diff --git a/manifests/site.pp b/manifests/site.pp
index 933d15b523..74d278b6fc 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -763,19 +763,16 @@ node 'static.openstack.org' {
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::static':
- project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
- swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/',
- swift_user => 'infra-files-ro',
- swift_key => hiera('infra_files_ro_password'),
- swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'),
- swift_region_name => 'DFW',
- swift_default_container => 'infra-files',
- ssl_cert_file_contents => hiera('static_ssl_cert_file_contents'),
- ssl_key_file_contents => hiera('static_ssl_key_file_contents'),
- ssl_chain_file_contents => hiera('static_ssl_chain_file_contents'),
- releases_cert_file_contents => hiera('releases_ssl_cert_file_contents'),
- releases_key_file_contents => hiera('releases_ssl_key_file_contents'),
- releases_chain_file_contents => hiera('releases_ssl_chain_file_contents'),
+ project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
+ swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/',
+ swift_user => 'infra-files-ro',
+ swift_key => hiera('infra_files_ro_password'),
+ swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'),
+ swift_region_name => 'DFW',
+ swift_default_container => 'infra-files',
+ ssl_cert_file_contents => hiera('static_ssl_cert_file_contents'),
+ ssl_key_file_contents => hiera('static_ssl_key_file_contents'),
+ ssl_chain_file_contents => hiera('static_ssl_chain_file_contents'),
}
}
diff --git a/modules/openstack_project/manifests/static.pp b/modules/openstack_project/manifests/static.pp
index f791f84ae1..9bcfcc5caf 100644
--- a/modules/openstack_project/manifests/static.pp
+++ b/modules/openstack_project/manifests/static.pp
@@ -14,9 +14,6 @@ class openstack_project::static (
$ssl_key_file_contents = '',
$ssl_chain_file = '',
$ssl_chain_file_contents = '',
- $releases_cert_file_contents = '',
- $releases_key_file_contents = '',
- $releases_chain_file_contents = '',
$jenkins_gitfullname = 'OpenStack Jenkins',
$jenkins_gitemail = 'jenkins@openstack.org',
) {
@@ -435,32 +432,16 @@ class openstack_project::static (
###########################################################
# Releases
- # Temporary separate HTTPS cert/key/chain for releases.o.o so that we
- # don't have to renew the static.o.o cert just to add one SubjectAltName
+ # These are no longer needed now that this site shares the same
+ # cert as the others.
file { '/etc/ssl/certs/releases.openstack.org.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $releases_cert_file_contents,
- require => File['/etc/ssl/certs'],
+ ensure => absent,
}
file { '/etc/ssl/private/releases.openstack.org.key':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0600',
- content => $releases_key_file_contents,
- require => File['/etc/ssl/private'],
+ ensure => absent,
}
file { '/etc/ssl/certs/releases.openstack.org_intermediate.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $releases_chain_file_contents,
- require => File['/etc/ssl/certs'],
- before => File['/etc/ssl/certs/releases.openstack.org.pem'],
+ ensure => absent,
}
::httpd::vhost { 'releases.openstack.org':
@@ -468,12 +449,12 @@ class openstack_project::static (
docroot => '/srv/static/releases',
priority => '50',
ssl => true,
- template => 'openstack_project/static-releases.vhost.erb',
+ template => 'openstack_project/static-https-redirect.vhost.erb',
vhost_name => 'releases.openstack.org',
require => [
File['/srv/static/releases'],
- File['/etc/ssl/certs/releases.openstack.org.pem'],
- File['/etc/ssl/private/releases.openstack.org.key'],
+ File[$cert_file],
+ File[$key_file],
],
}
diff --git a/modules/openstack_project/templates/static-releases.vhost.erb b/modules/openstack_project/templates/static-releases.vhost.erb
deleted file mode 100644
index 6472d3cb34..0000000000
--- a/modules/openstack_project/templates/static-releases.vhost.erb
+++ /dev/null
@@ -1,45 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @vhost_name %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif @serveraliases != '' -%>
-<%= " ServerAlias #{@serveraliases}" %>
-<% end -%>
- RewriteEngine On
- RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @vhost_name %>
- DocumentRoot <%= @docroot %>
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile /etc/ssl/certs/releases.openstack.org.pem
- SSLCertificateKeyFile /etc/ssl/private/releases.openstack.org.key
- SSLCertificateChainFile /etc/ssl/certs/releases.openstack.org_intermediate.pem
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Satisfy Any
- Require all granted
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-