[MediaWiki-commits] [Gerrit] operations/puppet[production]: labs puppetmaster: allow puppetmaster api access to each worker

2017-08-23 Thread Andrew Bogott (Code Review) 
Andrew Bogott has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/373386 )

Change subject: labs puppetmaster: allow puppetmaster api access to each worker
..


labs puppetmaster: allow puppetmaster api access to each worker

This is necessary because we proxy between the puppetmasters

Bug: T173982
Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210
---
M modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
1 file changed, 5 insertions(+), 0 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb 
b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
index b1e6fd6..202af5a 100644
--- a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
+++ b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
@@ -2,3 +2,8 @@
 path /resource_type
 auth any
 allow <%= @horizon_host %>
+
+# This should come from 
scope.function_hiera(['puppetmaster::servers']).values.flatten(1).map
+# but I absolutely can't make erb work properly
+allow labpuppetmaster1001.wikimedia.org
+allow labpuppetmaster1002.wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/373386
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210
Gerrit-PatchSet: 11
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: labs puppetmaster: allow puppetmaster api access to each worker

2017-08-23 Thread Andrew Bogott (Code Review) 
Andrew Bogott has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/373386 )

Change subject: labs puppetmaster: allow puppetmaster api access to each worker
..

labs puppetmaster: allow puppetmaster api access to each worker

This is necessary because we proxy between the puppetmasters

Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210
---
M modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
1 file changed, 3 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/86/373386/1

diff --git a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb 
b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
index b1e6fd6..3e554a9 100644
--- a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
+++ b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb
@@ -2,3 +2,6 @@
 path /resource_type
 auth any
 allow <%= @horizon_host %>
+<%= scope.function_hiera([\'puppetmaster::servers\']).values.flatten(1).each 
do |worker| %>
+allow <%= worker %>
+<%end%>

-- 
To view, visit https://gerrit.wikimedia.org/r/373386
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits