(stunnel) use a combined cert.

2015-03-17 14:45:25 +00:00 · 2015-03-17 14:45:25 +00:00 · 63d93036b3
commit 63d93036b3
parent 88f1f35b1d
2 changed files with 11 additions and 1 deletions
--- a/roles/fedmsg/gateway/slave/tasks/main.yml
+++ b/roles/fedmsg/gateway/slave/tasks/main.yml
@ -73,6 +73,16 @@
  - fedmsg/gateway
  - fedmsg/gateway/slave

+- name: put our combined cert in place
+  copy: >
+    src={{private}}/httpd/wildcard-2014.fedoraproject.org.combined.cert
+    dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.combined.cert
+    owner=root group=root mode=0644
+  notify: restart stunnel
+  tags:
+  - fedmsg/gateway
+  - fedmsg/gateway/slave
+
 - name: start the gateway for raw zeromq traffic
  service: name=fedmsg-gateway state=started enabled=yes
  tags:
--- a/roles/fedmsg/gateway/slave/templates/stunnel-conf.j2
+++ b/roles/fedmsg/gateway/slave/templates/stunnel-conf.j2
@ -1,4 +1,4 @@
-cert = /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
+cert = /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.combined.cert
 key = /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
 pid = /var/run/stunnel.pid