From bac26b3251bea6138c4422392c28a7a1f3812202 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 27 Oct 2016 20:51:56 +0100 Subject: [PATCH] Move SSL certificates to private repository Having the keys and certificates live in the same place makes it easier to mock them in the test environment. --- cookbooks/ssl/files/default/openstreetmap.pem | 32 ----------- cookbooks/ssl/files/default/osmfoundation.pem | 49 ----------------- .../ssl/files/default/tile.openstreetmap.pem | 53 ------------------- cookbooks/ssl/recipes/default.rb | 4 +- 4 files changed, 3 insertions(+), 135 deletions(-) delete mode 100644 cookbooks/ssl/files/default/openstreetmap.pem delete mode 100644 cookbooks/ssl/files/default/osmfoundation.pem delete mode 100644 cookbooks/ssl/files/default/tile.openstreetmap.pem diff --git a/cookbooks/ssl/files/default/openstreetmap.pem b/cookbooks/ssl/files/default/openstreetmap.pem deleted file mode 100644 index 68b7f14cd..000000000 --- a/cookbooks/ssl/files/default/openstreetmap.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFfDCCBGSgAwIBAgIQeWB+DWjnV3piZyYD35jm/DANBgkqhkiG9w0BAQsFADBC -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS -UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE2MDMwMjAwMDAwMFoXDTE3MDUwMTIzNTk1 -OVowHjEcMBoGA1UEAwwTKi5vcGVuc3RyZWV0bWFwLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALoJ/ZP1Dqdujj8feEV2v8GAyN8CPk+YP0ME7X5g -dVxTj7bBQjWvMPLT+AhxkTV/oH6h7PCk/Ew97PKcaOIKMmRKkChxDj5FY8iaSc0x -xc0yGXqVRYalwJ3nh13SRuHLeYJp9shecXmhbRlEt+aTc40y4gbJl9FpP6BbKw+Z -D34xQusCEHWAnXcH6qefhYyyu3RCposY4MQ6E+dnFxc9GynOhBbpwE4Y9RTavTiU -TuonIpos5IFx+TNww/WC+tO9L5CwkW/iwJSnSedU2xoBjMLAgltxgIfv2Ft9QmzR -PfCo7Z5F7CWsEFWBO4Dkcwjmvf03BhejBkO1yT7BZhqVtucCAwEAAaOCApAwggKM -MDEGA1UdEQQqMCiCEyoub3BlbnN0cmVldG1hcC5vcmeCEW9wZW5zdHJlZXRtYXAu -b3JnMAkGA1UdEwQCMAAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2dwLnN5bWNi -LmNvbS9ncC5jcmwwbwYDVR0gBGgwZjBkBgZngQwBAgEwWjAqBggrBgEFBQcCARYe -aHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMCwGCCsGAQUFBwICMCAMHmh0 -dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdhbDAfBgNVHSMEGDAWgBSXwidQnsLJ -7AyIMsh8reKmAU/abzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH -AwEGCCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDov -L2dwLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2dwLnN5bWNiLmNvbS9n -cC5jcnQwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDd6x0reg1PpiCLga2BaHB+ -Lo6dAdVciI09EcTNtuy+zAAAAVM36WeoAAAEAwBHMEUCIQDyCov3EC2DzlXjh1N7 -XnNKT6tx9sicItOr1BjmyykHpQIgPkVXb8dwz/UqMmeFpFpbh2TcAhZNlPcU8PzH -+BB3xzsAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVM36Wfw -AAAEAwBGMEQCIFwLGSpQJNaYJUOjfLg/WpBVf3NUxbktQz578qan5BPYAiARznbT -8TUPl/zizdyTkNZxJa06B3+b24ckIzYqV7fsPjANBgkqhkiG9w0BAQsFAAOCAQEA -FF+9AL681SW7BZLm6peiKcDjN8hIVK8yhG4zOb4emuJXqqr9ms4HL+6BN7XcuatD -h3AiCb2ZVKSYcMCJm/03RweDi/jXkLSXHnoyukWu1SZehMXReyoIJlNmDVRP/nU0 -MdGTvlCpIrpTEq7A4QB0ImHocjRxa6a/gYjNSQms18/wc0HLKCugs1JgsTlWQrS2 -voYgIqH0nLiPKvxQgqvI69XTb5DsR6b57AjjEfEf9f+z3t5u0bDKwOXDWOmu/tS7 -gVD+GwqjdrOIhKVjFgoPS3/hm2BTUH3jlPUOpjvNPVtFNt8qqlWdk6RmB7USHUZ7 -u2abSKWWlzhmXKob6hXMeQ== ------END CERTIFICATE----- diff --git a/cookbooks/ssl/files/default/osmfoundation.pem b/cookbooks/ssl/files/default/osmfoundation.pem deleted file mode 100644 index fae368848..000000000 --- a/cookbooks/ssl/files/default/osmfoundation.