Puppet Class: profile::installserver::proxy
- Defined in:
- modules/profile/manifests/installserver/proxy.pp
Summary
Installs a proxy server for the install serverOverview
SPDX-License-Identifier: Apache-2.0
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'modules/profile/manifests/installserver/proxy.pp', line 7
class profile::installserver::proxy(
Wmflib::Ensure $ensure = lookup('profile::installserver::proxy::ensure'),
Boolean $structured_logs = lookup('profile::installserver::proxy::structured_logs'),
Array[Stdlib::Port] $ssl_ports = lookup('profile::installserver::proxy::ssl_ports'),
Array[Stdlib::Port] $safe_ports = lookup('profile::installserver::proxy::safe_ports'),
){
include network::constants
$prod_networks = $network::constants::production_networks
$syslog_facility = 'local0'
$syslog_priority = 'info'
class { 'squid':
ensure => $ensure,
config_content => template('role/caching-proxy/squid.conf.erb'),
}
profile::auto_restarts::service { 'squid': }
$rsyslog_content = @("CONF"/L$)
# Send squid access logs
if \$programname startswith 'squid' \
and \$syslogfacility-text == '${syslog_facility}' \
and \$syslogpriority-text == '${syslog_priority}' \
then /var/log/squid/access.log
&~
| CONF
rsyslog::conf { 'squid-access':
content => $rsyslog_content,
}
systemd::timer::job { 'squid-logrotate':
ensure => $ensure,
user => 'root',
description => 'rotate squid proxy log files',
command => '/usr/sbin/squid -k rotate',
interval => {'start' => 'OnCalendar', 'interval' => '*-*-* 17:15:00'},
}
ferm::service { 'proxy':
proto => 'tcp',
port => '8080',
srange => '$PRODUCTION_NETWORKS',
}
# Monitoring
monitoring::service { 'squid':
ensure => $ensure,
description => 'Squid',
check_command => 'check_tcp!8080',
notes_url => 'https://wikitech.wikimedia.org/wiki/HTTP_proxy',
}
}
|