diff --git a/manifests/mediawiki.pp b/manifests/mediawiki.pp index ed52677b..657d7e81 100644 --- a/manifests/mediawiki.pp +++ b/manifests/mediawiki.pp @@ -1,105 +1,116 @@ # Deployment of mediawiki for the Software Heritage intranet class profile::mediawiki { $mediawiki_fpm_root = hiera('mediawiki::php::fpm_listen') $mediawiki_vhosts = hiera_hash('mediawiki::vhosts') include ::php::fpm::daemon ::php::fpm::conf {'mediawiki': listen => $mediawiki_fpm_root, user => 'www-data', } include ::profile::ssl $ssl_cert_name = 'star_softwareheritage_org' $ssl_cert = $::profile::ssl::certificate_paths[$ssl_cert_name] $ssl_ca = $::profile::ssl::ca_paths[$ssl_cert_name] $ssl_key = $::profile::ssl::private_key_paths[$ssl_cert_name] include ::mediawiki $mediawiki_vhost_docroot = hiera('mediawiki::vhost::docroot') $mediawiki_vhost_ssl_protocol = hiera('mediawiki::vhost::ssl_protocol') $mediawiki_vhost_ssl_honorcipherorder = hiera('mediawiki::vhost::ssl_honorcipherorder') $mediawiki_vhost_ssl_cipher = hiera('mediawiki::vhost::ssl_cipher') $mediawiki_vhost_hsts_header = hiera('mediawiki::vhost::hsts_header') $icinga_checks_file = '/etc/icinga2/conf.d/exported-checks.conf' each ($mediawiki_vhosts) |$name, $data| { $secret_key = $data['secret_key'] $upgrade_key = $data['upgrade_key'] + $site_name = $data['site_name'] $basic_auth_content = $data['basic_auth'] ::mediawiki::instance { $name: vhost_docroot => $mediawiki_vhost_docroot, vhost_aliases => $data['aliases'], vhost_fpm_root => $mediawiki_fpm_root, vhost_basic_auth => $data['basic_auth_content'], vhost_ssl_protocol => $mediawiki_vhost_ssl_protocol, vhost_ssl_honorcipherorder => $mediawiki_vhost_ssl_honorcipherorder, vhost_ssl_cipher => $mediawiki_vhost_ssl_cipher, vhost_ssl_cert => $ssl_cert, vhost_ssl_ca => $ssl_ca, vhost_ssl_key => $ssl_key, vhost_ssl_hsts_header => $mediawiki_vhost_hsts_header, db_host => 'localhost', db_basename => $data['mysql']['dbname'], db_user => $data['mysql']['username'], db_password => $data['mysql']['password'], secret_key => $secret_key, upgrade_key => $upgrade_key, swh_logo => $data['swh_logo'], - site_name => $data['site_name'], + site_name => $site_name, } @@::icinga2::object::service {"mediawiki (${name}) http redirect on ${::fqdn}": service_name => "mediawiki ${name} http redirect", import => ['generic-service'], host_name => $::fqdn, check_command => 'http', vars => { http_address => $name, http_vhost => $name, http_uri => '/', }, target => $icinga_checks_file, tag => 'icinga2::exported', } + if $basic_auth_content { + $extra_vars = { + http_expect => '401 Unauthorized', + } + } else { + $extra_vars = { + http_string => "${site_name}", + } + } + @@::icinga2::object::service {"mediawiki ${name} https on ${::fqdn}": service_name => "mediawiki ${name}", import => ['generic-service'], host_name => $::fqdn, check_command => 'http', vars => { http_address => $name, http_vhost => $name, http_ssl => true, http_sni => true, http_uri => '/', - http_onredirect => sticky - }, + http_onredirect => sticky, + } + $extra_vars, target => $icinga_checks_file, tag => 'icinga2::exported', } @@::icinga2::object::service {"mediawiki ${name} https certificate ${::fqdn}": service_name => "mediawiki ${name} https certificate", import => ['generic-service'], host_name => $::fqdn, check_command => 'http', vars => { http_vhost => $name, http_address => $name, http_ssl => true, http_sni => true, http_certificate => 60, }, target => $icinga_checks_file, tag => 'icinga2::exported', } } }