opendev/system-config
Code Issues Proposed changes

Add self-signed cert for zuulv3.o.o

Browse Source 
This was imported from local snake-oil cert generated by zuulv3.o.o.
Also open 443 on firewall.

Change-Id: Icfbf2097fd671763c5b3d2232fe77f7ff5a0cbca
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2017-07-28 15:04:00 -04:00
parent 57197cf027
commit 5484442876
No known key found for this signature in database
GPG Key ID: 611A80832067AF38
2 changed files with 40 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hiera/fqdn/zuulv3.openstack.org.yaml
View File

@ -48,3 +48,23 @@ gearman_server_ssl_cert: |
uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
1GRv9pIfENRRHOiC57p0RSQZZ/2V 1GRv9pIfENRRHOiC57p0RSQZZ/2V
-----END CERTIFICATE----- -----END CERTIFICATE-----
zuul_ssl_cert_file_contents: |
-----BEGIN CERTIFICATE-----
MIICzjCCAbagAwIBAgIJAMV1mxY+iSJpMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
BAMMFHp1dWx2My5vcGVuc3RhY2sub3JnMB4XDTE3MDYwMjE5MzUwMloXDTI3MDUz
MTE5MzUwMlowHzEdMBsGA1UEAwwUenV1bHYzLm9wZW5zdGFjay5vcmcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgAf85YVjjBTHYJnIx8VA1VvSAidD
LHp2Yn+7DgUfHXjNdpftTgvWxnzXMFaglNzrNrixGNlkg1sdGDJ+DB/mvptKJUEH
WMfOVI98Eo0dx5w+lcP8XGTg6/SY59+PiqNpCmi+T49axQO2XKNlt+ZJsSVaEhEj
E2OrkZY+A8RFj07TUjSMv/pmo3AxgVjFoWszDT8pj30CTT3lg3eXXJwlqrH/P9IQ
FnwRSt3sR60ahFFJnvHdL1FJl/I0W5nWD6LNEpX7ryaIUIqMhQpQjGDpvG77ntfW
A5zhBVWPC7p2k6OaUD6AjlPMJLZh5YbyGaRN4l2Z4oizBGjoq1Qv9QehAgMBAAGj
DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAOFIxTTiw10jWRKQuRKU
KskncSNj3ZxSjwPTOQs++hLjYYYlKA4LbWwokp7u5rTpJP/NHYLHXIda6l/Ne3JG
+Mby/vu0TKMX2z+0IQx3MZG7b+4NkH4jg40Q+Y879n0jvOfBplHtJB1UmQYk51fs
Hbrb6vvxeLRJ74JZX6t756gZnagzAoLj7DtmTfruUVjD/kRJK8gUCyKMNvN6PH3u
5Ls4WwOME+bFdFcxBJjj1LSKGlZoE22mSVlRqHvVXVfM9XTolvw5PequFhiPXYyj
ESN9QfRuVeKltTl8NdDgwlYjBBUYR5omuX5LLWUSXuvQK/dYM4ahERf3ivbXMjhF
M+Q=
-----END CERTIFICATE-----

4
manifests/site.pp
View File

@ -1186,7 +1186,7 @@ node 'zuulv3.openstack.org' {
$iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT') $iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [80], iptables_public_tcp_ports => [80, 443],
iptables_rules6 => $iptables_rules, iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules, iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []), sysadmins => hiera('sysadmins', []),
@ -1216,6 +1216,8 @@ node 'zuulv3.openstack.org' {
gearman_server_ssl_cert => hiera('gearman_server_ssl_cert'), gearman_server_ssl_cert => hiera('gearman_server_ssl_cert'),
gearman_server_ssl_key => hiera('gearman_server_ssl_key'), gearman_server_ssl_key => hiera('gearman_server_ssl_key'),
gearman_ssl_ca => hiera('gearman_ssl_ca'), gearman_ssl_ca => hiera('gearman_ssl_ca'),
proxy_ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
proxy_ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
} }
file { "/etc/zuul/github.key": file { "/etc/zuul/github.key":