It turns out that specifying the ciphers we want to use leads to
breakage. So instead we'll explicitly tell Apache which ciphers
we don't want to use.
Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.
Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
Create a productive instance of openid service at openstackid.org. This
domain was bought by the Foundation to avoid *.openstack.org cross-domain
issues.
Related tasks:
- create trove database for openid service (openstackid_id_mysql* variables)
- setup connection string to openstack.org profile db
(openstackid_ss_mysql_* variables)
- issue openstackid.org x509 certificate
(openstackid_ssl* variables)
- setup openstackid_redis_password and openstackid_site_admin_password
hiera variables.
Change-Id: Iaf198d004d0c9cad10668405b0e5b2537b791a7f
Openstackid deploy tool now tracks the deployed site version
from tarballs.openstack.org and deploy.sh status command display
UPDATE AVAILABLE when a new release is available.
Change-Id: I8bbc3bfceca37d00c3bba78995e3aff01b671aa4
Implements: blueprint openid-oauth2-infra-implementation-puppet-script
Prepares a raw server with all software stack needed to run
openstackid project:
* installs PHP
* installs Apache
* installs Redis Server
* creates a initial environment configuration for laravel application
(using *.erb templates)
Change-Id: If6216da0d70a45609076e8111a67055dbc87c9e4
Refactor the openstack_project::openstackid_dev module out into a
top-level openstackid module in preparation for multiple servers,
set up Apache to serve content out of /srv/openstackid, add an
/etc/openstackid/database.php file with connection details injected
from hiera and keep an updated clone of openstack-infra/openstackid
in /opt/openstackid.
Change-Id: Icdde594384e3af27c8dd185a51b9e5a71619fb7b