Add self-signed cert for zuulv3.o.o

This was imported from local snake-oil cert generated by zuulv3.o.o. Also open 443 on firewall. Change-Id: Icfbf2097fd671763c5b3d2232fe77f7ff5a0cbca Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-07-28 15:04:00 -04:00 · 2017-07-28 15:04:00 -04:00 · 5484442876
commit 5484442876
parent 57197cf027
2 changed files with 40 additions and 18 deletions
--- a/hiera/fqdn/zuulv3.openstack.org.yaml
+++ b/hiera/fqdn/zuulv3.openstack.org.yaml
@ -48,3 +48,23 @@ gearman_server_ssl_cert: |
  uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
  1GRv9pIfENRRHOiC57p0RSQZZ/2V
  -----END CERTIFICATE-----
+
+zuul_ssl_cert_file_contents: |
+  -----BEGIN CERTIFICATE-----
+  MIICzjCCAbagAwIBAgIJAMV1mxY+iSJpMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
+  BAMMFHp1dWx2My5vcGVuc3RhY2sub3JnMB4XDTE3MDYwMjE5MzUwMloXDTI3MDUz
+  MTE5MzUwMlowHzEdMBsGA1UEAwwUenV1bHYzLm9wZW5zdGFjay5vcmcwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgAf85YVjjBTHYJnIx8VA1VvSAidD
+  LHp2Yn+7DgUfHXjNdpftTgvWxnzXMFaglNzrNrixGNlkg1sdGDJ+DB/mvptKJUEH
+  WMfOVI98Eo0dx5w+lcP8XGTg6/SY59+PiqNpCmi+T49axQO2XKNlt+ZJsSVaEhEj
+  E2OrkZY+A8RFj07TUjSMv/pmo3AxgVjFoWszDT8pj30CTT3lg3eXXJwlqrH/P9IQ
+  FnwRSt3sR60ahFFJnvHdL1FJl/I0W5nWD6LNEpX7ryaIUIqMhQpQjGDpvG77ntfW
+  A5zhBVWPC7p2k6OaUD6AjlPMJLZh5YbyGaRN4l2Z4oizBGjoq1Qv9QehAgMBAAGj
+  DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAOFIxTTiw10jWRKQuRKU
+  KskncSNj3ZxSjwPTOQs++hLjYYYlKA4LbWwokp7u5rTpJP/NHYLHXIda6l/Ne3JG
+  +Mby/vu0TKMX2z+0IQx3MZG7b+4NkH4jg40Q+Y879n0jvOfBplHtJB1UmQYk51fs
+  Hbrb6vvxeLRJ74JZX6t756gZnagzAoLj7DtmTfruUVjD/kRJK8gUCyKMNvN6PH3u
+  5Ls4WwOME+bFdFcxBJjj1LSKGlZoE22mSVlRqHvVXVfM9XTolvw5PequFhiPXYyj
+  ESN9QfRuVeKltTl8NdDgwlYjBBUYR5omuX5LLWUSXuvQK/dYM4ahERf3ivbXMjhF
+  M+Q=
+  -----END CERTIFICATE-----
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -1186,7 +1186,7 @@ node 'zuulv3.openstack.org' {
  $iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')

  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80],
+    iptables_public_tcp_ports => [80, 443],
    iptables_rules6           => $iptables_rules,
    iptables_rules4           => $iptables_rules,
    sysadmins                 => hiera('sysadmins', []),
@ -1199,23 +1199,25 @@ node 'zuulv3.openstack.org' {
  # NOTE(pabelanger): We call ::zuul directly, so we can override all in one
  # settings.
  class { '::zuul':
-    gerrit_server           => $gerrit_server,
-    gerrit_user             => $gerrit_user,
-    zuul_ssh_private_key    => $zuul_ssh_private_key,
-    git_email               => $git_email,
-    git_name                => $git_name,
-    revision                => $revision,
-    python_version          => 3,
-    zookeeper_hosts         => 'nodepool.openstack.org:2181',
-    zuulv3                  => true,
-    connections             => hiera('zuul_connections', []),
-    connection_secrets      => hiera('zuul_connection_secrets', []),
-    zuul_status_url         => 'http://127.0.0.1:8001/openstack',
-    gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
-    gearman_client_ssl_key  => hiera('gearman_client_ssl_key'),
-    gearman_server_ssl_cert => hiera('gearman_server_ssl_cert'),
-    gearman_server_ssl_key  => hiera('gearman_server_ssl_key'),
-    gearman_ssl_ca          => hiera('gearman_ssl_ca'),
+    gerrit_server                => $gerrit_server,
+    gerrit_user                  => $gerrit_user,
+    zuul_ssh_private_key         => $zuul_ssh_private_key,
+    git_email                    => $git_email,
+    git_name                     => $git_name,
+    revision                     => $revision,
+    python_version               => 3,
+    zookeeper_hosts              => 'nodepool.openstack.org:2181',
+    zuulv3                       => true,
+    connections                  => hiera('zuul_connections', []),
+    connection_secrets           => hiera('zuul_connection_secrets', []),
+    zuul_status_url              => 'http://127.0.0.1:8001/openstack',
+    gearman_client_ssl_cert      => hiera('gearman_client_ssl_cert'),
+    gearman_client_ssl_key       => hiera('gearman_client_ssl_key'),
+    gearman_server_ssl_cert      => hiera('gearman_server_ssl_cert'),
+    gearman_server_ssl_key       => hiera('gearman_server_ssl_key'),
+    gearman_ssl_ca               => hiera('gearman_ssl_ca'),
+    proxy_ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
+    proxy_ssl_key_file_contents  => hiera('zuul_ssl_key_file_contents'),
  }

  file { "/etc/zuul/github.key":