- Delete the public RP configuration
- Don't generate the ssl certificate as a self-signed certificate will be used at this time
Related to T4461
Details
Details
- Reviewers
ardumont - Group Reviewers
System administrators - Maniphest Tasks
- T4461: Move argocd to a private admin url
- Commits
- rSPSITEdd8df9301d75: argocd: Remove public site
- pergamon
diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
- Exec[letsencrypt certonly argocd]
*******************************************
File[/etc/bind/keys/local-update] =>
parameters =>
content =>
@@ -2,4 +2,4 @@
key local-update {
algorithm hmac-sha256;
- secret "sknNw//+ad88XksrzuH10yVlEbvb0yLuLsiW+Wu12lahTZwekq3KvFaKR2ckXYP5IF8mlUCR681EYbQZR0L9xg==";
+ secret "tBFGVxz/LL6N/IGeGGnDf/IjmpWYg5UPGlSoIWLxMI1zm7z61eO7Xr3lb/kxBbyb9uLzgLtUIDHShQHvTG0t0Q==";
};
*******************************************
File[/etc/bind/rndc.key] =>
parameters =>
content =>
@@ -2,4 +2,4 @@
key rndc-key {
algorithm hmac-md5;
- secret "/ZplHdmd5lcPKKuNiNjezZjqxm+RkHwoJ5bg1eLGLlmoXA7/UaJ6zhvk7R5sEUbaarcJr+XQDYgTs/iJgMUXdA==";
+ secret "O0JeXMzm4xIswOT6kyLkoLWSt3fBVHtyUDUC0zXXtYjB4uypQ48BmNc7VWN5a6ld/mpeam2SKI5CqnytdgAcFA==";
};
*******************************************
- Letsencrypt::Certonly[argocd]
*******************************************
+ Icinga2::Object::Host[ArgoCD Kubernetes cluster] =>
parameters =>
"address": "k8s-argocd.internal.admin.swh.network",
"check_command": "dummy",
"ensure": "present",
"host_name": "k8s-argo.internal.admin.swh.network",
"import": [
"generic-host"
],
"order": 50,
"target": "/etc/icinga2/conf.d/static-checks.conf",
"template": false,
"vars": {
"dummy_state": 0,
"dummy_text": "HTTP-only host"
}
*******************************************
+ Icinga2::Object::Service[Software Heritage ArgoCD Instance] =>
parameters =>
"apply": false,
"assign": [
],
"check_command": "http",
"ensure": "present",
"host_name": "k8s-argo.internal.admin.swh.network",
"ignore": [
],
"import": [
"generic-service"
],
"order": 60,
"prefix": false,
"service_name": "Software Heritage ArgoCD Instance",
"target": "/etc/icinga2/conf.d/static-checks.conf",
"template": false,
"vars": {
"http_vhost": "argocd.internal.admin.swh.network",
"http_uri": "/",
"http_ssl": true,
"http_sni": true,
"http_string": "<title>Argo CD</title>"
}
*******************************************
+ Icinga2::Object[icinga2::object::Host::ArgoCD Kubernetes cluster] =>
parameters =>
"apply": false,
"assign": [
],
"attrs": {
"address": "k8s-argocd.internal.admin.swh.network",
"check_command": "dummy",
"vars": {
"dummy_state": 0,
"dummy_text": "HTTP-only host"
}
},
"attrs_list": [
"address",
"address6",
"groups",
"display_name",
"check_command",
"max_check_attempts",
"check_period",
"check_timeout",
"check_interval",
"retry_interval",
"enable_notifications",
"enable_active_checks",
"enable_passive_checks",
"enable_event_handler",
"enable_flapping",
"enable_perfdata",
"event_command",
"flapping_threshold_low",
"flapping_threshold_high",
"volatile",
"zone",
"command_endpoint",
"notes",
"notes_url",
"action_url",
"icon_image",
"icon_image_alt",
"vars",
"Acknowledgement",
"ApiBindHost",
"ApiBindPort",
"ApiEnvironment",
"ApplicationType",
"Array",
"AttachDebugger",
"BuildCompilerName",
"BuildCompilerVersion",
"BuildHostName",
"Checkable",
"Command",
"Concurrency",
"ConfigObject",
"Configuration",
"Critical",
"Custom",
"CustomVarObject",
"DateTime",
"Deprecated",
"Dictionary",
"Down",
