Enable SSL for groups.openstack.org

Enable the SSL connection for groups.openstack.org, required by oauth2 authentication of openstackid.org. New hiera variables: - groups_site_ssl_cert_file_contents: x509 certificate of the vhost in pem format. - groups_site_ssl_key_file_contents: key of x509 cert in pem format. - groups_site_ssl_chain_file_contents: parent certs of site certificate Change-Id: Ia266e1ee057467e5149b84f8b5f8be98bf63180f Implements: blueprint groups-oauth2-authentication
2014-12-01 08:46:10 +01:00 · 2014-12-01 08:46:10 +01:00 · ebcb1ae1ce
commit ebcb1ae1ce
parent fe231ef1f3
2 changed files with 39 additions and 23 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -215,6 +215,9 @@ node 'groups.openstack.org' {
    site_mysql_host              => hiera('groups_site_mysql_host', 'localhost'),
    site_mysql_password          => hiera('groups_site_mysql_password', 'XXX'),
    conf_cron_key                => hiera('groups_conf_cron_key', 'XXX'),
+    site_ssl_cert_file_contents  => hiera('groups_site_ssl_cert_file_contents', undef),
+    site_ssl_key_file_contents   => hiera('groups_site_ssl_key_file_contents', undef),
+    site_ssl_chain_file_contents => hiera('groups_site_ssl_chain_file_contents', undef),
  }
 }

--- a/modules/openstack_project/manifests/groups.pp
+++ b/modules/openstack_project/manifests/groups.pp
@ -20,6 +20,12 @@ class openstack_project::groups (
  $site_mysql_password = '',
  $conf_cron_key = '',
  $sysadmins = [],
+  $site_ssl_cert_file_contents = undef,
+  $site_ssl_key_file_contents = undef,
+  $site_ssl_chain_file_contents = undef,
+  $site_ssl_cert_file = '/etc/ssl/certs/groups.openstack.org.pem',
+  $site_ssl_key_file = '/etc/ssl/private/groups.openstack.org.key',
+  $site_ssl_chain_file = '/etc/ssl/certs/groups.openstack.org_ca.pem',
 ) {

  realize (
@ -50,6 +56,13 @@ class openstack_project::groups (
    site_alias                   => 'groups',
    site_profile                 => 'groups',
    site_base_url                => 'http://groups.openstack.org',
+    site_ssl_enabled             => true,
+    site_ssl_cert_file_contents  => $site_ssl_cert_file_contents,
+    site_ssl_key_file_contents   => $site_ssl_key_file_contents,
+    site_ssl_chain_file_contents => $site_ssl_chain_file_contents,
+    site_ssl_cert_file           => $site_ssl_cert_file,
+    site_ssl_key_file            => $site_ssl_key_file,
+    site_ssl_chain_file          => $site_ssl_chain_file,
    package_repository           => 'http://tarballs.openstack.org/groups/drupal-updates/release-history',
    package_branch               => 'stable',
    conf_cron_key                => $conf_cron_key,