make a small set of changes before too many

2017-02-01 23:39:23 +00:00 · 2017-02-01 23:39:23 +00:00 · a59950b213
commit a59950b213
parent 66518acf7c
5 changed files with 22 additions and 22 deletions
--- a/playbooks/include/proxies-certificates.yml
+++ b/playbooks/include/proxies-certificates.yml
@ -16,20 +16,20 @@
  - role: httpd/mod_ssl

  - role: httpd/certificate
-    name: wildcard-2014.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
+    name: wildcard-2017.fedoraproject.org
+    SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: wildcard-2014.fedorahosted.org
    SSLCertificateChainFile: wildcard-2014.fedorahosted.org.intermediate.cert

  - role: httpd/certificate
-    name: wildcard-2014.id.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert
+    name: wildcard-2017.id.fedoraproject.org
+    SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
-    name: wildcard-2014.stg.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
+    name: wildcard-2017.stg.fedoraproject.org
+    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: fedoramagazine.org
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -533,7 +533,7 @@
    name: developer.fedoraproject.org
    server_aliases: [developer.stg.fedoraproject.org]
    # Set this explicitly to stg here.. as per the original puppet config.
-    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

@ -596,7 +596,7 @@
    name: taskotron.stg.fedoraproject.org
    server_aliases: [taskotron.stg.fedoraproject.org]
    # Set this explicitly to stg here.. as per the original puppet config.
-    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"
@ -606,7 +606,7 @@
    server_aliases: [lists.stg.fedoraproject.org]
    sslonly: true
    # Set this explicitly to stg here.. as per the original puppet config.
-    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    cert_name: "{{wildcard_cert_name}}"

  - role: httpd/website
@ -614,7 +614,7 @@
    server_aliases: [lists.stg.fedorahosted.org]
    sslonly: true
    # Set this explicitly to stg here.. as per the original puppet config.
-    SSLCertificateChainFile: wildcard-2014.fedorahosted.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
    cert_name: wildcard-2014.fedorahosted.org

  - role: httpd/website
@ -623,8 +623,8 @@
    - "*.id.fedoraproject.org"
    # Must not be sslonly, because example.id.fedoraproject.org must be reachable
    # via plain http for openid identity support
-    cert_name: wildcard-2014.id.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert
+    cert_name: wildcard-2017.id.fedoraproject.org
+    SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert

  - role: httpd/website
    name: id.stg.fedoraproject.org
@ -633,7 +633,7 @@
    # Must not be sslonly, because example.id.fedoraproject.org must be reachable
    # via plain http for openid identity support
    cert_name: "{{wildcard_cert_name}}"
-    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/website
@ -685,7 +685,7 @@
    name: beaker.stg.fedoraproject.org
    server_aliases: [beaker.stg.fedoraproject.org]
    # Set this explicitly to stg here.. as per the original puppet config.
-    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"
@ -731,7 +731,7 @@
  - role: httpd/website
    name: nagios.stg.fedoraproject.org
    server_aliases: [nagios.stg.fedoraproject.org]
-    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@ -59,13 +59,13 @@
  - selinux

 - name: Copy wildcard cert from puppet private
-  copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644
+  copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2017.fedoraproject.org.cert owner=root group=root mode=0644

 - name: Copy wildcard key from puppet private
-  copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
+  copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2017.fedoraproject.org.key owner=root group=root mode=0600

 - name: Copy intermediate wildcard cert from puppet private
-  copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
+  copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2017.fedoraproject.org.intermediate.cert owner=root group=root mode=0644

 - name: Configure httpd dl main conf
  template: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf
--- a/roles/download/templates/httpd/dl.fedoraproject.org.conf
+++ b/roles/download/templates/httpd/dl.fedoraproject.org.conf
@ -15,9 +15,9 @@


  SSLEngine on
-  SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
-  SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
-  SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
+  SSLCertificateFile /etc/pki/tls/certs/wildcard-2017.fedoraproject.org.cert
+  SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2017.fedoraproject.org.key
+  SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2017.fedoraproject.org.intermediate.cert
  SSLHonorCipherOrder On

  # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
--- a/roles/httpd/website/defaults/main.yml
+++ b/roles/httpd/website/defaults/main.yml
@ -6,5 +6,5 @@ server_aliases: []
 server_admin: webmaster@fedoraproject.org
 ssl: true
 sslonly: false
-SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
+SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
 gzip: false