Switch openstackid to LE certs

The previous change should provision the certs for us. If we are happy with the results then we can land this to swap production over. Change-Id: I5b0de65a245c20763eca3165ca7076e5fb2d69a6
2021-05-26 13:27:31 -07:00 · 2021-05-26 13:27:31 -07:00 · 9a085ab46e
commit 9a085ab46e
parent 7a0ab6c94e
2 changed files with 9 additions and 6 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -257,9 +257,9 @@ node /^openstackid\d*(\.openstack)?\.org$/ {
    id_mysql_user                                => hiera('openstackid_id_mysql_user', 'username'),
    id_db_name                                   => hiera('openstackid_id_db_name'),
    redis_password                               => hiera('openstackid_redis_password'),
-    ssl_cert_file_contents                       => hiera('openstackid_ssl_cert_file_contents'),
-    ssl_key_file_contents                        => hiera('openstackid_ssl_key_file_contents'),
-    ssl_chain_file_contents                      => hiera('openstackid_ssl_chain_file_contents'),
+    ssl_cert_file                                => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.cer',
+    ssl_key_file                                 => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.key',
+    ssl_chain_file                               => '/etc/letsencrypt-certs/openstackid.org/ca.cer',
    id_recaptcha_public_key                      => hiera('openstackid_recaptcha_public_key'),
    id_recaptcha_private_key                     => hiera('openstackid_recaptcha_private_key'),
    vhost_name                                   => 'openstackid.org',
--- a/modules/openstack_project/manifests/openstackid_prod.pp
+++ b/modules/openstack_project/manifests/openstackid_prod.pp
@ -31,6 +31,9 @@ class openstack_project::openstackid_prod (
  $id_log_error_to_email = '',
  $id_log_error_from_email = '',
  $id_environment = 'production',
+  $ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
+  $ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
+  $ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
  $ssl_cert_file_contents = '',
  $ssl_key_file_contents = '',
  $ssl_chain_file_contents = '',
@ -110,9 +113,9 @@ class openstack_project::openstackid_prod (
    id_log_error_to_email                        => $id_log_error_to_email,
    id_log_error_from_email                      => $id_log_error_from_email,
    id_environment                               => $id_environment,
-    ssl_cert_file                                => "/etc/ssl/certs/${::fqdn}.pem",
-    ssl_key_file                                 => "/etc/ssl/private/${::fqdn}.key",
-    ssl_chain_file                               => '/etc/ssl/certs/intermediate.pem',
+    ssl_cert_file                                => $ssl_cert_file,
+    ssl_key_file                                 => $ssl_key_file,
+    ssl_chain_file                               => $ssl_chain_file,
    ssl_cert_file_contents                       => $ssl_cert_file_contents,
    ssl_key_file_contents                        => $ssl_key_file_contents,
    ssl_chain_file_contents                      => $ssl_chain_file_contents,