opendev/system-config
Code Issues Proposed changes

Align etherpad vhost ssl section with standard.

Browse Source 
As copied from jenkins.  Both old and new names for the
cert contents are in hiera.

Change-Id: Ic6d8258479c260ac37346c49c1ecde8339c96a37
Reviewed-on: https://review.openstack.org/14432
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This commit is contained in:
James E. Blair 2012-10-13 08:55:30 -07:00 committed by Jenkins
parent ee20cbcadb
commit 274489ab9e
4 changed files with 58 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/site.pp
View File

@ -160,10 +160,11 @@ node 'pypi.openstack.org' {
node 'etherpad.openstack.org' {
class { 'openstack_project::etherpad':
etherpad_crt => hiera('etherpad_crt'),
etherpad_key => hiera('etherpad_key'),
database_password => hiera('etherpad_db_password'),
sysadmins => hiera('sysadmins'),
ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'),
database_password => hiera('etherpad_db_password'),
sysadmins => hiera('sysadmins'),
}
}

43
modules/etherpad_lite/manifests/apache.pp
View File

@ -1,11 +1,13 @@
class etherpad_lite::apache (
$vhost_name = $fqdn,
$etherpad_crt,
$etherpad_key
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file='',
$ssl_cert_file_contents='', # If left empty puppet will not create file.
$ssl_key_file_contents='', # If left empty puppet will not create file.
$ssl_chain_file_contents='' # If left empty puppet will not create file.
) {
include remove_nginx
apache::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
@ -55,4 +57,37 @@ class etherpad_lite::apache (
require => File['/etc/ssl/private'],
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
require => Package['ssl-cert'],
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
}

7
modules/etherpad_lite/templates/etherpadlite.vhost.erb
View File

@ -24,8 +24,11 @@
SSLEngine on
SSLCertificateFile /etc/ssl/certs/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>.key
SSLCertificateFile <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %>
<% if scope.lookupvar("etherpad_lite::apache::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("etherpad_lite::apache::ssl_chain_file") %>
<% end %>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \

13
modules/openstack_project/manifests/etherpad.pp
View File

@ -1,6 +1,7 @@
class openstack_project::etherpad (
$etherpad_crt,
$etherpad_key,
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$database_password,
$sysadmins = []
) {
@ -13,8 +14,12 @@ class openstack_project::etherpad (
include etherpad_lite::backup
class { 'etherpad_lite::apache':
etherpad_crt => $etherpad_crt,
etherpad_key => $etherpad_key,
ssl_cert_file => '/etc/ssl/certs/etherpad.openstack.org.pem',
ssl_key_file => '/etc/ssl/private/etherpad.openstack.org.key',
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
}
class { 'etherpad_lite::site':