From 4d11d2e084189bc2c3042e67fe3f67bd9dfa182b Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 23 Feb 2015 17:23:46 +0000
Subject: [PATCH] Make the osmfoundation certificate the default cert on ridley

---
 cookbooks/apache/attributes/default.rb     |  1 +
 cookbooks/apache/recipes/ssl.rb            |  5 +++--
 cookbooks/apache/templates/default/ssl.erb |  2 +-
 cookbooks/civicrm/recipes/default.rb       |  4 ----
 cookbooks/stateofthemap/recipes/default.rb | 14 --------------
 cookbooks/switch2osm/recipes/default.rb    |  4 ----
 roles/ridley.rb                            |  6 ++++++
 7 files changed, 11 insertions(+), 25 deletions(-)

diff --git a/cookbooks/apache/attributes/default.rb b/cookbooks/apache/attributes/default.rb
index 469a1a90d..37b87aaf3 100644
--- a/cookbooks/apache/attributes/default.rb
+++ b/cookbooks/apache/attributes/default.rb
@@ -29,5 +29,6 @@ default[:apache][:event][:max_requests_per_child] = 0
 default[:apache][:listen_address] = "*"
 
 default[:apache][:ssl][:certificate] = "openstreetmap"
+default[:apache][:ssl][:certificate_chain] = "rapidssl"
 
 default[:apache][:buffered_logs] = true
diff --git a/cookbooks/apache/recipes/ssl.rb b/cookbooks/apache/recipes/ssl.rb
index c85770402..d0b1b74d5 100644
--- a/cookbooks/apache/recipes/ssl.rb
+++ b/cookbooks/apache/recipes/ssl.rb
@@ -18,6 +18,7 @@
 #
 
 certificate = node[:apache][:ssl][:certificate]
+certificate_chain = node[:apache][:ssl][:certificate_chain]
 
 node.default[:ssl][:certificates] = node[:ssl][:certificates] | [certificate]
 
@@ -32,13 +33,13 @@ apache_module "ssl"
 
 apache_conf "ssl" do
   template "ssl.erb"
-  variables :certificate => certificate
+  variables :certificate => certificate, :certificate_chain => certificate_chain
   notifies :reload, "service[apache2]"
 end
 
 service "apache2" do
   action :nothing
-  subscribes :restart, "cookbook_file[/etc/ssl/certs/rapidssl.pem]"
+  subscribes :restart, "cookbook_file[/etc/ssl/certs/#{certificate_chain}.pem]"
   subscribes :restart, "cookbook_file[/etc/ssl/certs/#{certificate}.pem]"
   subscribes :restart, "file[/etc/ssl/private/#{certificate}.key]"
 end
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index f7cbb2712..caf0b3a55 100644
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -7,7 +7,7 @@ SSLCipherSuite <%= node[:ssl][:ciphers] -%>
 
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
-SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
+SSLCertificateChainFile /etc/ssl/certs/<%= @certificate_chain %>.pem
 <% if node[:lsb][:release].to_f >= 14.04 -%>
 
 SSLUseStapling On
diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb
index 33005cb03..936c398c8 100644
--- a/cookbooks/civicrm/recipes/default.rb
+++ b/cookbooks/civicrm/recipes/default.rb
@@ -17,8 +17,6 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"]
-
 include_recipe "wordpress"
 include_recipe "mysql"
 
@@ -39,8 +37,6 @@ end
 
 wordpress_site "crm.osmfoundation.org" do
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
diff --git a/cookbooks/stateofthemap/recipes/default.rb b/cookbooks/stateofthemap/recipes/default.rb
index 55eb8eb36..ec21f90a9 100644
--- a/cookbooks/stateofthemap/recipes/default.rb
+++ b/cookbooks/stateofthemap/recipes/default.rb
@@ -17,8 +17,6 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"]
-
 include_recipe "wordpress"
 
 passwords = data_bag_item("stateofthemap", "passwords")
@@ -33,8 +31,6 @@ wordpress_site "2007.stateofthemap.org" do
   aliases "2007.stateofthemap.com"
   directory "/srv/2007.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2007"
   database_user "sotm2007"
   database_password passwords["sotm2007"]
@@ -66,8 +62,6 @@ wordpress_site "2008.stateofthemap.org" do
   aliases "2008.stateofthemap.com"
   directory "/srv/2008.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2008"
   database_user "sotm2008"
   database_password passwords["sotm2008"]
@@ -102,8 +96,6 @@ wordpress_site "2009.stateofthemap.org" do
   aliases "2009.stateofthemap.com"
   directory "/srv/2009.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2009"
   database_user "sotm2009"
   database_password passwords["sotm2009"]
@@ -140,8 +132,6 @@ wordpress_site "2010.stateofthemap.org" do
   aliases "2010.stateofthemap.com"
   directory "/srv/2010.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2010"
   database_user "sotm2010"
   database_password passwords["sotm2010"]
@@ -181,8 +171,6 @@ wordpress_site "2011.stateofthemap.org" do
   aliases "2011.stateofthemap.com"
   directory "/srv/2011.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2011"
   database_user "sotm2011"
   database_password passwords["sotm2011"]
@@ -222,8 +210,6 @@ wordpress_site "2012.stateofthemap.org" do
   aliases "2012.stateofthemap.com"
   directory "/srv/2012.stateofthemap.org/wp"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "sotm2012"
   database_user "sotm2012"
   database_password passwords["sotm2012"]
diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb
index 397a5815d..5b2703fee 100644
--- a/cookbooks/switch2osm/recipes/default.rb
+++ b/cookbooks/switch2osm/recipes/default.rb
@@ -17,8 +17,6 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"]
-
 include_recipe "wordpress"
 
 passwords = data_bag_item("switch2osm", "passwords")
@@ -27,8 +25,6 @@ wordpress_site "switch2osm.org" do
   aliases ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"]
   directory "/srv/switch2osm.org"
   ssl_enabled true
-  ssl_certificate "osmfoundation"
-  ssl_certificate_chain "startcom"
   database_name "switch2osm-blog"
   database_user "switch2osm-user"
   database_password passwords["switch2osm-user"]
diff --git a/roles/ridley.rb b/roles/ridley.rb
index f4f45c032..efcdd4c7d 100644
--- a/roles/ridley.rb
+++ b/roles/ridley.rb
@@ -2,6 +2,12 @@ name "ridley"
 description "Master role applied to ridley"
 
 default_attributes(
+  :apache => {
+    :ssl => {
+      :certificate => "osmfoundation",
+      :certificate_chain => "startcom"
+    }
+  },
   :dhcpd => {
     :first_address => "10.0.15.1",
     :last_address => "10.0.15.254"
-- 
2.43.2