Page MenuHomeSoftware Heritage

Deploy argocd so it's accessible through the admin vlan reverse proxy
ClosedPublic

Authored by ardumont on Jul 29 2022, 4:15 PM.

Details

Summary

That way, I'll be able to revert the firewall rule i opened to access
argo-worker01.internal.admin.swh.network.

Related to T4413

Test Plan

octo-diff:

$SWH_PUPPET_ENVIRONMENT_HOME/bin/octocatalog-diff rp1.internal.admin.swh.network

*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:argocd] =>
   parameters =>
     "content": "include \"includes/01_argocd.vcl\";",
     "order": "01",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:vhost_argocd.softwareheritage.org] =>
   parameters =>
     "content": "include \"includes/50_vhost_argocd.softwareheritage.org.vcl\";",...
     "order": "50",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[argocd cacert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/argocd/chain.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat::Fragment[argocd cert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/argocd/cert.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat::Fragment[argocd dhparams] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat::Fragment[argocd key] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/argocd/privkey.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat::Fragment[hitch::domain argocd] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/argocd.pem\"\n",
     "notify": "Class[Hitch::Service]",
     "order": "10",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ Concat[/etc/hitch/argocd.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure": "present",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "notify": "Class[Hitch::Service]",
     "order": "alpha",
     "owner": "root",
     "path": "/etc/hitch/argocd.pem",
     "replace": true,
     "show_diff": true,
     "warn": false
*******************************************
+ Concat_file[/etc/hitch/argocd.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "order": "alpha",
     "owner": "root",
     "replace": true,
     "show_diff": true,
     "tag": "_etc_hitch_argocd.pem"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:argocd] =>
   parameters =>
     "content": "include \"includes/01_argocd.vcl\";",
     "order": "01",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:vhost_argocd.softwareheritage.org] =>
   parameters =>
     "content": "include \"includes/50_vhost_argocd.softwareheritage.org.vcl\";",...
     "order": "50",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[argocd cacert] =>
   parameters =>
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/argocd/chain.pem",
     "tag": "_etc_hitch_argocd.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat_fragment[argocd cert] =>
   parameters =>
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/argocd/cert.pem",
     "tag": "_etc_hitch_argocd.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat_fragment[argocd dhparams] =>
   parameters =>
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "tag": "_etc_hitch_argocd.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat_fragment[argocd key] =>
   parameters =>
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/argocd/privkey.pem",
     "tag": "_etc_hitch_argocd.pem",
     "target": "/etc/hitch/argocd.pem"
*******************************************
+ Concat_fragment[hitch::domain argocd] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/argocd.pem\"\n",
     "order": "10",
     "tag": "_etc_hitch_hitch.conf",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/argocd/cert.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/argocd/cert.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/argocd/chain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/argocd/chain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/argocd/fullchain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/argocd/fullchain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/argocd/privkey.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0600",
     "owner": "root",
     "source": "puppet:///le_certs/argocd/privkey.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/argocd] =>
   parameters =>
     "ensure": "directory",
     "group": "root",
     "mode": "0755",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/01_argocd.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] =>
   parameters =>
     "content": "# vhost_argocd.softwareheritage.org.vcl\n#\n# Settings for the a...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ Hitch::Domain[argocd] =>
   parameters =>
     "cacert_source": "/etc/ssl/certs/letsencrypt/argocd/chain.pem",
     "cert_source": "/etc/ssl/certs/letsencrypt/argocd/cert.pem",
     "default": false,
     "ensure": "present",
     "key_source": "/etc/ssl/certs/letsencrypt/argocd/privkey.pem"
*******************************************
+ Profile::Hitch::Ssl_cert[argocd] =>
   parameters =>
     "ssl_cert_name": "argocd"
*******************************************
+ Profile::Letsencrypt::Certificate[argocd] =>
   parameters =>
     "basename": "argocd",
     "privkey_group": "root",
     "privkey_mode": "0600",
     "privkey_owner": "root",
     "source_cert": "argocd"
*******************************************
+ Profile::Varnish::Vcl_include[argocd] =>
   parameters =>
     "basename": "argocd",
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "order": "01"
*******************************************
+ Profile::Varnish::Vcl_include[vhost_argocd.softwareheritage.org] =>
   parameters =>
     "basename": "vhost_argocd.softwareheritage.org",
     "content": "# vhost_argocd.softwareheritage.org.vcl\n#\n# Settings for the a...
     "order": "50"
*******************************************
+ Profile::Varnish::Vhost[argocd.softwareheritage.org] =>
   parameters =>
     "aliases": [
       "argocd-rp.internal.admin.swh.network"
     ],
     "backend_http_host": "argo-worker01.internal.admin.swh.network",
     "backend_http_port": "80",
     "backend_name": "argocd",
     "basic_auth": false,
     "hsts_max_age": 15768000,
     "order": "50",
     "servername": "argocd.softwareheritage.org",
     "websocket_support": false
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/01_argocd.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "file": "/etc/varnish/includes/01_argocd.vcl"
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] =>
   parameters =>
     "content": "# vhost_argocd.softwareheritage.org.vcl\n#\n# Settings for the a...
     "file": "/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl"
*******************************************
*** End octocatalog-diff on rp1.internal.admin.swh.network

Diff Detail

Repository
rSPSITE puppet-swh-site
Branch
staging
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 30564
Build 47788: arc lint + arc unit