diff --git a/manifests/mediawiki.pp b/manifests/mediawiki.pp
index 839e2c6..f03d9df 100644
--- a/manifests/mediawiki.pp
+++ b/manifests/mediawiki.pp
@@ -1,116 +1,136 @@
# Deployment of mediawiki for the Software Heritage intranet
class profile::mediawiki {
$mediawiki_fpm_root = hiera('mediawiki::php::fpm_listen')
$mediawiki_vhosts = hiera_hash('mediawiki::vhosts')
include ::php::fpm::daemon
::php::fpm::conf {'mediawiki':
listen => $mediawiki_fpm_root,
user => 'www-data',
}
include ::profile::ssl
$ssl_cert_name = 'star_softwareheritage_org'
$ssl_cert = $::profile::ssl::certificate_paths[$ssl_cert_name]
$ssl_ca = $::profile::ssl::ca_paths[$ssl_cert_name]
$ssl_key = $::profile::ssl::private_key_paths[$ssl_cert_name]
include ::mediawiki
$mediawiki_vhost_docroot = hiera('mediawiki::vhost::docroot')
$mediawiki_vhost_ssl_protocol = hiera('mediawiki::vhost::ssl_protocol')
$mediawiki_vhost_ssl_honorcipherorder = hiera('mediawiki::vhost::ssl_honorcipherorder')
$mediawiki_vhost_ssl_cipher = hiera('mediawiki::vhost::ssl_cipher')
$mediawiki_vhost_hsts_header = hiera('mediawiki::vhost::hsts_header')
$icinga_checks_file = '/etc/icinga2/conf.d/exported-checks.conf'
each ($mediawiki_vhosts) |$name, $data| {
$secret_key = $data['secret_key']
$upgrade_key = $data['upgrade_key']
$site_name = $data['site_name']
$basic_auth_content = $data['basic_auth_content']
::mediawiki::instance { $name:
vhost_docroot => $mediawiki_vhost_docroot,
vhost_aliases => $data['aliases'],
vhost_fpm_root => $mediawiki_fpm_root,
vhost_basic_auth => $basic_auth_content,
vhost_ssl_protocol => $mediawiki_vhost_ssl_protocol,
vhost_ssl_honorcipherorder => $mediawiki_vhost_ssl_honorcipherorder,
vhost_ssl_cipher => $mediawiki_vhost_ssl_cipher,
vhost_ssl_cert => $ssl_cert,
vhost_ssl_ca => $ssl_ca,
vhost_ssl_key => $ssl_key,
vhost_ssl_hsts_header => $mediawiki_vhost_hsts_header,
db_host => 'localhost',
db_basename => $data['mysql']['dbname'],
db_user => $data['mysql']['username'],
db_password => $data['mysql']['password'],
secret_key => $secret_key,
upgrade_key => $upgrade_key,
swh_logo => $data['swh_logo'],
site_name => $site_name,
}
@@::icinga2::object::service {"mediawiki (${name}) http redirect on ${::fqdn}":
service_name => "mediawiki ${name} http redirect",
import => ['generic-service'],
host_name => $::fqdn,
check_command => 'http',
vars => {
http_address => $name,
http_vhost => $name,
http_uri => '/',
},
target => $icinga_checks_file,
tag => 'icinga2::exported',
}
- if $basic_auth_content {
+ if $basic_auth_content != '' {
$extra_vars = {
http_expect => '401 Unauthorized',
}
+
+ @@::icinga2::object::service {"mediawiki ${name} https + auth on ${::fqdn}":
+ service_name => "mediawiki ${name} + auth",
+ import => ['generic-service'],
+ host_name => $::fqdn,
+ check_command => 'http',
+ vars => {
+ http_address => $name,
+ http_vhost => $name,
+ http_ssl => true,
+ http_sni => true,
+ http_uri => '/',
+ http_onredirect => sticky,
+ http_auth_pair => $data['icinga_http_auth_pair'],
+ http_string => "${site_name}",
+ },
+ target => $icinga_checks_file,
+ tag => 'icinga2::exported',
+ }
+
} else {
$extra_vars = {
http_string => "${site_name}",
}
}
@@::icinga2::object::service {"mediawiki ${name} https on ${::fqdn}":
service_name => "mediawiki ${name}",
import => ['generic-service'],
host_name => $::fqdn,
check_command => 'http',
vars => {
http_address => $name,
http_vhost => $name,
http_ssl => true,
http_sni => true,
http_uri => '/',
http_onredirect => sticky,
} + $extra_vars,
target => $icinga_checks_file,
tag => 'icinga2::exported',
}
@@::icinga2::object::service {"mediawiki ${name} https certificate ${::fqdn}":
service_name => "mediawiki ${name} https certificate",
import => ['generic-service'],
host_name => $::fqdn,
check_command => 'http',
vars => {
http_vhost => $name,
http_address => $name,
http_ssl => true,
http_sni => true,
http_certificate => 60,
},
target => $icinga_checks_file,
tag => 'icinga2::exported',
}
}
}