Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

make a small set of changes before too many

Browse source
This commit is contained in:
Stephen Smoogen 2017-02-01 23:39:23 +00:00
parent 66518acf7c
commit a59950b213
5 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

12
playbooks/include/proxies-certificates.yml
View file

@ -16,20 +16,20 @@
- role: httpd/mod_ssl - role: httpd/mod_ssl
- role: httpd/certificate - role: httpd/certificate
name: wildcard-2014.fedoraproject.org name: wildcard-2017.fedoraproject.org
SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
- role: httpd/certificate - role: httpd/certificate
name: wildcard-2014.fedorahosted.org name: wildcard-2014.fedorahosted.org
SSLCertificateChainFile: wildcard-2014.fedorahosted.org.intermediate.cert SSLCertificateChainFile: wildcard-2014.fedorahosted.org.intermediate.cert
- role: httpd/certificate - role: httpd/certificate
name: wildcard-2014.id.fedoraproject.org name: wildcard-2017.id.fedoraproject.org
SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert
- role: httpd/certificate - role: httpd/certificate
name: wildcard-2014.stg.fedoraproject.org name: wildcard-2017.stg.fedoraproject.org
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
- role: httpd/certificate - role: httpd/certificate
name: fedoramagazine.org name: fedoramagazine.org

18
playbooks/include/proxies-websites.yml
View file

@ -533,7 +533,7 @@
name: developer.fedoraproject.org name: developer.fedoraproject.org
server_aliases: [developer.stg.fedoraproject.org] server_aliases: [developer.stg.fedoraproject.org]
# Set this explicitly to stg here.. as per the original puppet config. # Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
sslonly: true sslonly: true
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
@ -596,7 +596,7 @@
name: taskotron.stg.fedoraproject.org name: taskotron.stg.fedoraproject.org
server_aliases: [taskotron.stg.fedoraproject.org] server_aliases: [taskotron.stg.fedoraproject.org]
# Set this explicitly to stg here.. as per the original puppet config. # Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
sslonly: true sslonly: true
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
when: env == "staging" when: env == "staging"
@ -606,7 +606,7 @@
server_aliases: [lists.stg.fedoraproject.org] server_aliases: [lists.stg.fedoraproject.org]
sslonly: true sslonly: true
# Set this explicitly to stg here.. as per the original puppet config. # Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
- role: httpd/website - role: httpd/website
@ -614,7 +614,7 @@
server_aliases: [lists.stg.fedorahosted.org] server_aliases: [lists.stg.fedorahosted.org]
sslonly: true sslonly: true
# Set this explicitly to stg here.. as per the original puppet config. # Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2014.fedorahosted.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
cert_name: wildcard-2014.fedorahosted.org cert_name: wildcard-2014.fedorahosted.org
- role: httpd/website - role: httpd/website
@ -623,8 +623,8 @@
- "*.id.fedoraproject.org" - "*.id.fedoraproject.org"
# Must not be sslonly, because example.id.fedoraproject.org must be reachable # Must not be sslonly, because example.id.fedoraproject.org must be reachable
# via plain http for openid identity support # via plain http for openid identity support
cert_name: wildcard-2014.id.fedoraproject.org cert_name: wildcard-2017.id.fedoraproject.org
SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert
- role: httpd/website - role: httpd/website
name: id.stg.fedoraproject.org name: id.stg.fedoraproject.org
@ -633,7 +633,7 @@
# Must not be sslonly, because example.id.fedoraproject.org must be reachable # Must not be sslonly, because example.id.fedoraproject.org must be reachable
# via plain http for openid identity support # via plain http for openid identity support
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
when: env == "staging" when: env == "staging"
- role: httpd/website - role: httpd/website
@ -685,7 +685,7 @@
name: beaker.stg.fedoraproject.org name: beaker.stg.fedoraproject.org
server_aliases: [beaker.stg.fedoraproject.org] server_aliases: [beaker.stg.fedoraproject.org]
# Set this explicitly to stg here.. as per the original puppet config. # Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
sslonly: true sslonly: true
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
when: env == "staging" when: env == "staging"
@ -731,7 +731,7 @@
- role: httpd/website - role: httpd/website
name: nagios.stg.fedoraproject.org name: nagios.stg.fedoraproject.org
server_aliases: [nagios.stg.fedoraproject.org] server_aliases: [nagios.stg.fedoraproject.org]
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
sslonly: true sslonly: true
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
when: env == "staging" when: env == "staging"

6
roles/download/tasks/main.yml
View file

@ -59,13 +59,13 @@
- selinux - selinux
- name: Copy wildcard cert from puppet private - name: Copy wildcard cert from puppet private
copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644 copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2017.fedoraproject.org.cert owner=root group=root mode=0644
- name: Copy wildcard key from puppet private - name: Copy wildcard key from puppet private
copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2017.fedoraproject.org.key owner=root group=root mode=0600
- name: Copy intermediate wildcard cert from puppet private - name: Copy intermediate wildcard cert from puppet private
copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644 copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2017.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
- name: Configure httpd dl main conf - name: Configure httpd dl main conf
template: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf template: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf

6
roles/download/templates/httpd/dl.fedoraproject.org.conf
View file

@ -15,9 +15,9 @@
SSLEngine on SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert SSLCertificateFile /etc/pki/tls/certs/wildcard-2017.fedoraproject.org.cert
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2017.fedoraproject.org.key
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2017.fedoraproject.org.intermediate.cert
SSLHonorCipherOrder On SSLHonorCipherOrder On
# https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14

2
roles/httpd/website/defaults/main.yml
View file

@ -6,5 +6,5 @@ server_aliases: []
server_admin: webmaster@fedoraproject.org server_admin: webmaster@fedoraproject.org
ssl: true ssl: true
sslonly: false sslonly: false
SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
gzip: false gzip: false