to foo.pmtpa.wmflabs.
+class role::pmtpa-proxy {
+
+ $proxy_hostname = "pmtpa-proxy"
+ $proxy_internal_domain = "pmtpa.wmflabs"
+
+ nginx { "pmtpa-labs-proxy":
+ install => "template",
+ template => "labs-proxy";
+ }
+}
+
+# Install an http proxy for eqiad labs instances.
+#
+# If this is installed, addresses like foo.eqiad-proxy.wmflabs.org will
+# be directed to foo.eqiad.wmflabs.
+class role::eqiad-proxy {
+
+ $proxy_hostname = "eqiad-proxy"
+ $proxy_internal_domain = "eqiad.wmflabs"
+
+ nginx { "eqiad-labs-proxy":
+ install => "template",
+ template => "labs-proxy";
+ }
+}
diff --git a/modules/nginx/manifests/init.pp b/modules/nginx/manifests/init.pp
new file mode 100644
index 0000000..06740a4
--- /dev/null
+++ b/modules/nginx/manifests/init.pp
@@ -0,0 +1,56 @@
+# Installs nginx and sets up an NGINX site.
+#
+# $install='true' or 'template' causes an nginx config
+# to be installed from either a file or a template, respectively.
+#
+# If $install='template' then the config file is pulled from the named
+# template file. If $install='true' then a config file is pulled
+# from files/nginx/sites/<classname>.
+#
+# $enabled='true' adds the site to sites-enabled; $enabled=false removes it.
+#
+define nginx($install="false", $template="", $enable="true") {
+ if !defined (Package["nginx"]) {
+ package { ['nginx']:
+ ensure => latest;
+ }
+ }
+
+ if ( $template == "" ) {
+ $template_name = $name
+ } else {
+ $template_name = $template
+ }
+ if ( $enable == "true" ) {
+ file { "/etc/nginx/sites-enabled/${name}":
+ ensure => "/etc/nginx/sites-available/${name}",
+ notify => Service["nginx"];
+ }
+ } else {
+ file { "/etc/nginx/sites-enabled/${name}":
+ ensure => absent,
+ notify => Service["nginx"];
+ }
+ }
+
+ case $install {
+ "true": {
+ file { "/etc/nginx/sites-available/${name}":
+ source => "puppet:///files/nginx/sites/${name}";
+ }
+ }
+ "template": {
+ file { "/etc/nginx/sites-available/${name}":
+ content =>
template("nginx/sites/${template_name}.erb");
+ }
+ }
+ }
+
+ if !defined (Service["nginx"]) {
+ service { ['nginx']:
+ require => Package["nginx"],
+ enable => true,
+ ensure => running;
+ }
+ }
+}
diff --git a/templates/nginx/sites/labs-proxy.erb
b/templates/nginx/sites/labs-proxy.erb
new file mode 100644
index 0000000..a69fdda
--- /dev/null
+++ b/templates/nginx/sites/labs-proxy.erb
@@ -0,0 +1,39 @@
+log_format proxy '$remote_addr - $remote_user [$time_local] '
+ '"$http_host" "$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent"';
+
+server {
+
+ listen 80;
+ server_name *.<%= proxy_hostname %>.wmflabs.org;
+
+ access_log /var/log/nginx/proxy.log proxy;
+ access_log /var/log/nginx/access.log combined;
+
+ location / {
+
+ resolver 10.4.0.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ if ( $host ~ "(\.|^)<%= proxy_hostname %>\.<%= proxy_hostname
%>\.wmflabs\.org$" ) {
+ return 403;
+ }
+
+ if ( $host ~ "^([a-z0-9\-_]+)\.<%= proxy_hostname
%>\.wmflabs\.org$" ) {
+ set $instance $1;
+ proxy_pass http://$instance.<%= proxy_internal_domain
%>;
+ break;
+ }
+
+ if ( $host ~ "^(\d+)\.([a-z0-9\-_]+)\.<%= proxy_hostname
%>\.wmflabs\.org$" ) {
+ set $instance $2;
+ set $port $1;
+ proxy_pass http://$instance.<%= proxy_internal_domain
%>:$port;
+ break;
+ }
+
+ return 403;
+ }
+
+}
--
To view, visit https://gerrit.wikimedia.org/r/43886
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I35f848c7c5583eaa199c892284e230c8376e3939
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mwang <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Liangent <[email protected]>
Gerrit-Reviewer: Mwang <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
Gerrit-Reviewer: Ryan Lane <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
