Install the tile.openstreetmap.org certificate on tile servers

diff --git a/cookbooks/ssl/attributes/default.rb b/cookbooks/ssl/attributes/default.rb
new file mode 100644 (file)
index 0000000..c9f1dcd
--- /dev/null
+++ b/cookbooks/ssl/attributes/default.rb
@@ -0,0 +1 @@
+default[:ssl][:certificate] = "openstreetmap"

diff --git a/cookbooks/ssl/files/default/tile.openstreetmap.pem b/cookbooks/ssl/files/default/tile.openstreetmap.pem
new file mode 100644 (file)
index 0000000..730bb5c
--- /dev/null
+++ b/cookbooks/ssl/files/default/tile.openstreetmap.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFNjCCBB6gAwIBAgIDDpOwMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
+HhcNMTMxMDE2MTIxMjQxWhcNMTcxMDE4MDc0OTI3WjCBxzEpMCcGA1UEBRMgR1g3
+Z1NuNS9OSnNiYUdrWlpLNHZ1U3dlTGNRZXZXTXMxEzARBgNVBAsTCkdUMTA5NTY2
+OTcxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
+KGMpMTMxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
+U1NMKFIpMSEwHwYDVQQDDBgqLnRpbGUub3BlbnN0cmVldG1hcC5vcmcwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsfSa4q/TOq5/FVGKxoNaY4T7dXIRS
+jAH+dnm3zlStyD/o9N8kuf1cRYF/qGbezTKNTjnPljkjKrIZox6d0M3l3xJbzXcJ
+MwNARmEYi8bHbkhU3G770pLSZh1kfhURUrBUVcAJcMD14nBB+DJHcH49Rnh3gu3L
+PR5c9xfSziwRvyaYlpwPOa1xFOBGFWqCY59upPo1umF4lVsPrT2SAyHN0QpSClRx
+cwUNE0mpA3M9Dv3omf0A6VLsvEKx6lTI7xIyT25OebnXu/i9YLHGu11T5N63MDd1
+t56coaPIsK8zCZ1qg/sjLr7xtNydn0BqCK287GuCYg7AtbYVMYpAGM7ZAgMBAAGj
+ggGzMIIBrzAfBgNVHSMEGDAWgBRraT1qGEJK3Y8CZTn9NSSGeJEWMDAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCMGA1UdEQQc
+MBqCGCoudGlsZS5vcGVuc3RyZWV0bWFwLm9yZzBDBgNVHR8EPDA6MDigNqA0hjJo
+dHRwOi8vcmFwaWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNy
+bDAdBgNVHQ4EFgQUbVPVOmq6XIVViPfD9h6ZqBKDtLIwDAYDVR0TAQH/BAIwADB4
+BggrBgEFBQcBAQRsMGowLQYIKwYBBQUHMAGGIWh0dHA6Ly9yYXBpZHNzbC1vY3Nw
+Lmdlb3RydXN0LmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL3JhcGlkc3NsLWFpYS5n
+ZW90cnVzdC5jb20vcmFwaWRzc2wuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4RQEH
+NjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJj
+ZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IBAQARlqO2Vy6UjSTYbz8TQYXhbY5f7rZC
+hiuEx+isn3FWImnOFTSUf7aqX2HB0ZCuTrKSXy8/uxjl0Z4hZ5oDHH2Liaox10J4
+JAfUZMhPk67Tm+ammY2O5o8nubqy6EdgycU3+iayswIyxSABL29W4nhusJqhw6I9
+Zcxd1FErz+Al0qfuEBDxcuUaywhTolka8YFtflBoGTMPWwh8NHxc9zZhJ1JcLve2
+uY0c2wS2CJWGAsTFN6i0Xxy/jsuP23uXTmHSk7fKcV0UkdjiQB6+WP6OoFwWISM6
+YiuxK+wu50s8Cb2OJ12aBmojbEH/QBKJXIVBsbtumUA+3LEcUnor3nz7
+-----END CERTIFICATE-----

diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb
index 4bbcea471acb1cd8873f16723f24d57aaa0f4c6e..a3a2708c426cf81aa0b20ea8a5ef5117620d915e 100644 (file)
--- a/cookbooks/ssl/recipes/default.rb
+++ b/cookbooks/ssl/recipes/default.rb
@@ -29,17 +29,17 @@ cookbook_file "/etc/ssl/certs/rapidssl.pem" do
   backup false
 end
 
-cookbook_file "/etc/ssl/certs/openstreetmap.pem" do
+cookbook_file "/etc/ssl/certs/#{node[:ssl][:certificate]}.pem" do
   owner "root"
   group "root"
   mode 0444
   backup false
 end
 
-file "/etc/ssl/private/openstreetmap.key" do
+file "/etc/ssl/private/#{node[:ssl][:certificate]}.key" do
   owner "root"
   group "ssl-cert"
   mode 0440
-  content keys["openstreetmap"].join("\n")
+  content keys[node[:ssl][:certificate]].join("\n")
   backup false
 end

diff --git a/roles/tilecache.rb b/roles/tilecache.rb
index daaaddf2c3d2ca87e5e51b461973a5b8cb908136..3f3f3f08d6a6a49a6a0cf56fa9eca8f01c5da126 100644 (file)
--- a/roles/tilecache.rb
+++ b/roles/tilecache.rb
@@ -2,6 +2,9 @@ name "tilecache"
 description "Role applied to all tile cache servers"
 
 default_attributes(
+  :ssl => {
+    :certificate => "tile.openstreetmap"
+  },
   :sysctl => {
     :network_conntrack_time_wait => {
       :comment => "Only track completed connections for 30 seconds",
@@ -20,5 +23,6 @@ default_attributes(
 
 run_list(
   "role[geodns]",
+  "recipe[ssl]",
   "recipe[tilecache]"
 )