Don't use snakeoil files with real certs

The refstack puppetry is set up to use snakeoil certs by default which is great for bootstrapping; however, our production instance has real certificate issued to it and we shouldn't write that to the snakeoil cerrt files to avoid confusion. Specificy refstack specific certificate, key, and intermediate chain file locations to clean this up and allow us to revert our snakeoil certs to proper untrusted self signed certs. Change-Id: Ibbcdd93a2ae38d9063b1f88f90ebdaadcac9b585
2018-06-22 15:38:37 -07:00 · 2018-06-22 15:38:37 -07:00 · 8f9db69c81
commit 8f9db69c81
parent 905fd9cfd5
1 changed files with 3 additions and 0 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -730,8 +730,11 @@ node /^refstack\d*\.openstack\.org$/ {
    mysql_user          => hiera('refstack_mysql_user', 'refstack'),
    mysql_user_password => hiera('refstack_mysql_password'),
    ssl_cert_content    => hiera('refstack_ssl_cert_file_contents'),
+    ssl_cert            => '/etc/ssl/certs/refstack.pem',
    ssl_key_content     => hiera('refstack_ssl_key_file_contents'),
+    ssl_key             => '/etc/ssl/private/refstack.key',
    ssl_ca_content      => hiera('refstack_ssl_chain_file_contents'),
+    ssl_ca              => '/etc/ssl/certs/refstack.ca.pem',
    protocol            => 'https',
  }
  mysql_backup::backup_remote { 'refstack':