Puppet Class: profile::maps::tlsproxy

Defined in:
modules/profile/manifests/maps/tlsproxy.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • servicename (String) (defaults to: lookup('profile::maps::tlsproxy::servicename'))
  • use_pki (Boolean) (defaults to: lookup('profile::maps::tlsproxy::use_pki', {'default_value' => false})) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'modules/profile/manifests/maps/tlsproxy.pp', line 2

class profile::maps::tlsproxy(
    String $servicename      = lookup('profile::maps::tlsproxy::servicename'),
    Boolean $use_pki         = lookup('profile::maps::tlsproxy::use_pki', {'default_value' => false}),
){
    if $use_pki {
        $cfssl_paths = profile::pki::get_cert('discovery', $facts['networking']['fqdn'], {
            hosts => ['maps.wikimedia.org', "kartotherian.svc.${::site}.wmnet"],
        })

        tlsproxy::localssl { $servicename:
            server_name    => $servicename,
            upstream_ports => [6533],
            default_server => true,
            enable_http2   => false,
            cfssl_paths    => $cfssl_paths,
        }
    } else {
        tlsproxy::localssl { $servicename:
            server_name    => $servicename,
            certs          => [$servicename],
            upstream_ports => [6533],
            default_server => true,
            enable_http2   => false,
        }
    }

    firewall::service { 'maps-proxy-https':
        proto   => 'tcp',
        notrack => true,
        port    => 443,
    }
}