deploy real cers on copr-be

2014-01-22 15:44:29 +00:00 · 2014-01-22 15:44:29 +00:00 · ea1dc27076
commit ea1dc27076
parent 7c40bb7e8a
2 changed files with 19 additions and 2 deletions
--- a/files/copr/lighttpd/lighttpd.conf
+++ b/files/copr/lighttpd/lighttpd.conf
@ -448,8 +448,8 @@ server.upload-dirs = ( "/var/tmp" )

 $SERVER["socket"] == ":443" {
  ssl.engine = "enable"
-  ssl.pemfile = "/etc/lighttpd/copr-be.pem"
-  ssl.ca-file = "/etc/lighttpd/copr-be.crt"
+  ssl.pemfile = "/etc/lighttpd/coprs-be.fedoraproject.org.pem"
+  ssl.ca-file = "/etc/lighttpd/coprs-be.fedoraproject.org.crt"
  ssl.disable-client-renegotiation = "enable"
  ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 }
--- a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
@ -102,6 +102,16 @@
    notify: 
    - restart lighttpd

+  - name: copy httpd ssl certificates
+    action: copy src="{{ puppet_private }}/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600
+    with_items:
+    - coprs-be.fedoraproject.org.key
+    - coprs-be.fedoraproject.org.crt
+    notify:
+    - concate ssl certs
+    tags:
+    - config 
+
  # mime default to text/plain and enable dirlisting for indexes
  - name: update lighttpd configs
    action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
@ -191,3 +201,10 @@

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
+  - name: concate ssl certs
+    action: command cat /etc/lighttpd/coprs-be.fedoraproject.org.key /etc/lighttpd/coprs-be.fedoraproject.org.key > /etc/lighttpd/coprs-be.fedoraproject.org.pem
+    notify:
+    - chmod_key
+    - restart lighttpd
+  - name: chmod_key
+    action: file path=/etc/lighttpd/coprs-be.fedoraproject.org.pem owner=root group=root mode=0600