Add temporary SSL certification for crm.osmfoundation.org
authorTom Hughes <tom@compton.nu>
Tue, 16 Dec 2014 12:25:06 +0000 (12:25 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 16 Dec 2014 12:30:16 +0000 (12:30 +0000)
cookbooks/civicrm/recipes/default.rb
cookbooks/ssl/files/default/crm.osmfoundation.pem [new file with mode: 0644]
cookbooks/ssl/recipes/default.rb
cookbooks/wordpress/definitions/wordpress_site.rb
cookbooks/wordpress/templates/default/apache.erb

index d366b8c..382cb53 100644 (file)
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ "crm.osmfoundation" ]
+
 include_recipe "wordpress"
 include_recipe "mysql"
 
@@ -37,7 +39,8 @@ mysql_database "civicrm" do
 end
 
 wordpress_site "crm.osmfoundation.org" do
-  ssl_enabled false
+  ssl_enabled true
+  ssl_certificate "crm.osmfoundation"
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
diff --git a/cookbooks/ssl/files/default/crm.osmfoundation.pem b/cookbooks/ssl/files/default/crm.osmfoundation.pem
new file mode 100644 (file)
index 0000000..3626197
--- /dev/null
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFATCCAumgAwIBAgIDAlJkMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
+Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTQxMjE2MTIwODIxWhcNMTYxMjE1
+MTIwODIxWjAgMR4wHAYDVQQDExVjcm0ub3NtZm91bmRhdGlvbi5vcmcwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5UVvmSjwN7x03au9xudnXAdK6Hjzr
+bnKpSZMLjmjZGdrtJELRl0/xkbk984A4SufMm5TtdrehBinjug7my9BZocyCAscW
+RTe3O3S6i+LQaKQe+2CtzVAx4fZSIznE4VCSFB5pRgpaffXQMr1aXTGGoODjet4T
+3hEUzVg0WwymbLh62eN4aIFvCLtN3U4+7l8UhZD5LDYDjU1wsE80yX+z96/6s0OY
+3T85bgNg7u/qMKczY9FlWY8Rz+ORcDElMO+tATq89+tcvuYBNIAfaqH2H49+Y5Lh
+LTKeotMuJyZwJInUsDtryY/QsPltEWbkiR0xbSpzTgK8R9HIbRORAfxDAgMBAAGj
+ggEOMIIBCjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTAr
+BggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggr
+BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcv
+MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMt
+cmV2b2tlLmNybDBFBgNVHREEPjA8ghVjcm0ub3NtZm91bmRhdGlvbi5vcmegIwYI
+KwYBBQUHCAWgFwwVY3JtLm9zbWZvdW5kYXRpb24ub3JnMA0GCSqGSIb3DQEBCwUA
+A4ICAQA7OZ1BHDxvKFZzmhjUnrtaCMus9vTwenq4b3ml4WZHpVOMPUe6wmm9cvRf
+UdzbZ8EPFvTkXgxJrRSAqSwbcwtOTyy4IIRR1CjrfHQHc/Gx/GRlc4sUFSHDGFH3
+bcwAUfOPTE741G+ir+1yltakfAoRWbf7wJWFaFIzJjSsEYbx9x4eoeeU+J0vGLHT
+1yXty57WWtclH1UoSte+1dqec0Gj949DOgMczygeiC25VrNyEnHw8SZudLLNDQIX
+4GNd0n02gKzyjipG4bRPXlyjfARF3OxZr/A2jgOzcAwPJmVWmORckpw5fWtTf1Kj
+D2cFgNRjzdHnGX1R77PdtXqsEPnap6f1W74H+PT3s1vIkqwT+meRqQITeIxAsu2B
+Ytk2ogRgWcqosb+SU4pQwvL/BeQocCdWZLt5wIkAuJjUvtVRl2WDJu+4ODT0Fjq0
+tveXh1C5uZAKPtTo97osvK9YsLVCwfrz+qTAUlVnZXBekmLsX8YslNdMP00P44oP
+zSdv2jEu1oFJR28epu77wz85WWo6Dam18xsSA8LE2ZPmi+xyCGuBTBpaP7yTCarh
+jOqt/dWOeWSgtXFmzGvhHet+k7bzzyITMHxBrSyIl+T97h50tbY1UB0x5vx6bU9F
+0izvC+d5RULNW240ZMsbcPx983USj9+4dUAJ5P9FMqtWcqWYLQ==
+-----END CERTIFICATE-----
index 81dea8b..ee4b933 100644 (file)
@@ -29,7 +29,7 @@ cookbook_file "/etc/ssl/certs/rapidssl.pem" do
   backup false
 end
 
-[ "openstreetmap", "tile.openstreetmap" ].each do |certificate|
+[ "openstreetmap", "tile.openstreetmap", "crm.osmfoundation" ].each do |certificate|
   if node[:ssl][:certificates].include?(certificate)
     cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
       owner "root"
index 8211f4c..7e8e161 100644 (file)
@@ -20,6 +20,7 @@
 define :wordpress_site, :action => [ :create, :enable ] do
   name = params[:name]
   ssl_enabled = params[:ssl_enabled] || false
+  ssl_certificate = params[:ssl_certificate]
   aliases = Array(params[:aliases])
   urls = Array(params[:urls])
   directory = params[:directory] || "/srv/#{name}"
@@ -129,7 +130,8 @@ define :wordpress_site, :action => [ :create, :enable ] do
     cookbook "wordpress"
     template "apache.erb"
     directory directory
-    variables :aliases => aliases, :urls => urls, :ssl_enabled => ssl_enabled
+    variables :aliases => aliases, :urls => urls,
+              :ssl_enabled => ssl_enabled, :ssl_certificate => ssl_certificate
     notifies :reload, "service[apache2]"
   end
 
index aea4eb6..3d0b97a 100644 (file)
   # Enable SSL
   #
   SSLEngine on
+<% if @ssl_certificate -%>
+  SSLCertificateFile /etc/ssl/certs/<%= @ssl_certificate %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_certificate %>.key
+<% end -%>
 
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log