admin/minio: export the s3 api to internet through the admin reverse proxy (!583) · Merge requests · Platform / Infrastructure / Puppet / puppet-swh-site

Vincent Sellier requested to merge public-minio into production Nov 21, 2022
Related to infra/sysadm-environment#4663
octocatalog-diff output for rp1:
diff origin/production/rp1.internal.admin.swh.network current/rp1.internal.admin.swh.network
*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:minio] =>
   parameters =>
     "content": "include \"includes/01_minio.vcl\";",
     "order": "01",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[/etc/varnish/includes.vcl:vhost_minio.admin.swh.network] =>
   parameters =>
     "content": "include \"includes/50_vhost_minio.admin.swh.network.vcl\";",
     "order": "50",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat::Fragment[hitch::domain minio.admin.swh.network] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/minio.admin.swh.network.pem\"\n",
     "notify": "Class[Hitch::Service]",
     "order": "10",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ Concat::Fragment[minio.admin.swh.network cacert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/chain.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ Concat::Fragment[minio.admin.swh.network cert] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/cert.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ Concat::Fragment[minio.admin.swh.network dhparams] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ Concat::Fragment[minio.admin.swh.network key] =>
   parameters =>
     "notify": "Class[Hitch::Service]",
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/privkey.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ Concat[/etc/hitch/minio.admin.swh.network.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure": "present",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "notify": "Class[Hitch::Service]",
     "order": "alpha",
     "owner": "root",
     "path": "/etc/hitch/minio.admin.swh.network.pem",
     "replace": true,
     "show_diff": true,
     "warn": false
*******************************************
+ Concat_file[/etc/hitch/minio.admin.swh.network.pem] =>
   parameters =>
     "backup": "puppet",
     "ensure_newline": false,
     "force": false,
     "format": "plain",
     "group": "_hitch",
     "mode": "0640",
     "order": "alpha",
     "owner": "root",
     "replace": true,
     "show_diff": true,
     "tag": "_etc_hitch_minio.admin.swh.network.pem"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:minio] =>
   parameters =>
     "content": "include \"includes/01_minio.vcl\";",
     "order": "01",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[/etc/varnish/includes.vcl:vhost_minio.admin.swh.network] =>
   parameters =>
     "content": "include \"includes/50_vhost_minio.admin.swh.network.vcl\";",
     "order": "50",
     "tag": "_etc_varnish_includes.vcl",
     "target": "/etc/varnish/includes.vcl"
*******************************************
+ Concat_fragment[hitch::domain minio.admin.swh.network] =>
   parameters =>
     "content": "pem-file = \"/etc/hitch/minio.admin.swh.network.pem\"\n",
     "order": "10",
     "tag": "_etc_hitch_hitch.conf",
     "target": "/etc/hitch/hitch.conf"
*******************************************
+ Concat_fragment[minio.admin.swh.network cacert] =>
   parameters =>
     "order": "03",
     "source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/chain.pem",
     "tag": "_etc_hitch_minio.admin.swh.network.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ Concat_fragment[minio.admin.swh.network cert] =>
   parameters =>
     "order": "02",
     "source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/cert.pem",
     "tag": "_etc_hitch_minio.admin.swh.network.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ Concat_fragment[minio.admin.swh.network dhparams] =>
   parameters =>
     "order": "04",
     "source": "/etc/hitch/dhparams.pem",
     "tag": "_etc_hitch_minio.admin.swh.network.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ Concat_fragment[minio.admin.swh.network key] =>
   parameters =>
     "order": "01",
     "source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/privkey.pem",
     "tag": "_etc_hitch_minio.admin.swh.network.pem",
     "target": "/etc/hitch/minio.admin.swh.network.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/minio.admin.swh.network/cert.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/minio.admin.swh.network/cert.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/minio.admin.swh.network/chain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/minio.admin.swh.network/chain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/minio.admin.swh.network/fullchain.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0644",
     "owner": "root",
     "source": "puppet:///le_certs/minio.admin.swh.network/fullchain.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/minio.admin.swh.network/privkey.pem] =>
   parameters =>
     "ensure": "present",
     "group": "root",
     "mode": "0600",
     "owner": "root",
     "source": "puppet:///le_certs/minio.admin.swh.network/privkey.pem"
*******************************************
+ File[/etc/ssl/certs/letsencrypt/minio.admin.swh.network] =>
   parameters =>
     "ensure": "directory",
     "group": "root",
     "mode": "0755",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/01_minio.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ File[/etc/varnish/includes/50_vhost_minio.admin.swh.network.vcl] =>
   parameters =>
     "content": "# vhost_minio.admin.swh.network.vcl\n#\n# Settings for the minio...
     "group": "root",
     "mode": "0644",
     "notify": "Exec[vcl_reload]",
     "owner": "root"
*******************************************
+ Group[kubenfs] =>
   parameters =>
     "ensure": "present",
     "gid": 42000
*******************************************
+ Hitch::Domain[minio.admin.swh.network] =>
   parameters =>
     "cacert_source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/chain.p...
     "cert_source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/cert.pem"...
     "default": false,
     "ensure": "present",
     "key_source": "/etc/ssl/certs/letsencrypt/minio.admin.swh.network/privkey.pe...
*******************************************
+ Profile::Hitch::Ssl_cert[minio.admin.swh.network] =>
   parameters =>
     "ssl_cert_name": "minio.admin.swh.network"
*******************************************
+ Profile::Letsencrypt::Certificate[minio.admin.swh.network] =>
   parameters =>
     "basename": "minio.admin.swh.network",
     "privkey_group": "root",
     "privkey_mode": "0600",
     "privkey_owner": "root",
     "source_cert": "minio.admin.swh.network"
*******************************************
+ Profile::Varnish::Vcl_include[minio] =>
   parameters =>
     "basename": "minio",
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "order": "01"
*******************************************
+ Profile::Varnish::Vcl_include[vhost_minio.admin.swh.network] =>
   parameters =>
     "basename": "vhost_minio.admin.swh.network",
     "content": "# vhost_minio.admin.swh.network.vcl\n#\n# Settings for the minio...
     "order": "50"
*******************************************
+ Profile::Varnish::Vhost[minio.admin.swh.network] =>
   parameters =>
     "aliases": [

     ],
     "backend_http_host": "k8s-admin.internal.admin.swh.network",
     "backend_http_port": "80",
     "backend_name": "minio",
     "basic_auth": false,
     "hsts_max_age": 15768000,
     "order": "50",
     "servername": "minio.admin.swh.network",
     "websocket_support": false
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/01_minio.vcl] =>
   parameters =>
     "content": "# backend_default.vcl\n#\n# Default backend definition.\n#\n# Fi...
     "file": "/etc/varnish/includes/01_minio.vcl"
*******************************************
+ Varnish::Vcl[/etc/varnish/includes/50_vhost_minio.admin.swh.network.vcl] =>
   parameters =>
     "content": "# vhost_minio.admin.swh.network.vcl\n#\n# Settings for the minio...
     "file": "/etc/varnish/includes/50_vhost_minio.admin.swh.network.vcl"
*******************************************
*** End octocatalog-diff on rp1.internal.admin.swh.network
Edited Nov 21, 2022 by Vincent Sellier
admin/minio: export the s3 api to internet through the admin reverse proxy

Merge request reports
