From 9a085ab46e2360972b22fbaa8e0ef4ce33dcc819 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Wed, 26 May 2021 13:27:31 -0700
Subject: [PATCH] Switch openstackid to LE certs

The previous change should provision the certs for us. If we are happy
with the results then we can land this to swap production over.

Change-Id: I5b0de65a245c20763eca3165ca7076e5fb2d69a6
---
 manifests/site.pp                                       | 6 +++---
 modules/openstack_project/manifests/openstackid_prod.pp | 9 ++++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 0bad48cc41..2816c01178 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -257,9 +257,9 @@ node /^openstackid\d*(\.openstack)?\.org$/ {
     id_mysql_user                                => hiera('openstackid_id_mysql_user', 'username'),
     id_db_name                                   => hiera('openstackid_id_db_name'),
     redis_password                               => hiera('openstackid_redis_password'),
-    ssl_cert_file_contents                       => hiera('openstackid_ssl_cert_file_contents'),
-    ssl_key_file_contents                        => hiera('openstackid_ssl_key_file_contents'),
-    ssl_chain_file_contents                      => hiera('openstackid_ssl_chain_file_contents'),
+    ssl_cert_file                                => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.cer',
+    ssl_key_file                                 => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.key',
+    ssl_chain_file                               => '/etc/letsencrypt-certs/openstackid.org/ca.cer',
     id_recaptcha_public_key                      => hiera('openstackid_recaptcha_public_key'),
     id_recaptcha_private_key                     => hiera('openstackid_recaptcha_private_key'),
     vhost_name                                   => 'openstackid.org',
diff --git a/modules/openstack_project/manifests/openstackid_prod.pp b/modules/openstack_project/manifests/openstackid_prod.pp
index b4f8fd70c2..3edab3c156 100644
--- a/modules/openstack_project/manifests/openstackid_prod.pp
+++ b/modules/openstack_project/manifests/openstackid_prod.pp
@@ -31,6 +31,9 @@ class openstack_project::openstackid_prod (
   $id_log_error_to_email = '',
   $id_log_error_from_email = '',
   $id_environment = 'production',
+  $ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
+  $ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
+  $ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
   $ssl_cert_file_contents = '',
   $ssl_key_file_contents = '',
   $ssl_chain_file_contents = '',
@@ -110,9 +113,9 @@ class openstack_project::openstackid_prod (
     id_log_error_to_email                        => $id_log_error_to_email,
     id_log_error_from_email                      => $id_log_error_from_email,
     id_environment                               => $id_environment,
-    ssl_cert_file                                => "/etc/ssl/certs/${::fqdn}.pem",
-    ssl_key_file                                 => "/etc/ssl/private/${::fqdn}.key",
-    ssl_chain_file                               => '/etc/ssl/certs/intermediate.pem',
+    ssl_cert_file                                => $ssl_cert_file,
+    ssl_key_file                                 => $ssl_key_file,
+    ssl_chain_file                               => $ssl_chain_file,
     ssl_cert_file_contents                       => $ssl_cert_file_contents,
     ssl_key_file_contents                        => $ssl_key_file_contents,
     ssl_chain_file_contents                      => $ssl_chain_file_contents,