Switch openstackid to LE certs

The previous change should provision the certs for us. If we are happy
with the results then we can land this to swap production over.

Change-Id: I5b0de65a245c20763eca3165ca7076e5fb2d69a6
This commit is contained in:
Clark Boylan 2021-05-26 13:27:31 -07:00
parent 7a0ab6c94e
commit 9a085ab46e
2 changed files with 9 additions and 6 deletions

View File

@ -257,9 +257,9 @@ node /^openstackid\d*(\.openstack)?\.org$/ {
id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
id_db_name => hiera('openstackid_id_db_name'),
redis_password => hiera('openstackid_redis_password'),
ssl_cert_file_contents => hiera('openstackid_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('openstackid_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('openstackid_ssl_chain_file_contents'),
ssl_cert_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.cer',
ssl_key_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.key',
ssl_chain_file => '/etc/letsencrypt-certs/openstackid.org/ca.cer',
id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'),
id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'),
vhost_name => 'openstackid.org',

View File

@ -31,6 +31,9 @@ class openstack_project::openstackid_prod (
$id_log_error_to_email = '',
$id_log_error_from_email = '',
$id_environment = 'production',
$ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
$ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
@ -110,9 +113,9 @@ class openstack_project::openstackid_prod (
id_log_error_to_email => $id_log_error_to_email,
id_log_error_from_email => $id_log_error_from_email,
id_environment => $id_environment,
ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem",
ssl_key_file => "/etc/ssl/private/${::fqdn}.key",
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,