Add ssl cert to wiki.o.o.

Change-Id: I6c6ad0ddd000e3f140cb08faef7dce2cb9ae7079
Reviewed-on: https://review.openstack.org/18349
Reviewed-by: Ryan Lane
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
This commit is contained in:
James E. Blair 2012-12-18 14:11:43 -08:00 committed by Jenkins
parent 26ce53321a
commit 37daa678e2
4 changed files with 60 additions and 9 deletions

View File

@ -163,8 +163,11 @@ node 'etherpad-dev.openstack.org' {
node 'wiki.openstack.org' {
class { 'openstack_project::wiki':
mysql_root_password => hiera('wiki_db_password'),
sysadmins => hiera('sysadmins'),
mysql_root_password => hiera('wiki_db_password'),
sysadmins => hiera('sysadmins'),
ssl_cert_file_contents => hiera('wiki_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('wiki_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('wiki_ssl_chain_file_contents'),
}
}

View File

@ -3,7 +3,13 @@
class mediawiki(
$role = '',
$site_hostname = '',
$mediawiki_location = ''
$mediawiki_location = '',
$ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
$ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
) {
if ($role == 'app' or $role == 'all') {
@ -16,6 +22,36 @@ class mediawiki(
ensure => present,
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$site_hostname],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
before => Apache::Vhost[$site_hostname],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$site_hostname],
}
}
apache::vhost { $site_hostname:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',

View File

@ -39,8 +39,11 @@
ServerName <%= scope.lookupvar("mediawiki::site_hostname") %>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/<%= fqdn %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= fqdn %>.key
SSLCertificateFile <%= scope.lookupvar("mediawiki::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("mediawiki::ssl_key_file") %>
<% if scope.lookupvar("mediawiki::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("mediawiki::ssl_chain_file") %>
<% end %>
RedirectMatch ^/$ http://<%= scope.lookupvar("mediawiki::site_hostname") %>/wiki/

View File

@ -2,7 +2,10 @@
#
class openstack_project::wiki (
$mysql_root_password = '',
$sysadmins = []
$sysadmins = [],
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
) {
include openssl
@ -18,9 +21,15 @@ class openstack_project::wiki (
)
class { 'mediawiki':
role => 'all',
mediawiki_location => '/srv/mediawiki/w',
site_hostname => $::fqdn,
role => 'all',
mediawiki_location => '/srv/mediawiki/w',
site_hostname => $::fqdn,
ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem",
ssl_key_file => "/etc/ssl/private/${::fqdn}.key",
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
}
class { 'memcached':
max_memory => 2048,