"DowntimeEnd",
"DowntimeRemoved",
"DowntimeStart",
"Environment",
"FlappingEnd",
"FlappingStart",
"Function",
"HostDown",
"HostUp",
"IncludeConfDir",
"Internal",
"Json",
"LocalStateDir",
"LogCritical",
"LogDebug",
"Logger",
"LogInformation",
"LogNotice",
"LogWarning",
"Math",
"MaxConcurrentChecks",
"ModAttrPath",
"Namespace",
"NodeName",
"OK",
"ObjectsPath",
"PerfdataValue",
"PidPath",
"PkgDataDir",
"PlatformArchitecture",
"PlatformKernel",
"PlatformKernelVersion",
"PlatformName",
"PlatformVersion",
"PrefixDir",
"Problem",
"Recovery",
"Reference",
"RunAsGroup",
"RunAsUser",
"RunDir",
"ServiceCritical",
"ServiceOK",
"ServiceUnknown",
"ServiceWarning",
"StatePath",
"StreamLogger",
"SysconfDir",
"System",
"Type",
"Types",
"Unknown",
"Up",
"UseVfork",
"VarsPath",
"Warning",
"ZonesDir",
"NodeName",
"ZoneName",
"TicketSalt",
"PluginDir",
"PluginContribDir",
"ManubulonPluginDir",
"name",
"NodeName",
"ZoneName",
"TicketSalt",
"PluginDir",
"PluginContribDir",
"ManubulonPluginDir",
"name"
],
"ensure": "present",
"ignore": [
],
"import": [
"generic-host"
],
"object_name": "k8s-argo.internal.admin.swh.network",
"object_type": "Host",
"order": 50,
"prefix": false,
"target": "/etc/icinga2/conf.d/static-checks.conf",
"template": false
*******************************************
+ Icinga2::Object[icinga2::object::Service::Software Heritage ArgoCD Instance] =>
parameters =>
"apply": false,
"assign": [
],
"attrs": {
"host_name": "k8s-argo.internal.admin.swh.network",
"check_command": "http",
"vars": {
"http_vhost": "argocd.internal.admin.swh.network",
"http_uri": "/",
"http_ssl": true,
"http_sni": true,
"http_string": "<title>Argo CD</title>"
}
},
"attrs_list": [
"display_name",
"host_name",
"check_command",
"check_timeout",
"check_interval",
"check_period",
"retry_interval",
"max_check_attempts",
"groups",
"enable_notifications",
"enable_active_checks",
"enable_passive_checks",
"enable_event_handler",
"enable_flapping",
"enable_perfdata",
"event_command",
"flapping_threshold_low",
"flapping_threshold_high",
"volatile",
"zone",
"command_endpoint",
"notes",
"notes_url",
"action_url",
"icon_image",
"icon_image_alt",
"vars",
"Acknowledgement",
"ApiBindHost",
"ApiBindPort",
"ApiEnvironment",
"ApplicationType",
"Array",
"AttachDebugger",
"BuildCompilerName",
"BuildCompilerVersion",
"BuildHostName",
"Checkable",
"Command",
"Concurrency",
"ConfigObject",
"Configuration",
"Critical",
"Custom",
"CustomVarObject",
"DateTime",
"Deprecated",
"Dictionary",
"Down",
"DowntimeEnd",
"DowntimeRemoved",
"DowntimeStart",
"Environment",
"FlappingEnd",
"FlappingStart",
"Function",
"HostDown",
"HostUp",
"IncludeConfDir",
"Internal",
"Json",
"LocalStateDir",
"LogCritical",
"LogDebug",
"Logger",
"LogInformation",
"LogNotice",
"LogWarning",
"Math",
"MaxConcurrentChecks",
"ModAttrPath",
"Namespace",
"NodeName",
"OK",
"ObjectsPath",
"PerfdataValue",
"PidPath",
"PkgDataDir",
"PlatformArchitecture",
"PlatformKernel",
"PlatformKernelVersion",
"PlatformName",
"PlatformVersion",
"PrefixDir",
"Problem",
"Recovery",
"Reference",
"RunAsGroup",
"RunAsUser",
"RunDir",
"ServiceCritical",
"ServiceOK",
"ServiceUnknown",
"ServiceWarning",
"StatePath",
"StreamLogger",
"SysconfDir",
"System",
"Type",
"Types",
"Unknown",
"Up",
"UseVfork",
"VarsPath",
"Warning",
"ZonesDir",
"NodeName",
"ZoneName",
"TicketSalt",
"PluginDir",
"PluginContribDir",
"ManubulonPluginDir",
"name",
"NodeName",
"ZoneName",
"TicketSalt",
"PluginDir",
"PluginContribDir",
"ManubulonPluginDir",
"name"
],
"ensure": "present",
"ignore": [
],
"import": [
"generic-service"
],
"object_name": "Software Heritage ArgoCD Instance",
"object_type": "Service",
"order": 60,
"prefix": false,
"target": "/etc/icinga2/conf.d/static-checks.conf",
"template": false
*******************************************- rp1
diff origin/production/rp1.internal.admin.swh.network current/rp1.internal.admin.swh.network ******************************************* - Concat::Fragment[/etc/varnish/includes.vcl:argocd] ******************************************* - Concat::Fragment[/etc/varnish/includes.vcl:vhost_argocd.softwareheritage.org] ******************************************* - Concat::Fragment[argocd cacert] ******************************************* - Concat::Fragment[argocd cert] ******************************************* - Concat::Fragment[argocd dhparams] ******************************************* - Concat::Fragment[argocd key] ******************************************* - Concat::Fragment[hitch::domain argocd] ******************************************* - Concat[/etc/hitch/argocd.pem] ******************************************* - Concat_file[/etc/hitch/argocd.pem] ******************************************* - Concat_fragment[/etc/varnish/includes.vcl:argocd] ******************************************* - Concat_fragment[/etc/varnish/includes.vcl:vhost_argocd.softwareheritage.org] ******************************************* - Concat_fragment[argocd cacert] ******************************************* - Concat_fragment[argocd cert] ******************************************* - Concat_fragment[argocd dhparams] ******************************************* - Concat_fragment[argocd key] ******************************************* - Concat_fragment[hitch::domain argocd] ******************************************* - File[/etc/ssl/certs/letsencrypt/argocd/cert.pem] ******************************************* - File[/etc/ssl/certs/letsencrypt/argocd/chain.pem] ******************************************* - File[/etc/ssl/certs/letsencrypt/argocd/fullchain.pem] ******************************************* - File[/etc/ssl/certs/letsencrypt/argocd/privkey.pem] ******************************************* - File[/etc/ssl/certs/letsencrypt/argocd] ******************************************* - File[/etc/varnish/includes/01_argocd.vcl] ******************************************* - File[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] ******************************************* - Hitch::Domain[argocd] ******************************************* - Profile::Hitch::Ssl_cert[argocd] ******************************************* - Profile::Letsencrypt::Certificate[argocd] ******************************************* - Profile::Varnish::Vcl_include[argocd] ******************************************* - Profile::Varnish::Vcl_include[vhost_argocd.softwareheritage.org] ******************************************* - Profile::Varnish::Vhost[argocd.softwareheritage.org] ******************************************* - Varnish::Vcl[/etc/varnish/includes/01_argocd.vcl] ******************************************* - Varnish::Vcl[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] ******************************************* *** End octocatalog-diff on rp1.internal.admin.swh.network
Diff Detail
Diff Detail
- Repository
- rSPSITE puppet-swh-site
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.