Tim Landscheidt has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/328466 )
Change subject: apache: Fix some issues with apache::static_site
......................................................................
apache: Fix some issues with apache::static_site
apache::static_site:
- Uses the function any2array() that is not defined,
- specifies the wrong path to the template static_site.conf.erb,
- calls apache::site with the non-existent parameter conf_type, and
- calls the function is_domain_name() with the parameter $servername
which fails when a string constant like $::fqdn is passed.
This change fixes those issues.
Bug: T153816
Change-Id: I3b48f44a3c6532bacc75eba766e200d183eac299
---
M modules/apache/manifests/static_site.pp
M modules/apache/templates/static_site.conf.erb
M modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb
3 files changed, 5 insertions(+), 7 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/66/328466/1
diff --git a/modules/apache/manifests/static_site.pp
b/modules/apache/manifests/static_site.pp
index 81238c8..3bf68de 100644
--- a/modules/apache/manifests/static_site.pp
+++ b/modules/apache/manifests/static_site.pp
@@ -43,7 +43,6 @@
validate_ensure($ensure)
validate_absolute_path($docroot)
- $ldap_groups = any2array($restricted_to)
$servername_safe = regsubst($servername, '[\W_]', '-', 'G')
$servername_real = is_domain_name($servername) ? {
true => $servername,
@@ -54,7 +53,7 @@
include ::apache::mod::headers
include ::apache::mod::rewrite
- if ! empty($ldap_groups) {
+ if ! empty($restricted_to) {
include ::apache::mod::authnz_ldap
include ::passwords::ldap::production
}
@@ -67,8 +66,7 @@
apache::site { $name:
ensure => $ensure,
- content => template('apache/static.conf.erb'),
- conf_type => 'sites',
+ content => template('apache/static_site.conf.erb'),
priority => $priority,
}
}
diff --git a/modules/apache/templates/static_site.conf.erb
b/modules/apache/templates/static_site.conf.erb
index 9c14f8c..65a7156 100644
--- a/modules/apache/templates/static_site.conf.erb
+++ b/modules/apache/templates/static_site.conf.erb
@@ -11,14 +11,14 @@
Header always merge Vary X-Forwarded-Proto
Header set Strict-Transport-Security "max-age=604800"
-<%- if @ldap_groups.length -%>
+<%- if @restricted_to -%>
AuthName "<%= @auth_realm %>"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPBindDN cn=proxyagent,ou=profile,dc=wikimedia,dc=org
AuthLDAPBindPassword <%=
scope.lookupvar('::passwords::ldap::production::proxypass') %>
AuthLDAPURL "ldaps://ldap-labs.eqiad.wikimedia.org
ldap-labs.codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn"
- <%- @ldap_groups.each do |group| -%>
+ <%- @restricted_to.each do |group| -%>
Require ldap-group "cn=<%= group %>,ou=groups,dc=wikimedia,dc=org"
<%- end -%>
<%- end -%>
diff --git a/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb
b/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb
index 5826dc0..18f1e57 100644
--- a/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb
+++ b/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb
@@ -13,7 +13,7 @@
"given #{arguments.size} for 1")
end
- domain = arguments[0]
+ domain = arguments[0].dup
# Limits (rfc1035, 3.1)
domain_max_length=255
--
To view, visit https://gerrit.wikimedia.org/r/328466
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3b48f44a3c6532bacc75eba766e200d183eac299
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
