Switch jenkins.openstack.org to a snakeoil cert

The SSL cert for jenkins.openstack.org was obtained in 2013 when this interface was more heavily used by our developer community. Since then we've rolled out 7 additional Jenkins masters and so this is no longer a useful primary reference. The only real need for authenticated connections to its WebUI at this point is systems administrators performing maintenance and minimal local configuration, for which ToFU of a self-signed cert is sufficient. Change-Id: Ibf95983a2ac76c2e9e39bcfc99643e3cac401245
2015-07-16 19:54:21 +00:00 · 2015-07-16 19:54:21 +00:00 · cddd9e6265
commit cddd9e6265
parent 1faaa18139
2 changed files with 3 additions and 4 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -134,9 +134,9 @@ node 'jenkins.openstack.org' {
    project_config_repo     => 'https://git.openstack.org/openstack-infra/project-config',
    jenkins_jobs_password   => hiera('jenkins_jobs_password', 'XXX'),
    jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'),
-    ssl_cert_file_contents  => hiera('jenkins_ssl_cert_file_contents', 'XXX'),
-    ssl_key_file_contents   => hiera('jenkins_ssl_key_file_contents', 'XXX'),
-    ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents', 'XXX'),
+    ssl_cert_file           => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+    ssl_key_file            => '/etc/ssl/private/ssl-cert-snakeoil.key',
+    ssl_chain_file          => '',
  }
 }

--- a/modules/openstack_project/files/ssl_cert_check/ssldomains
+++ b/modules/openstack_project/files/ssl_cert_check/ssldomains
@ -3,7 +3,6 @@ etherpad.openstack.org 443
 git.openstack.org 443
 groups.openstack.org 443
 groups-dev.openstack.org 443
-jenkins.openstack.org 443
 openstackid.org 443
 openstackid-dev.openstack.org 443
 review.openstack.org 443