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIIzDCCB7SgAwIBAgIHBsLao8VPUzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE -BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE -aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs -YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MDIyMTAz -MDg1OFoXDTE3MDIyMTAwNDk1OFowgacxCzAJBgNVBAYTAkdCMRMwEQYDVQQIEwpC -aXJtaW5naGFtMRkwFwYDVQQHExBTdXR0b24gQ29sZGZpZWxkMSEwHwYDVQQKExhP -cGVuU3RyZWV0TWFwIEZvdW5kYXRpb24xHDAaBgNVBAMUEyoub3NtZm91bmRhdGlv -bi5vcmcxJzAlBgkqhkiG9w0BCQEWGGFkbWluc0BvcGVuc3RyZWV0bWFwLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJuxe5wR46CZT0V6j6mTiRf2 -14sK3tPuYsd88RplllgPpBFBBgbXaQHye/65b+TBKTwi1gaOFl9dwwa//Zo0iser -rz+vO2/NKVnJVfZoP6X3TOGMGAssHxWsaPVaD/Kju91B6oC+8XlN3US2Pyzizt6M -C7SqS31xd8xyKjgStqflvP3Wc8Xz0cjvAi/K32O2FbgNgslQHCFM5AY+B5BG5+7S -fgRetFbpPukmCX153DlaZEV9cYHAk6Qho+4RyOxuIrSoWl/vIl3oOT2MSjqogJRm -tiM+zAUYoZpuuG8fieyIFAmaFsuK7wb/ZBPgoVlG2K9v79aM9w97K70Ri4t+5SMC -AwEAAaOCBRQwggUQMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdJQQWMBQG -CCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUYRF/TPT7QpZHP10ciyUfzpmZ -5nUwHwYDVR0jBBgwFoAUEdsjRf1UzGpxb4SKA9e+9wEvJoYwggJOBgNVHREEggJF -MIICQYITKi5vc21mb3VuZGF0aW9uLm9yZ4IRb3NtZm91bmRhdGlvbi5vcmeCEW9w -ZW5zdHJlZXRtYXAub3JnghZibG9nLm9wZW5zdHJlZXRtYXAub3Jnggdvc20ub3Jn -ggxibG9nLm9zbS5vcmeCFmJsb2cub3NtZm91bmRhdGlvbi5vcmeCDnN3aXRjaDJv -c20ub3JnghFzdGF0ZW9mdGhlbWFwLmNvbYIPb3Blbmdlb2RhdGEub3JnghFzdGF0 -ZW9mdGhlbWFwLm9yZ4IZdGhpbmt1cC5vcGVuc3RyZWV0bWFwLm9yZ4IPdGhpbmt1 -cC5vc20ub3JnghZvdHJzLm9wZW5zdHJlZXRtYXAub3JnggxvdHJzLm9zbS5vcmeC -HGZvdW5kYXRpb24ub3BlbnN0cmVldG1hcC5vcmeCEmZvdW5kYXRpb24ub3NtLm9y -Z4ITKi5zdGF0ZW9mdGhlbWFwLmNvbYITKi5zdGF0ZW9mdGhlbWFwLm9yZ4IQKi5z -d2l0Y2gyb3NtLm9yZ4IOc3dpdGNoMm9zbS5jb22CECouc3dpdGNoMm9zbS5jb22C -Em9wZW5zdHJlZXRtYXBzLm9yZ4IXYmxvZy5vcGVuc3RyZWV0bWFwcy5vcmeCEW9w -ZW5zdHJlZXRtYXAuY29tghZibG9nLm9wZW5zdHJlZXRtYXAuY29tghEqLm9wZW5n -ZW9kYXRhLm9yZ4IRb3BlbnN0cmVldG1hcC5uZXSCFmJsb2cub3BlbnN0cmVldG1h -cC5uZXQwggFWBgNVHSAEggFNMIIBSTAIBgZngQwBAgIwggE7BgsrBgEEAYG1NwEC -AzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGlj -eS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g -QXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj -b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9m -IHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBp -bnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFy -dHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwuc3Rh -cnRzc2wuY29tL2NydDItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEF -BQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvc2VydmVy -L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9z -dWIuY2xhc3MyLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5z -dGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IBAQAfe1P5cQXxgiaT2kNBIkCF -LVIu8UCZnpkipshwuL8+TXQ0HGUC10Mw/sg6bSAMkBhtE7ffypBlgmI49FHmekae -eAwygd1uubzInmtrXWhpNmQ3M4W53RJlOeU98TMkJiUcqx2kqBFyYbvT2G6u2nxQ -6U9ytr2VZF59iQ9tE9hDM+aqVPjMQdk45TKdraDu1MW0Q/zRPBp+FLn7+nl83Zdd -HEk0+GC4+fU4L5luprtmlkSESA2+beQ613OzKcwYMfClPCRTTooJbgK1OShRCgYm -gqEPJj20V0So8A1pTcLB2VQ68Fwrj5ckqJrjXN1djneWcnIFzEG9UvJlCKxd2pPc ------END CERTIFICATE----- diff --git a/cookbooks/ssl/files/default/tile.openstreetmap.pem b/cookbooks/ssl/files/default/tile.openstreetmap.pem deleted file mode 100644 index 8b1239476..000000000 --- a/cookbooks/ssl/files/default/tile.openstreetmap.pem +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEszCCA5ugAwIBAgIDBG0mMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy -NTYgQ0EgLSBHMzAeFw0xNTA1MTYwNzI4MDZaFw0xNzEwMjAxODE4MDFaMIGcMRMw -EQYDVQQLEwpHVDEwOTU2Njk3MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv -bS9yZXNvdXJjZXMvY3BzIChjKTEzMS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW -YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEhMB8GA1UEAwwYKi50aWxlLm9wZW5zdHJl -ZXRtYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW5uaqU3 -viA8NeRI3mFetA7LAruts+aXZhdtV2EBbdzlGEXN8qtolaI598EijEW/NP2dE0ra -F5oNpRCwfj8dDDVoDZg3rD+aHARyYFH2ayOKoRs1zHeOKq7AsKbXfhWZCorrBQWU -oGbhbuoHS0sId/XD7oIcWGxwJ7dRWteGLZ8bxLjD3jADmHecivhKWo9P/Yxl0ClM -7QzWIIfwYI2HQh6OzR4rIiNjj3AbKuJUu8pHkv+QzxQXeywfG00BvTzzmAh5xE2c -ENsvQZfhz0skkTPji6c2SBu74Pa624kNr4DcTh6AqZ7Xkb0zl4oPZT18bptU2B3g -QdHLNOoaIqqWAQIDAQABo4IBUDCCAUwwHwYDVR0jBBgwFoAUw5zz/NNGCDS7zkZ/ -oHxb8+IIy1kwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ3Yu -c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNy -dDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC -MCMGA1UdEQQcMBqCGCoudGlsZS5vcGVuc3RyZWV0bWFwLm9yZzArBgNVHR8EJDAi -MCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAA -MEEGA1UdIAQ6MDgwNgYGZ4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3 -LnJhcGlkc3NsLmNvbS9sZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEAdOLnsmq6XjOU -+ML8ZmbmI3oYuhU01y6fihGW/oQb6UkcRqkyIDIPKpDgeVldG+4ueTktOQPZc/0P -Drd2tDfc2UbAHjZpT/RmHr3it7Dj50yhYoxviYOhA5QHIovduItuJOggxWFhz5Cw -mkAPEqe/zTChLV/+c27tPH5ryM6JEGtf7rJV1nw7GJO/lp6f3oYQp9SmetWO/X9e -mZxxR3bQ4XkP+Oiepqt2h/H+iDpgXAf9IzafKQI7+Pxg3dRQyYH1xRGVKuKrS57E -97a0n82hjYnv8MBBMaKoFEprRGsaYwsdjuZ8vKwazL3LDZuRnQ+maLmfxGKk3xKN -WosZFIqm8g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg -U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv -VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp -SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS -1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ -DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM -QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp -YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7 -qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD -VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig -JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF -BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF -MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry -dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs -rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp -fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B -kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH -uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O -ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh -gP8L8mJMcCaY ------END CERTIFICATE----- diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb index 33c9bcb14..976db154b 100644 --- a/cookbooks/ssl/recipes/default.rb +++ b/cookbooks/ssl/recipes/default.rb @@ -18,6 +18,7 @@ # keys = data_bag_item("ssl", "keys") +certs = data_bag_item("ssl", "certs") package "openssl" package "ssl-cert" @@ -33,10 +34,11 @@ end ["openstreetmap", "tile.openstreetmap", "osmfoundation"].each do |certificate| if node[:ssl][:certificates].include?(certificate) - cookbook_file "/etc/ssl/certs/#{certificate}.pem" do + file "/etc/ssl/certs/#{certificate}.pem" do owner "root" group "root" mode 0o444 + content certs[certificate].join("\n") backup false end -- 2.43.2