[staging] Configure and expose to internet a read-only objstorage (!282) · Merge requests · Platform / Infrastructure / Puppet / puppet-swh-site

Vincent Sellier requested to merge generated-differential-D4776-source into generated-differential-D4776-target Dec 21, 2020
add the objstorage0.internal.staging.swh.network server
configure the reverse-proxy to reply to objstorage.staging.swh.network
Related to T2682
Test Plan

octocatalog-diff:
on moma: no changes
on staging.webapp: no changes
on rp0.internal.staging.swh.network:
diff origin/production/rp0.internal.staging.swh.network current/rp0.internal.staging.swh.network
*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:objstorage] =>
   parameters =>
     "content": "include \"includes/01_objstorage.vcl\";",
     "order": "01",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:vhost_objstorage.staging.swh.network] =>
   parameters =>
     "content": "include \"includes/50_vhost_objstorage.staging.swh.network.vcl\"...
     "order": "50",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[hitch::domain objstorage_staging] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/objstorage_staging.pem\"\n",
     "notify": "Class[Hitch::Service]",
     "order": "10",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ Concat::Fragment[objstorage_staging cacert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/objstorage_staging/chain.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ Concat::Fragment[objstorage_staging cert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/objstorage_staging/cert.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ Concat::Fragment[objstorage_staging dhparams] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ Concat::Fragment[objstorage_staging key] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/objstorage_staging/privkey.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ Concat[/etc/hitch/objstorage_staging.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure": "present",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "notify": "Class[Hitch::Service]",
     "order": "alpha",
     "owner": "root",
     "path": "/etc/hitch/objstorage_staging.pem",
     "replace": true,
     "show_diff": true,
     "warn": false
*******************************************
+ Concat_file[/etc/hitch/objstorage_staging.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "order": "alpha",
     "owner": "root",
     "replace": true,
     "show_diff": true,
     "tag": "_etc_hitch_objstorage_staging.pem"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:objstorage] =>
   parameters =>
     "content": "include \"includes/01_objstorage.vcl\";",
     "order": "01",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:vhost_objstorage.staging.swh.network] =>
   parameters =>
     "content": "include \"includes/50_vhost_objstorage.staging.swh.network.vcl\"...
     "order": "50",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[hitch::domain objstorage_staging] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/objstorage_staging.pem\"\n",
     "order": "10",
     "tag": "_etc_hitch_hitch.conf",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ Concat_fragment[objstorage_staging cacert] =>
   parameters =>
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/objstorage_staging/chain.pem",
     "tag": "_etc_hitch_objstorage_staging.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ Concat_fragment[objstorage_staging cert] =>
   parameters =>
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/objstorage_staging/cert.pem",
     "tag": "_etc_hitch_objstorage_staging.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ Concat_fragment[objstorage_staging dhparams] =>
   parameters =>
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "tag": "_etc_hitch_objstorage_staging.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ Concat_fragment[objstorage_staging key] =>
   parameters =>
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/objstorage_staging/privkey.pem",
     "tag": "_etc_hitch_objstorage_staging.pem",
     "target": "/etc/hitch/objstorage_staging.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/objstorage_staging/cert.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/objstorage_staging/cert.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/objstorage_staging/chain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/objstorage_staging/chain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/objstorage_staging/fullchain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/objstorage_staging/fullchain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/objstorage_staging/privkey.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0600",
     "owner": "root",
     "source": "puppet:///le_certs/objstorage_staging/privkey.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/objstorage_staging] =>
   parameters =>
     "ensure": "directory",
     "group": "root",
     "mode": "0755",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/01_objstorage.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/50_vhost_objstorage.staging.swh.network.vcl] =>
   parameters =>
     "content": "# vhost_objstorage.staging.swh.network.vcl\n#\n# Settings for th...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ Hitch::Domain[objstorage_staging] =>
   parameters =>
     "cacert_source": "/etc/ssl/certs/letsencrypt/objstorage_staging/chain.pem",
     "cert_source": "/etc/ssl/certs/letsencrypt/objstorage_staging/cert.pem",
     "default": false,
     "ensure": "present",
     "key_source": "/etc/ssl/certs/letsencrypt/objstorage_staging/privkey.pem"
*******************************************
+ Profile::Hitch::Ssl_cert[objstorage_staging] =>
   parameters =>
     "ssl_cert_name": "objstorage_staging"
*******************************************
+ Profile::Letsencrypt::Certificate[objstorage_staging] =>
   parameters =>
     "basename": "objstorage_staging",
     "privkey_group": "root",
     "privkey_mode": "0600",
     "privkey_owner": "root"
*******************************************
+ Profile::Varnish::Vcl_include[objstorage] =>
   parameters =>
     "basename": "objstorage",
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "order": "01"
*******************************************
+ Profile::Varnish::Vcl_include[vhost_objstorage.staging.swh.network] =>
   parameters =>
     "basename": "vhost_objstorage.staging.swh.network",
     "content": "# vhost_objstorage.staging.swh.network.vcl\n#\n# Settings for th...
     "order": "50"
*******************************************
+ Profile::Varnish::Vhost[objstorage.staging.swh.network] =>
   parameters =>
     "aliases": [
       "objstorage-rp.internal.staging.swh.network"
     ],
     "backend_http_host": "objstorage0.internal.staging.swh.network",
     "backend_http_port": "5003",
     "backend_name": "objstorage",
     "hsts_max_age": 15768000,
     "order": "50",
     "servername": "objstorage.staging.swh.network"
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/01_objstorage.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "file": "/etc/varnish/includes/01_objstorage.vcl"
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/50_vhost_objstorage.staging.swh.network.vcl] =>
   parameters =>
     "content": "# vhost_objstorage.staging.swh.network.vcl\n#\n# Settings for th...
     "file": "/etc/varnish/includes/50_vhost_objstorage.staging.swh.network.vcl"
*******************************************
*** End octocatalog-diff on rp0.internal.staging.swh.network
Migrated from D4776 (view on Phabricator)
Silent mode is enabled

[staging] Configure and expose to internet a read-only objstorage

Test Plan

Merge request reports
