diff --git a/manifests/site.pp b/manifests/site.pp index 249e58d153..c418351a71 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -163,8 +163,11 @@ node 'etherpad-dev.openstack.org' { node 'wiki.openstack.org' { class { 'openstack_project::wiki': - mysql_root_password => hiera('wiki_db_password'), - sysadmins => hiera('sysadmins'), + mysql_root_password => hiera('wiki_db_password'), + sysadmins => hiera('sysadmins'), + ssl_cert_file_contents => hiera('wiki_ssl_cert_file_contents'), + ssl_key_file_contents => hiera('wiki_ssl_key_file_contents'), + ssl_chain_file_contents => hiera('wiki_ssl_chain_file_contents'), } } diff --git a/modules/mediawiki/manifests/init.pp b/modules/mediawiki/manifests/init.pp index 3eea26466c..3e80b33736 100644 --- a/modules/mediawiki/manifests/init.pp +++ b/modules/mediawiki/manifests/init.pp @@ -3,7 +3,13 @@ class mediawiki( $role = '', $site_hostname = '', - $mediawiki_location = '' + $mediawiki_location = '', + $ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem", + $ssl_key_file = "/etc/ssl/private/${::fqdn}.key", + $ssl_chain_file = '', + $ssl_cert_file_contents = '', # If left empty puppet will not create file. + $ssl_key_file_contents = '', # If left empty puppet will not create file. + $ssl_chain_file_contents = '', # If left empty puppet will not create file. ) { if ($role == 'app' or $role == 'all') { @@ -16,6 +22,36 @@ class mediawiki( ensure => present, } + if $ssl_cert_file_contents != '' { + file { $ssl_cert_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_cert_file_contents, + before => Apache::Vhost[$site_hostname], + } + } + + if $ssl_key_file_contents != '' { + file { $ssl_key_file: + owner => 'root', + group => 'ssl-cert', + mode => '0640', + content => $ssl_key_file_contents, + before => Apache::Vhost[$site_hostname], + } + } + + if $ssl_chain_file_contents != '' { + file { $ssl_chain_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_chain_file_contents, + before => Apache::Vhost[$site_hostname], + } + } + apache::vhost { $site_hostname: port => 443, docroot => 'MEANINGLESS ARGUMENT', diff --git a/modules/mediawiki/templates/apache/mediawiki.erb b/modules/mediawiki/templates/apache/mediawiki.erb index 3a2f9fa20c..3d2aaab94e 100644 --- a/modules/mediawiki/templates/apache/mediawiki.erb +++ b/modules/mediawiki/templates/apache/mediawiki.erb @@ -39,8 +39,11 @@ ServerName <%= scope.lookupvar("mediawiki::site_hostname") %> SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= fqdn %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= fqdn %>.key + SSLCertificateFile <%= scope.lookupvar("mediawiki::ssl_cert_file") %> + SSLCertificateKeyFile <%= scope.lookupvar("mediawiki::ssl_key_file") %> + <% if scope.lookupvar("mediawiki::ssl_chain_file") != "" %> + SSLCertificateChainFile <%= scope.lookupvar("mediawiki::ssl_chain_file") %> + <% end %> RedirectMatch ^/$ http://<%= scope.lookupvar("mediawiki::site_hostname") %>/wiki/ diff --git a/modules/openstack_project/manifests/wiki.pp b/modules/openstack_project/manifests/wiki.pp index de67daba48..3ae9eca490 100644 --- a/modules/openstack_project/manifests/wiki.pp +++ b/modules/openstack_project/manifests/wiki.pp @@ -2,7 +2,10 @@ # class openstack_project::wiki ( $mysql_root_password = '', - $sysadmins = [] + $sysadmins = [], + $ssl_cert_file_contents = '', + $ssl_key_file_contents = '', + $ssl_chain_file_contents = '', ) { include openssl @@ -18,9 +21,15 @@ class openstack_project::wiki ( ) class { 'mediawiki': - role => 'all', - mediawiki_location => '/srv/mediawiki/w', - site_hostname => $::fqdn, + role => 'all', + mediawiki_location => '/srv/mediawiki/w', + site_hostname => $::fqdn, + ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem", + ssl_key_file => "/etc/ssl/private/${::fqdn}.key", + ssl_chain_file => '/etc/ssl/certs/intermediate.pem', + ssl_cert_file_contents => $ssl_cert_file_contents, + ssl_key_file_contents => $ssl_key_file_contents, + ssl_chain_file_contents => $ssl_chain_file_contents, } class { 'memcached': max_memory => 2048,