From dfb478366191c1319ce50112e1cc74a3d304d374 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 23 Feb 2015 17:08:06 +0000
Subject: [PATCH] Stop copr-fe from installing a file, then modifying it every
 time.

---
 roles/copr/frontend/files/httpd/coprs_ssl.conf |  6 ++++--
 roles/copr/frontend/tasks/install_certs.yml    | 13 -------------
 2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/roles/copr/frontend/files/httpd/coprs_ssl.conf b/roles/copr/frontend/files/httpd/coprs_ssl.conf
index f142e1060f..914a0fcf6e 100644
--- a/roles/copr/frontend/files/httpd/coprs_ssl.conf
+++ b/roles/copr/frontend/files/httpd/coprs_ssl.conf
@@ -6,10 +6,12 @@
     SSLHonorCipherOrder on
     Header always add Strict-Transport-Security "max-age=15768000; preload"
 
-    SSLCertificateFile /etc/pki/tls/ca.crt
-    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
     ServerName copr-fe.cloud.fedoraproject.org:443
 
+    SSLCertificateFile /etc/pki/tls/certs/copr-fe.fedoraproject.org.crt"
+    SSLCertificateKeyFile /etc/pki/tls/private/copr-fe.fedoraproject.org.key"
+    SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt"
+
     WSGIPassAuthorization On
     #WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5
     WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
diff --git a/roles/copr/frontend/tasks/install_certs.yml b/roles/copr/frontend/tasks/install_certs.yml
index 4accf2648c..276b1b1071 100644
--- a/roles/copr/frontend/tasks/install_certs.yml
+++ b/roles/copr/frontend/tasks/install_certs.yml
@@ -12,16 +12,3 @@
   copy: src=DigiCertCA.crt dest="/etc/pki/tls/certs/" owner=root group=root mode=0600
   tags:
   - config
-
-- lineinfile: dest=/etc/httpd/conf.d/copr_ssl.conf regexp="SSLCertificateFile " insertafter="^#SSLCertificateFile " line="SSLCertificateFile /etc/pki/tls/certs/copr-fe.fedoraproject.org.crt"
-  notify:
-  - restart httpd
-
-- lineinfile: dest=/etc/httpd/conf.d/copr_ssl.conf regexp="SSLCertificateKeyFile " insertafter="^#SSLCertificateKeyFile " line="SSLCertificateKeyFile /etc/pki/tls/private/copr-fe.fedoraproject.org.key"
-  notify:
-  - restart httpd
-
-- lineinfile: dest=/etc/httpd/conf.d/copr_ssl.conf regexp="SSLCertificateChainFile " insertafter="SSLCertificateKeyFile " line="SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt"
-  notify:
-  - restart httpd
-