From ebcb1ae1ce157038061aacd16369cf3423d4be9c Mon Sep 17 00:00:00 2001
From: Marton Kiss <marton.kiss@gmail.com>
Date: Mon, 1 Dec 2014 08:46:10 +0100
Subject: [PATCH] Enable SSL for groups.openstack.org

Enable the SSL connection for groups.openstack.org, required
by oauth2 authentication of openstackid.org.

New hiera variables:
- groups_site_ssl_cert_file_contents: x509 certificate of the vhost
in pem format.
- groups_site_ssl_key_file_contents: key of x509 cert in pem format.
- groups_site_ssl_chain_file_contents: parent certs of site certificate

Change-Id: Ia266e1ee057467e5149b84f8b5f8be98bf63180f
Implements: blueprint groups-oauth2-authentication
---
 manifests/site.pp                             | 13 +++--
 modules/openstack_project/manifests/groups.pp | 49 ++++++++++++-------
 2 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index a427e55c9e..6f44330a70 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -210,11 +210,14 @@ node 'graphite.openstack.org' {
 # Node-OS: precise
 node 'groups.openstack.org' {
   class { 'openstack_project::groups':
-    sysadmins           => hiera('sysadmins', []),
-    site_admin_password => hiera('groups_site_admin_password', 'XXX'),
-    site_mysql_host     => hiera('groups_site_mysql_host', 'localhost'),
-    site_mysql_password => hiera('groups_site_mysql_password', 'XXX'),
-    conf_cron_key       => hiera('groups_conf_cron_key', 'XXX'),
+    sysadmins                    => hiera('sysadmins', []),
+    site_admin_password          => hiera('groups_site_admin_password', 'XXX'),
+    site_mysql_host              => hiera('groups_site_mysql_host', 'localhost'),
+    site_mysql_password          => hiera('groups_site_mysql_password', 'XXX'),
+    conf_cron_key                => hiera('groups_conf_cron_key', 'XXX'),
+    site_ssl_cert_file_contents  => hiera('groups_site_ssl_cert_file_contents', undef),
+    site_ssl_key_file_contents   => hiera('groups_site_ssl_key_file_contents', undef),
+    site_ssl_chain_file_contents => hiera('groups_site_ssl_chain_file_contents', undef),
   }
 }
 
diff --git a/modules/openstack_project/manifests/groups.pp b/modules/openstack_project/manifests/groups.pp
index 45fe647c5a..a12238eaa8 100644
--- a/modules/openstack_project/manifests/groups.pp
+++ b/modules/openstack_project/manifests/groups.pp
@@ -20,6 +20,12 @@ class openstack_project::groups (
   $site_mysql_password = '',
   $conf_cron_key = '',
   $sysadmins = [],
+  $site_ssl_cert_file_contents = undef,
+  $site_ssl_key_file_contents = undef,
+  $site_ssl_chain_file_contents = undef,
+  $site_ssl_cert_file = '/etc/ssl/certs/groups.openstack.org.pem',
+  $site_ssl_key_file = '/etc/ssl/private/groups.openstack.org.key',
+  $site_ssl_chain_file = '/etc/ssl/certs/groups.openstack.org_ca.pem',
 ) {
 
   realize (
@@ -39,24 +45,31 @@ class openstack_project::groups (
   }
 
   class { 'drupal':
-    site_name               => 'groups.openstack.org',
-    site_root               => '/srv/vhosts/groups.openstack.org',
-    site_mysql_host         => $site_mysql_host,
-    site_mysql_user         => 'groups',
-    site_mysql_password     => $site_mysql_password,
-    site_mysql_database     => 'groups',
-    site_vhost_root         => '/srv/vhosts',
-    site_admin_password     => $site_admin_password,
-    site_alias              => 'groups',
-    site_profile            => 'groups',
-    site_base_url           => 'http://groups.openstack.org',
-    package_repository      => 'http://tarballs.openstack.org/groups/drupal-updates/release-history',
-    package_branch          => 'stable',
-    conf_cron_key           => $conf_cron_key,
-    conf_markdown_directory => '/srv/groups-static-pages',
-    conf_ga_account         => 'UA-17511903-1',
-    conf_openid_provider    => 'https://openstackid.org',
-    require                 => [ Class['openstack_project::server'],
+    site_name                    => 'groups.openstack.org',
+    site_root                    => '/srv/vhosts/groups.openstack.org',
+    site_mysql_host              => $site_mysql_host,
+    site_mysql_user              => 'groups',
+    site_mysql_password          => $site_mysql_password,
+    site_mysql_database          => 'groups',
+    site_vhost_root              => '/srv/vhosts',
+    site_admin_password          => $site_admin_password,
+    site_alias                   => 'groups',
+    site_profile                 => 'groups',
+    site_base_url                => 'http://groups.openstack.org',
+    site_ssl_enabled             => true,
+    site_ssl_cert_file_contents  => $site_ssl_cert_file_contents,
+    site_ssl_key_file_contents   => $site_ssl_key_file_contents,
+    site_ssl_chain_file_contents => $site_ssl_chain_file_contents,
+    site_ssl_cert_file           => $site_ssl_cert_file,
+    site_ssl_key_file            => $site_ssl_key_file,
+    site_ssl_chain_file          => $site_ssl_chain_file,
+    package_repository           => 'http://tarballs.openstack.org/groups/drupal-updates/release-history',
+    package_branch               => 'stable',
+    conf_cron_key                => $conf_cron_key,
+    conf_markdown_directory      => '/srv/groups-static-pages',
+    conf_ga_account              => 'UA-17511903-1',
+    conf_openid_provider         => 'https://openstackid.org',
+    require                      => [ Class['openstack_project::server'],
       Vcsrepo['/srv/groups-static-pages'] ],
   }