Defined Type: elasticsearch::tlsproxy

Defined in:
modules/elasticsearch/manifests/tlsproxy.pp

Overview

Define: elasticsearch::tlsproxy

This class configures a https proxy to a local http service

Parameters:

certificate_name

name that will be checked in the SSL certificate. This should probably match the value configured in `profile::puppet::agent::dns_alt_names` if it is set, unless the service is accessed directly by FQDN.

http_port

local http port to proxy requests to

tls_port

port to expose tls on

Parameters:

  • upstream_port (Stdlib::Port)
  • tls_port (Stdlib::Port)
  • certificate_names (Array[String]) (defaults to: [])
  • server_aliases (Array[Stdlib::Host]) (defaults to: [])
  • acme_chief (Boolean) (defaults to: false)
  • acme_certname (Optional[String]) (defaults to: undef)
  • server_name (String) (defaults to: $facts['networking']['fqdn'])
  • read_only (Boolean) (defaults to: false)
  • enable_http2 (Boolean) (defaults to: false)
  • cfssl_paths (Hash[String[1], Stdlib::Unixpath]) (defaults to: {}) 


17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'modules/elasticsearch/manifests/tlsproxy.pp', line 17

define elasticsearch::tlsproxy (
    Stdlib::Port                      $upstream_port,
    Stdlib::Port                      $tls_port,
    Array[String]                     $certificate_names = [],
    Array[Stdlib::Host]               $server_aliases    = [],
    Boolean                           $acme_chief        = false,
    Optional[String]                  $acme_certname     = undef,
    String                            $server_name       = $facts['networking']['fqdn'],
    Boolean                           $read_only         = false,
    Boolean                           $enable_http2      = false,
    Hash[String[1], Stdlib::Unixpath] $cfssl_paths       = {}
) {
    tlsproxy::localssl { $title:
        server_name       => $server_name,
        server_aliases    => $server_aliases,
        default_server    => true,
        acme_chief        => $acme_chief,
        acme_certname     => $acme_certname,
        upstream_ports    => [$upstream_port],
        tls_ports         => [$tls_port],
        only_get_requests => $read_only,
        enable_http2      => $enable_http2,
        cfssl_paths       => $cfssl_paths,
    }
    $check_command = $acme_chief ? {
        true    => 'check_ssl_on_port_letsencrypt',
        default => 'check_ssl_on_port',
    }
    monitoring::service { "elasticsearch-https-${title}":
        ensure         => present,
        description    => "Elasticsearch HTTPS for ${title}",
        check_command  => "${check_command}!${server_name}!${tls_port}",
        notes_url      => 'https://wikitech.wikimedia.org/wiki/Search',
        migration_task => 'T384998',
    }
}