From a36b76bb511bc349ba2d5da4079d48689b284cc5 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Mon, 24 May 2021 12:41:11 -0700
Subject: [PATCH] Switch storyboard to LE cert

Once we are happy with the newly provisioned LE cert for storyboard we
can land this change to swap apache2 over to it.

Change-Id: Ib77ce8c0b6927a85f09b857ca67ad56059898a84
---
 manifests/site.pp                                 | 8 +++-----
 modules/openstack_project/manifests/storyboard.pp | 2 ++
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 944106f9d5..037e917ab0 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -165,11 +165,9 @@ node /^storyboard\d+\.opendev\.org$/ {
     mysql_password          => hiera('storyboard_db_password'),
     rabbitmq_user           => hiera('storyboard_rabbit_user', 'username'),
     rabbitmq_password       => hiera('storyboard_rabbit_password'),
-    ssl_cert                => '/etc/ssl/certs/storyboard.openstack.org.pem',
-    ssl_cert_file_contents  => hiera('storyboard_ssl_cert_file_contents'),
-    ssl_key                 => '/etc/ssl/private/storyboard.openstack.org.key',
-    ssl_key_file_contents   => hiera('storyboard_ssl_key_file_contents'),
-    ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'),
+    ssl_cert                => '/etc/letsencrypt-certs/storyboard.openstack.org/storyboard.openstack.org.cer',
+    ssl_key                 => '/etc/letsencrypt-certs/storyboard.openstack.org/storyboard.openstack.org.key',
+    ssl_ca                  => '/etc/letsencrypt-certs/storyboard.openstack.org/ca.cer',
     hostname                => 'storyboard.openstack.org',
     valid_oauth_clients     => ['storyboard.openstack.org',],
     cors_allowed_origins    => ['https://storyboard.openstack.org',],
diff --git a/modules/openstack_project/manifests/storyboard.pp b/modules/openstack_project/manifests/storyboard.pp
index 542fad3d49..3064a17556 100644
--- a/modules/openstack_project/manifests/storyboard.pp
+++ b/modules/openstack_project/manifests/storyboard.pp
@@ -12,6 +12,7 @@ class openstack_project::storyboard(
   $ssl_cert_file_contents = undef,
   $ssl_key = undef,
   $ssl_key_file_contents = undef,
+  $ssl_ca = undef,
   $ssl_chain_file_contents = undef,
   $openid_url = 'https://login.ubuntu.com/+openid',
   $project_config_repo = '',
@@ -45,6 +46,7 @@ class openstack_project::storyboard(
     ssl_key_content  => $ssl_key_file_contents,
     ssl_key          => $ssl_key,
     ssl_ca_content   => $ssl_chain_file_contents,
+    ssl_ca           => $ssl_ca,
   }
 
   class { '::storyboard::application':