Merge "Apache - Use net_cidr_map for proxy_ips"

This commit is contained in:
Zuul 2019-01-10 21:13:22 +00:00 committed by Gerrit Code Review
commit 86755894f7
2 changed files with 7 additions and 8 deletions
puppet/services
tools

@ -90,17 +90,13 @@ outputs:
apache::trace_enable: 'Off'
apache::server_signature: 'Off'
apache::server_tokens: 'Prod'
apache_remote_proxy_ips_network:
# TODO(hjensas): Replace with get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, ApacheNetwork]}
str_replace:
template:
"%{hiera('$NETWORK_subnet')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}"
get_param:
- ServiceData
- net_cidr_map
- {get_param: [ServiceNetMap, ApacheNetwork]}
- if:
- internal_tls_enabled
-

@ -904,6 +904,9 @@ def validate_service_hiera_interpol(f, tpl):
# Omit if external deploy tasks in the path
if 'external_deploy_tasks' in path:
continue
# Omit apache remoteip proxy_ips
if 'apache::mod::remoteip::proxy_ips' in path:
continue
# Omit if not a part of {get_param: [ServiceNetMap ...
if not enter_lists and path[-1] != 'get_param':