paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

puppet: Add options for allow/deny rules in Smokescreen.

Browse Source 
Fixes: #20490
This commit is contained in:
Alex Vandiver
2025-09-03 13:26:34 -04:00
committed by Tim Abbott
parent 473c8fa81a
commit 4739c4b057
4 changed files with 76 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
puppet/zulip/manifests/smokescreen.pp
View File

@@ -37,6 +37,11 @@ class zulip::smokescreen {
}
$listen_address = zulipconf('http_proxy', 'listen_address', '127.0.0.1')
$allow_addresses = split(zulipconf('http_proxy', 'allow_addresses', ''), ',')
$allow_ranges = split(zulipconf('http_proxy', 'allow_ranges', ''), ',')
$deny_addresses = split(zulipconf('http_proxy', 'deny_addresses', ''), ',')
$deny_ranges = split(zulipconf('http_proxy', 'deny_ranges', ''), ',')
file { "${zulip::common::supervisor_conf_dir}/smokescreen.conf":
ensure => file,
require => [

17
puppet/zulip/templates/supervisor/smokescreen.conf.erb
View File

@@ -1,5 +1,20 @@
<%
acls = []
acls.concat(@allow_addresses.map {|a| "--allow-address #{a}"})
acls.concat(@allow_ranges.map {|a| "--allow-range #{a}"})
acls.concat(@deny_addresses.map {|a| "--deny-address #{a}"})
acls.concat(@deny_ranges.map {|a| "--deny-range #{a}"})
if acls.empty?
acl = ""
else
acl = " " + acls.join(" ")
end
-%>
[program:smokescreen]
command=<%= @bin %> --listen-ip <%= @listen_address %> --expose-prometheus-metrics --prometheus-port 4760
command=<%= @bin %> --listen-ip <%= @listen_address %> --expose-prometheus-metrics --prometheus-port 4760<%= acl %>
priority=15
autostart=true
autorestart=true