From 695ee3f4dcdcf6c6c6d701f138981a6624e3d983 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Tue, 24 Apr 2012 11:02:23 -0700 Subject: [PATCH] Make jenkins vhost config more like gerrit. Take full filename parameters for SSL files, to better accomodate dev sites. Rename apache.conf.erb to jenkins.vhost.erb, because it's actually a vhost config, not the apache.conf (which is a different file). Change-Id: I0cf9857fd8860c199081f50ead7218b09955cfab --- manifests/site.pp | 10 ++++++++-- manifests/stackforge.pp | 5 ++++- modules/jenkins_master/manifests/init.pp | 8 ++++++-- .../templates/{apache.conf.erb => jenkins.vhost.erb} | 8 +++++--- 4 files changed, 23 insertions(+), 8 deletions(-) rename modules/jenkins_master/templates/{apache.conf.erb => jenkins.vhost.erb} (85%) diff --git a/manifests/site.pp b/manifests/site.pp index cfdc4b3037..d8f4054288 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -146,7 +146,10 @@ node "jenkins.openstack.org" { class { 'jenkins_master': site => 'jenkins.openstack.org', serveradmin => 'webmaster@openstack.org', - logo => 'openstack.png' + logo => 'openstack.png', + ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem', + ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key', + ssl_chain_file => '/etc/ssl/certs/intermediate.pem', } class { "jenkins_jobs": site => "openstack", @@ -161,7 +164,10 @@ node "jenkins-dev.openstack.org" { class { 'jenkins_master': site => 'openstack', serveradmin => 'webmaster@openstack.org', - logo => 'openstack.png' + logo => 'openstack.png', + ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', + ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', + ssl_chain_file => '', } } diff --git a/manifests/stackforge.pp b/manifests/stackforge.pp index cf38851bc7..de1cd6efa2 100644 --- a/manifests/stackforge.pp +++ b/manifests/stackforge.pp @@ -59,7 +59,10 @@ node "jenkins.stackforge.org" { class { 'jenkins_master': serveradmin => 'webmaster@stackforge.org', site => 'jenkins.stackforge.org', - logo => 'stackforge.png' + logo => 'stackforge.png', + ssl_cert_file => '/etc/ssl/certs/jenkins.stackforge.org.pem', + ssl_key_file => '/etc/ssl/private/jenkins.stackforge.org.key', + ssl_chain_file => '/etc/ssl/certs/intermediate.pem', } class { "jenkins_jobs": diff --git a/modules/jenkins_master/manifests/init.pp b/modules/jenkins_master/manifests/init.pp index e4b615693f..39cbc5dd69 100644 --- a/modules/jenkins_master/manifests/init.pp +++ b/modules/jenkins_master/manifests/init.pp @@ -1,4 +1,8 @@ -class jenkins_master($site, $serveradmin, $logo) { +class jenkins_master($site, $serveradmin, $logo, + $ssl_cert_file='', + $ssl_key_file='', + $ssl_chain_file='' + ) { #This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key apt::key { "D50582E6": @@ -21,7 +25,7 @@ class jenkins_master($site, $serveradmin, $logo) { group => 'root', mode => 444, ensure => 'present', - content => template("jenkins_master/apache.conf.erb"), + content => template("jenkins_master/jenkins.vhost.erb"), replace => 'true', require => Package['apache2'], } diff --git a/modules/jenkins_master/templates/apache.conf.erb b/modules/jenkins_master/templates/jenkins.vhost.erb similarity index 85% rename from modules/jenkins_master/templates/apache.conf.erb rename to modules/jenkins_master/templates/jenkins.vhost.erb index 1638942d68..9eaa1e3b1d 100644 --- a/modules/jenkins_master/templates/apache.conf.erb +++ b/modules/jenkins_master/templates/jenkins.vhost.erb @@ -28,9 +28,11 @@ # Enable/Disable SSL for this virtual host. SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= site %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= site %>.key - SSLCertificateChainFile /etc/ssl/certs/intermediate.pem + SSLCertificateFile <%= ssl_cert_file %> + SSLCertificateKeyFile <%= ssl_key_file %> + <% if ssl_chain_file != "" %> + SSLCertificateChainFile <%= ssl_chain_file %> + <% end %> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \