6 Commits

Author SHA1 Message Date
Timothy Chavez
47db7ea292 Use the SSLProtocol blacklist approach
It turns out that specifying the ciphers we want to use leads to
breakage.  So instead we'll explicitly tell Apache which ciphers
we don't want to use.

Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
2014-10-16 11:41:04 -05:00
Clark Boylan
e347a71153 Use only TLSv1 and greater to depoodle
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
2014-10-14 17:07:06 -07:00
Marton Kiss
ec72e39c36 Openstackid.org openid instance
Create a productive instance of openid service at openstackid.org. This
domain was bought by the Foundation to avoid *.openstack.org cross-domain
issues.

Related tasks:
- create trove database for openid service (openstackid_id_mysql* variables)
- setup connection string to openstack.org profile db
  (openstackid_ss_mysql_* variables)
- issue openstackid.org x509 certificate
  (openstackid_ssl* variables)
- setup openstackid_redis_password and openstackid_site_admin_password
  hiera variables.

Change-Id: Iaf198d004d0c9cad10668405b0e5b2537b791a7f
2014-10-08 14:03:50 +00:00
Marton Kiss
75d4225985 Openstackid track site version
Openstackid deploy tool now tracks the deployed site version
from tarballs.openstack.org and deploy.sh status command display
UPDATE AVAILABLE when a new release is available.

Change-Id: I8bbc3bfceca37d00c3bba78995e3aff01b671aa4
2014-03-17 16:30:32 +01:00
smarcet
b7ce8e9533 Clean up puppet (deploy LAMP / setup app config)
Implements: blueprint openid-oauth2-infra-implementation-puppet-script

Prepares a raw server with all software stack needed to run
openstackid project:

* installs PHP
* installs Apache
* installs Redis Server
* creates a initial environment configuration for laravel application
  (using *.erb templates)

Change-Id: If6216da0d70a45609076e8111a67055dbc87c9e4
2014-02-21 11:33:40 -03:00
Jeremy Stanley
318c79b9fc Set up openstackid module
Refactor the openstack_project::openstackid_dev module out into a
top-level openstackid module in preparation for multiple servers,
set up Apache to serve content out of /srv/openstackid, add an
/etc/openstackid/database.php file with connection details injected
from hiera and keep an updated clone of openstack-infra/openstackid
in /opt/openstackid.

Change-Id: Icdde594384e3af27c8dd185a51b9e5a71619fb7b
2013-12-27 22:56:55 +00:00