[MediaWiki-commits] [Gerrit] operations/puppet[production]: labs puppetmaster: allow puppetmaster api access to each worker
Andrew Bogott has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/373386 ) Change subject: labs puppetmaster: allow puppetmaster api access to each worker .. labs puppetmaster: allow puppetmaster api access to each worker This is necessary because we proxy between the puppetmasters Bug: T173982 Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210 --- M modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb 1 file changed, 5 insertions(+), 0 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb index b1e6fd6..202af5a 100644 --- a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb +++ b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb @@ -2,3 +2,8 @@ path /resource_type auth any allow <%= @horizon_host %> + +# This should come from scope.function_hiera(['puppetmaster::servers']).values.flatten(1).map +# but I absolutely can't make erb work properly +allow labpuppetmaster1001.wikimedia.org +allow labpuppetmaster1002.wikimedia.org -- To view, visit https://gerrit.wikimedia.org/r/373386 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210 Gerrit-PatchSet: 11 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott Gerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: Giuseppe Lavagetto Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: labs puppetmaster: allow puppetmaster api access to each worker
Andrew Bogott has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/373386 ) Change subject: labs puppetmaster: allow puppetmaster api access to each worker .. labs puppetmaster: allow puppetmaster api access to each worker This is necessary because we proxy between the puppetmasters Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210 --- M modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/86/373386/1 diff --git a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb index b1e6fd6..3e554a9 100644 --- a/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb +++ b/modules/role/templates/labs/puppetmaster/extra_auth_rules.conf.erb @@ -2,3 +2,6 @@ path /resource_type auth any allow <%= @horizon_host %> +<%= scope.function_hiera([\'puppetmaster::servers\']).values.flatten(1).each do |worker| %> +allow <%= worker %> +<%end%> -- To view, visit https://gerrit.wikimedia.org/r/373386 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie1fc21179fc860da673083f8bb24fc6439f81210 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits