opendev/system-config
Code Issues Proposed changes

Merge "Move security.openstack.org to HTTPS"

Browse Source
This commit is contained in:
Jenkins
2015-05-14 00:57:39 +00:00
committed by Gerrit Code Review
parent c58f38482c 08dc5c2006
commit 9844824dcd
3 changed files with 103 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
modules/openstack_project/manifests/static.pp
View File

@@ -9,6 +9,9 @@ class openstack_project::static (
$swift_region_name = '',
$swift_default_container = '',
$project_config_repo = '',
$security_ssl_cert_file_contents = '',
$security_ssl_key_file_contents = '',
$security_ssl_chain_file_contents = '',
$jenkins_gitfullname = 'OpenStack Jenkins',
$jenkins_gitemail = 'jenkins@openstack.org',
) {
@@ -118,10 +121,13 @@ class openstack_project::static (
# Security
apache::vhost { 'security.openstack.org':
port => 80,
priority => '50',
docroot => '/srv/static/security',
require => File['/srv/static/security'],
port => 443, # Is required despite not being used.
docroot => '/srv/static/security',
priority => '50',
ssl => true,
template => 'openstack_project/security.vhost.erb',
vhost_name => 'security.openstack.org',
require => File['/srv/static/security'],
}
file { '/srv/static/security':
@@ -131,6 +137,50 @@ class openstack_project::static (
require => User['jenkins'],
}
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/etc/ssl/certs/security.openstack.org.pem':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $security_ssl_cert_file_contents,
require => File['/etc/ssl/certs'],
before => Apache::Vhost['security.openstack.org'],
}
file { '/etc/ssl/private/security.openstack.org.key':
ensure => present,
owner => 'root',
group => 'root',
mode => '0600',
content => $security_ssl_key_file_contents,
require => File['/etc/ssl/private'],
before => Apache::Vhost['security.openstack.org'],
}
file { '/etc/ssl/certs/security.openstack.org_intermediate.pem':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $security_ssl_chain_file_contents,
require => File['/etc/ssl/certs'],
before => Apache::Vhost['security.openstack.org'],
}
###########################################################
# Governance