Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9313814
D7045.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
7 KB
Subscribers
None
D7045.diff
View Options
diff --git a/data/common/common.yaml b/data/common/common.yaml
--- a/data/common/common.yaml
+++ b/data/common/common.yaml
@@ -774,6 +774,8 @@
zone_keys:
softwareheritage.org: "%{alias('gandi::softwareheritage_org::xmlrpc_key')}"
+sentry::vhost::name: sentry.softwareheritage.org
+
letsencrypt::certificates::exported_directory: "%{::puppet_vardir}/letsencrypt_exports"
letsencrypt::certificates::directory: /etc/ssl/certs/letsencrypt
letsencrypt::certificates:
@@ -817,9 +819,9 @@
jenkins:
domains:
- jenkins.softwareheritage.org
- sentry:
+ "%{lookup('sentry::vhost::name')}":
domains:
- - sentry.softwareheritage.org
+ - "%{lookup('sentry::vhost::name')}"
storage1.internal.staging.swh.network:
domains:
- broker1.journal.staging.swh.network
diff --git a/data/deployments/admin/common.yaml b/data/deployments/admin/common.yaml
--- a/data/deployments/admin/common.yaml
+++ b/data/deployments/admin/common.yaml
@@ -2,10 +2,6 @@
dns::search_domains:
- internal.admin.swh.network
-swh::deploy::reverse_proxy::services:
- - hedgedoc
- - grafana
-
swh::postgresql::version: '14'
swh::postgresql::listen_addresses:
- 0.0.0.0
@@ -22,6 +18,12 @@
hedgedoc::db::username: hedgedoc
# swh::deploy::hedgedoc::db::password: in private-data
+# namespace key `key_name`, lookup will happen on swh::deploy::{key_name}::...
+swh::deploy::reverse_proxy::services:
+ - hedgedoc
+ - grafana
+ - sentry
+
swh::deploy::hedgedoc::reverse_proxy::backend_http_host: bardo.internal.admin.swh.network
swh::deploy::hedgedoc::reverse_proxy::backend_http_port: "3000"
swh::deploy::hedgedoc::reverse_proxy::websocket_support: true
@@ -34,6 +36,12 @@
swh::deploy::grafana::reverse_proxy::websocket_support: true
swh::deploy::grafana::base_url: "%{lookup('grafana::vhost::name')}"
+swh::deploy::sentry::vhost::letsencrypt_cert: "%{lookup('sentry::vhost::name')}"
+swh::deploy::sentry::reverse_proxy::backend_http_host: riverside.internal.admin.swh.network
+swh::deploy::sentry::reverse_proxy::backend_http_port: "9000"
+swh::deploy::sentry::base_url: "%{lookup('sentry::vhost::name')}"
+swh::deploy::sentry::icinga_check_uri: '/auth/login/swh/'
+
hitch::frontend: "[*]:443"
hitch::proxy_support: true
varnish::http_port: 80
diff --git a/data/hostname/bojimans.internal.admin.swh.network.yaml b/data/hostname/bojimans.internal.admin.swh.network.yaml
--- a/data/hostname/bojimans.internal.admin.swh.network.yaml
+++ b/data/hostname/bojimans.internal.admin.swh.network.yaml
@@ -1,4 +1,4 @@
----
+---
apache::rewrite_domains:
# Must have matching certificates in letsencrypt::certificates
inventory.internal.softwareheritage.org:
diff --git a/data/hostname/pergamon.softwareheritage.org.yaml b/data/hostname/pergamon.softwareheritage.org.yaml
--- a/data/hostname/pergamon.softwareheritage.org.yaml
+++ b/data/hostname/pergamon.softwareheritage.org.yaml
@@ -72,3 +72,11 @@
gid: 3000
boatbucket:
gid: 1024
+
+# Temporarily for the duration of the riverside migration to the admin vlan (to remove
+# once the migration is effective and the ttl considered expired).
