Puppet Class: profile::toolforge::legacy_redirector

Defined in:
modules/profile/manifests/toolforge/legacy_redirector.pp

Overview

Parameters:

  • ssl_certificate_name (Optional[String[1]]) (defaults to: lookup('profile::toolforge::legacy_redirector::ssl_certificate_name', {default_value => 'tools-legacy'})) 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'modules/profile/manifests/toolforge/legacy_redirector.pp', line 1

class profile::toolforge::legacy_redirector (
    Optional[String[1]] $ssl_certificate_name = lookup('profile::toolforge::legacy_redirector::ssl_certificate_name', {default_value => 'tools-legacy'}),
) {
    $ssl_settings = ssl_ciphersuite('apache', 'compat')
    if $ssl_certificate_name {
        acme_chief::cert { $ssl_certificate_name:
            puppet_svc => 'apache2',
        }
    }

    class { 'httpd':
        modules => ['alias', 'rewrite', 'ssl'],
    }

    httpd::site { 'tools.wmflabs.org':
        content => template('profile/toolforge/legacy_redirector/tools.wmflabs.org.conf.erb'),
    }

    httpd::site { 'www.toolserver.org':
        content => template('profile/toolforge/legacy_redirector/www.toolserver.org.conf.erb'),
    }

    file { '/var/www/www.toolserver.org':
        ensure  => directory,
        owner   => 'root',
        group   => 'root',
        mode    => '0555',
        source  => 'puppet:///modules/profile/toolforge/legacy_redirector/www.toolserver.org/',
        recurse => true,
        purge   => true,
    }

    ferm::service { 'http':
        proto => 'tcp',
        port  => '80',
        desc  => 'HTTP webserver for the entire world',
    }
    if $ssl_certificate_name {
        ferm::service { 'https':
            proto => 'tcp',
            port  => '443',
            desc  => 'HTTPS webserver for the entire world',
        }
    }

    if $ssl_certificate_name {
        $monitor_port = 443
    } else {
        $monitor_port = 80
    }

    prometheus::blackbox::check::http {
        default:
            port                => $monitor_port,
            ip_families         => ['ip4'],
            prometheus_instance => 'tools',
            team                => 'wmcs',
            severity            => 'warning';

        'tools.wmflabs.org main page':
            server_name    => 'tools.wmflabs.org',
            path           => '/',
            status_matches => [302],
            header_matches => [{ 'header' => 'Location', 'regexp' => '^https://toolforge.org/$' }];

        'tools.wmflabs.org tool':
            server_name    => 'tools.wmflabs.org',
            path           => '/sal/aaa',
            status_matches => [308],
            header_matches => [{ 'header' => 'Location', 'regexp' => '^https://sal.toolforge.org/aaa$' }];

        'toolserver.org main page':
            server_name        => 'toolserver.org',
            path               => '/',
            status_matches     => [200],
            body_regex_matches => ['Toolserver was'];

        'toolserver.org redirects':
            server_name    => 'toolserver.org',
            path           => '/~legoktm',
            status_matches => [301],
            header_matches => [{ 'header' => 'Location', 'regexp' => '^https://meta.wikimedia.org/wiki/User:Legoktm/Toolserver\\?from=$' }];
    }
}