Puppet Class: profile::toolforge::legacy_redirector

Defined in:
modules/profile/manifests/toolforge/legacy_redirector.pp

Overview

Parameters:

  • do_https (Boolean) (defaults to: lookup('profile::toolforge::proxy::do_https', {default_value => true}))
  • canonical_domain (String) (defaults to: lookup('profile::toolforge::canonical_domain', {default_value => 'toolforge.org'}))
  • canonical_scheme (String) (defaults to: lookup('profile::toolforge::canonical_scheme', {default_value => 'https://'}))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'modules/profile/manifests/toolforge/legacy_redirector.pp', line 1

class profile::toolforge::legacy_redirector (
    Boolean $do_https        = lookup('profile::toolforge::proxy::do_https',  {default_value => true}),
    String $canonical_domain = lookup('profile::toolforge::canonical_domain', {default_value => 'toolforge.org'}),
    String $canonical_scheme = lookup('profile::toolforge::canonical_scheme', {default_value => 'https://'}),
) {
    $resolver = join($::nameservers, ' ')

    # toolsbeta support: running without SSL as in the main front proxy
    if $do_https {
        $ssl_settings = ssl_ciphersuite('nginx', 'compat')
        # SSL certificate for tools.wmflabs.org
        $ssl_certificate_name = 'toolforge'
        acme_chief::cert { $ssl_certificate_name:
            puppet_rsc => Exec['nginx-reload'],
        }
    } else {
        $ssl_certificate_name = false
    }

    class { '::nginx':
        variant => 'extras',
    }

    nginx::site { 'legacy-redirector':
        content => template('profile/toolforge/legacy-redirector.conf.erb'),
    }

    file { '/etc/nginx/lua':
        ensure  => 'directory',
        require => Package['nginx-extras'],
    }

    file { '/etc/nginx/lua/legacy_redirector.lua':
        ensure  => file,
        source  => 'puppet:///modules/profile/toolforge/legacy_redirector.lua',
        require => File['/etc/nginx/lua'],
        notify  => Service['nginx'],
    }

    ferm::service { 'http':
        proto => 'tcp',
        port  => '80',
        desc  => 'HTTP webserver for the entire world',
    }
    ferm::service { 'https':
        proto => 'tcp',
        port  => '443',
        desc  => 'HTTPS webserver for the entire world',
    }
}