Make the osmfoundation certificate the default cert on ridley
authorTom Hughes <tom@compton.nu>
Mon, 23 Feb 2015 17:23:46 +0000 (17:23 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 23 Feb 2015 17:36:47 +0000 (17:36 +0000)
cookbooks/apache/attributes/default.rb
cookbooks/apache/recipes/ssl.rb
cookbooks/apache/templates/default/ssl.erb
cookbooks/civicrm/recipes/default.rb
cookbooks/stateofthemap/recipes/default.rb
cookbooks/switch2osm/recipes/default.rb
roles/ridley.rb

index 469a1a9..37b87aa 100644 (file)
@@ -29,5 +29,6 @@ default[:apache][:event][:max_requests_per_child] = 0
 default[:apache][:listen_address] = "*"
 
 default[:apache][:ssl][:certificate] = "openstreetmap"
+default[:apache][:ssl][:certificate_chain] = "rapidssl"
 
 default[:apache][:buffered_logs] = true
index c857704..d0b1b74 100644 (file)
@@ -18,6 +18,7 @@
 #
 
 certificate = node[:apache][:ssl][:certificate]
+certificate_chain = node[:apache][:ssl][:certificate_chain]
 
 node.default[:ssl][:certificates] = node[:ssl][:certificates] | [certificate]
 
@@ -32,13 +33,13 @@ apache_module "ssl"
 
 apache_conf "ssl" do
   template "ssl.erb"
-  variables :certificate => certificate
+  variables :certificate => certificate, :certificate_chain => certificate_chain
   notifies :reload, "service[apache2]"
 end
 
 service "apache2" do
   action :nothing
-  subscribes :restart, "cookbook_file[/etc/ssl/certs/rapidssl.pem]"
+  subscribes :restart, "cookbook_file[/etc/ssl/certs/#{certificate_chain}.pem]"
   subscribes :restart, "cookbook_file[/etc/ssl/certs/#{certificate}.pem]"
   subscribes :restart, "file[/etc/ssl/private/#{certificate}.key]"
 end
index f7cbb27..caf0b3a 100644 (file)
@@ -7,7 +7,7 @@ SSLCipherSuite <%= node[:ssl][:ciphers] -%>
 
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
-SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
+SSLCertificateChainFile /etc/ssl/certs/<%= @certificate_chain %>.pem
 <% if node[:lsb][:release].to_f >= 14.04 -%>
 
 SSLUseStapling On
index 33005cb..936c398 100644 (file)
@@ -17,8 +17,6 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"]
-
 include_recipe "wordpress"
 include_recipe "mysql"
 
@@ -39,8 +37,6 @@ end
 
 wordpress_site "crm.osmfoundation.org" do
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
index 55eb8eb..ec21f90 100644 (file)
@@ -17,8 +17,6 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"]
-
 include_recipe "wordpress"
 
 passwords = data_bag_item("stateofthemap", "passwords")
@@ -33,8 +31,6 @@ wordpress_site "2007.stateofthemap.org" do
   aliases "2007.stateofthemap.com"
   directory "/srv/2007.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2007"
   database_user "sotm2007"
   database_password passwords["sotm2007"]
@@ -66,8 +62,6 @@ wordpress_site "2008.stateofthemap.org" do
   aliases "2008.stateofthemap.com"
   directory "/srv/2008.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2008"
   database_user "sotm2008"
   database_password passwords["sotm2008"]
@@ -102,8 +96,6 @@ wordpress_site "2009.stateofthemap.org" do
   aliases "2009.stateofthemap.com"
   directory "/srv/2009.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2009"
   database_user "sotm2009"
   database_password passwords["sotm2009"]
@@ -140,8 +132,6 @@ wordpress_site "2010.stateofthemap.org" do
   aliases "2010.stateofthemap.com"
   directory "/srv/2010.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2010"
   database_user "sotm2010"
   database_password passwords["sotm2010"]
@@ -181,8 +171,6 @@ wordpress_site "2011.stateofthemap.org" do
   aliases "2011.stateofthemap.com"
   directory "/srv/2011.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2011"
   database_user "sotm2011"
   database_password passwords["sotm2011"]
@@ -222,8 +210,6 @@ wordpress_site "2012.stateofthemap.org" do
   aliases "2012.stateofthemap.com"
   directory "/srv/2012.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2012"
   database_user "sotm2012"
   database_password passwords["sotm2012"]
index 397a581..5b2703f 100644 (file)
@@ -17,8 +17,6 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"]
-
 include_recipe "wordpress"
 
 passwords = data_bag_item("switch2osm", "passwords")
@@ -27,8 +25,6 @@ wordpress_site "switch2osm.org" do
   aliases ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"]
   directory "/srv/switch2osm.org"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "switch2osm-blog"
   database_user "switch2osm-user"
   database_password passwords["switch2osm-user"]
index f4f45c0..efcdd4c 100644 (file)
@@ -2,6 +2,12 @@ name "ridley"
 description "Master role applied to ridley"
 
 default_attributes(
+  :apache => {
+    :ssl => {
+      :certificate => "osmfoundation",
+      :certificate_chain => "startcom"
+    }
+  },
   :dhcpd => {
     :first_address => "10.0.15.1",
     :last_address => "10.0.15.254"