Dzahn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/378360 )
Change subject: gerrit: fix host for TLS cert/monitoring if on slave
..
gerrit: fix host for TLS cert/monitoring if on slave
Ensure that the right hostname (gerrit-slave vs gerrit) is
used for the Letsencrypt cert and also Icinga monitoring if
on a slave host.
Add the $slave parameter that was already used in init also in
the proxy class and pass it through to be able to set host
based on slave status.
Some more small changes to make puppet-lint perfect.
Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4
---
D hieradata/hosts/gerrit2001.yaml
M modules/gerrit/manifests/crons.pp
M modules/gerrit/manifests/init.pp
M modules/gerrit/manifests/jetty.pp
M modules/gerrit/manifests/proxy.pp
R modules/gerrit/templates/apache.erb
6 files changed, 18 insertions(+), 6 deletions(-)
Approvals:
Paladox: Looks good to me, but someone else must approve
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/hieradata/hosts/gerrit2001.yaml b/hieradata/hosts/gerrit2001.yaml
deleted file mode 100644
index 370806d..000
--- a/hieradata/hosts/gerrit2001.yaml
+++ /dev/null
@@ -1 +0,0 @@
-do_acme: false
diff --git a/modules/gerrit/manifests/crons.pp
b/modules/gerrit/manifests/crons.pp
index 0102be9..bbb9b8e 100644
--- a/modules/gerrit/manifests/crons.pp
+++ b/modules/gerrit/manifests/crons.pp
@@ -1,3 +1,4 @@
+# sets up cron jobs for Gerrit
class gerrit::crons() {
cron { 'list_mediawiki_extensions':
# Gerrit is missing a public list of projects.
diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index eb04d71..6f88341 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -13,7 +13,9 @@
class { '::gerrit::proxy':
require => Class['gerrit::jetty'],
+host=> $host,
slave_hosts => $slave_hosts,
+slave => $slave,
}
if !$slave {
diff --git a/modules/gerrit/manifests/jetty.pp
b/modules/gerrit/manifests/jetty.pp
index 0d776d3..3702603 100644
--- a/modules/gerrit/manifests/jetty.pp
+++ b/modules/gerrit/manifests/jetty.pp
@@ -1,3 +1,5 @@
+# sets up jetty for gerrit
+# https://projects.eclipse.org/projects/rt.jetty/developer
class gerrit::jetty(
$db_host = 'localhost',
$replication = '',
diff --git a/modules/gerrit/manifests/proxy.pp
b/modules/gerrit/manifests/proxy.pp
index ea32251..d4bf91e 100644
--- a/modules/gerrit/manifests/proxy.pp
+++ b/modules/gerrit/manifests/proxy.pp
@@ -1,25 +1,33 @@
+# sets up a TLS proxy for Gerrit
class gerrit::proxy(
$host = $::gerrit::host,
-$slave_hosts = [],
+$slave_hosts = $::gerrit::slave_hosts,
+$slave= false,
$maint_mode = false,
) {
+if $slave {
+$tls_host = $slave_hosts[0]
+} else {
+$tls_host = $host
+}
+
letsencrypt::cert::integrated { 'gerrit':
-subjects => $host,
+subjects => $tls_host,
puppet_svc => 'apache2',
system_svc => 'apache2',
}
monitoring::service { 'https':
description => 'HTTPS',
-check_command => "check_ssl_http_letsencrypt!${host}",
+check_command => "check_ssl_http_letsencrypt!${tls_host}",
contact_group => 'admins,gerrit',
}
$ssl_settings = ssl_ciphersuite('apache', 'mid', true)
-apache::site { $host:
-content => template('gerrit/gerrit.wikimedia.org.erb'),
+apache::site { $tls_host:
+content => template('gerrit/apache.erb'),
}
# Error page stuff
diff --git a/modules/gerrit/templates/gerrit.wikimedia.org.erb
b/modules/gerrit/templates/apache.erb
similarity index 100%
rename from modules/gerrit/templates/gerrit.wikimedia.org.erb
rename to modules/gerrit/templates/apache.erb
--
To view, visit https://gerrit.wikimedia.org/r/378360
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib541f1c39ebb7f74088666034ebd3f4b2054fef4
Gerrit-PatchSet: 11
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn
Gerrit-Reviewer: Alexandros Kosiaris
Gerrit-Reviewer: Chad
Gerrit-Reviewer: Dzahn
Gerrit-Reviewer: Paladox
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
