Browse Source

Switch openstackid to LE certs

The previous change should provision the certs for us. If we are happy
with the results then we can land this to swap production over.

Change-Id: I5b0de65a245c20763eca3165ca7076e5fb2d69a6
changes/36/793236/1
Clark Boylan 2 months ago
parent
commit
9a085ab46e
  1. 6
      manifests/site.pp
  2. 9
      modules/openstack_project/manifests/openstackid_prod.pp

6
manifests/site.pp

@ -257,9 +257,9 @@ node /^openstackid\d*(\.openstack)?\.org$/ {
id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
id_db_name => hiera('openstackid_id_db_name'),
redis_password => hiera('openstackid_redis_password'),
ssl_cert_file_contents => hiera('openstackid_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('openstackid_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('openstackid_ssl_chain_file_contents'),
ssl_cert_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.cer',
ssl_key_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.key',
ssl_chain_file => '/etc/letsencrypt-certs/openstackid.org/ca.cer',
id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'),
id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'),
vhost_name => 'openstackid.org',

9
modules/openstack_project/manifests/openstackid_prod.pp

@ -31,6 +31,9 @@ class openstack_project::openstackid_prod (
$id_log_error_to_email = '',
$id_log_error_from_email = '',
$id_environment = 'production',
$ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
$ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
@ -110,9 +113,9 @@ class openstack_project::openstackid_prod (
id_log_error_to_email => $id_log_error_to_email,
id_log_error_from_email => $id_log_error_from_email,
id_environment => $id_environment,
ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem",
ssl_key_file => "/etc/ssl/private/${::fqdn}.key",
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,

Loading…
Cancel
Save