+apache::rewrite_domains:
+ # Must have matching certificates in letsencrypt::certificates
+ sentry.softwareheritage.org:
+ rewrites:
+ - "^.*$ http://riverside.internal.admin.swh.network:9000"
diff --git a/data/subnets/vagrant.yaml b/data/subnets/vagrant.yaml
--- a/data/subnets/vagrant.yaml
+++ b/data/subnets/vagrant.yaml
@@ -81,12 +81,15 @@
aliases:
- hedgedoc.softwareheritage.org
- grafana.softwareheritage.org
+ - sentry.softwareheritage.org
10.168.50.30:
host: grafana0.internal.admin.swh.network
10.168.50.50:
host: dali.internal.admin.swh.network
aliases:
- db1.internal.admin.swh.network
+ 10.168.50.70:
+ host: riverside.internal.admin.swh.network
10.168.50.60:
host: bojimans.internal.admin.swh.network
aliases:
@@ -120,10 +123,6 @@
host: beaubourg.internal.softwareheritage.org
10.168.100.34:
host: hypervisor3.internal.softwareheritage.org
- 10.168.100.52:
- host: riverside.internal.softwareheritage.org
- aliases:
- - sentry.softwareheritage.org
10.168.100.61:
host: esnode1.internal.softwareheritage.org
10.168.100.62:
diff --git a/manifests/site.pp b/manifests/site.pp
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -118,7 +118,7 @@
include role::swh_ci_server
}
-node 'riverside.internal.softwareheritage.org' {
+node 'riverside.internal.admin.swh.network' {
include role::swh_sentry
}
diff --git a/site-modules/profile/manifests/sentry/reverse_proxy.pp b/site-modules/profile/manifests/sentry/reverse_proxy.pp
deleted file mode 100644
--- a/site-modules/profile/manifests/sentry/reverse_proxy.pp
+++ /dev/null
@@ -1,8 +0,0 @@
-class profile::sentry::reverse_proxy {
- ::profile::reverse_proxy {'sentry':
- extra_apache_opts => {
- proxy_preserve_host => true,
- },
- icinga_check_uri => '/auth/login/swh/',
- }
-}
diff --git a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
--- a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
+++ b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
@@ -1,4 +1,4 @@
-# Reverse proxy to expose staging services
+# Reverse proxy to expose staging/admin services
# https://forge.softwareheritage.org/T2747
class profile::swh::deploy::reverse_proxy {
include ::profile::hitch
@@ -12,6 +12,11 @@
$cert_name = lookup("swh::deploy::${service_name}::vhost::letsencrypt_cert")
$backend_http_host = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_host")
$backend_http_port = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_port")
+ $icinga_check_uri = lookup("swh::deploy::${service_name}::icinga_check_uri",
+ default_value => '/')
+ $icinga_check_string = lookup("swh::deploy::${service_name}::icinga_check_string",
+ default_value => capitalize($service_name))
+
$websocket_support = lookup({
'name' => "swh::deploy::${service_name}::reverse_proxy::websocket_support",
'default_value' => false,
@@ -100,7 +105,8 @@
http_port => $vhost_ssl_port,
http_ssl => true,
http_sni => true,
- http_uri => '/',
+ http_uri => $icinga_check_uri,
+ http_string => $icinga_check_string,
http_onredirect => sticky,
} + $http_expect_var,
target => $icinga_checks_file,
diff --git a/site-modules/role/manifests/swh_sysadmin.pp b/site-modules/role/manifests/swh_sysadmin.pp
--- a/site-modules/role/manifests/swh_sysadmin.pp
+++ b/site-modules/role/manifests/swh_sysadmin.pp
@@ -22,7 +22,8 @@
include profile::debian_repository
include profile::bitbucket_archive_web
- include profile::sentry::reverse_proxy
+ # redirect sentry.s.o -> riverside.i.a.s.n (temporary during vlan migration)
+ include profile::apache::rewrite_domains
include profile::weekly_report_bot
include profile::weekly_planning_bot
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Jul 2, 11:57 AM (4 d, 8 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3219937
Attached To
D7045: Migrate sentry node to admin vlan
Event Timeline
Log In to Comment