subject:"\[MediaWiki\-commits\] \[Gerrit\] ishmael.wikimedia.org to use its own cert, not wildcard \- change \(operations\/puppet\)"

[MediaWiki-commits] [Gerrit] ishmael.wikimedia.org to use its own cert, not wildcard - change (operations/puppet)

2014-02-24 Thread RobH (Code Review)

RobH has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/115318

Change subject: ishmael.wikimedia.org to use its own cert, not wildcard
..

ishmael.wikimedia.org to use its own cert, not wildcard

Setting ishmael.wikimedia.org to install and use its own cert, rather
than the wildcard

Change-Id: Id5f19522f1927a28e5099579d3494fa67c5fb02f
RT: 6732
---
A files/ssl/ishmael.wikimedia.org.pem
M manifests/role/ishmael.pp
M modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
3 files changed, 34 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/18/115318/1

diff --git a/files/ssl/ishmael.wikimedia.org.pem 
b/files/ssl/ishmael.wikimedia.org.pem
new file mode 100644
index 000..5ee85c6
--- /dev/null
+++ b/files/ssl/ishmael.wikimedia.org.pem
@@ -0,0 +1,30 @@
+-BEGIN CERTIFICATE-
+MIIFMDCCBBigAwIBAgIDEOLnMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
+HhcNMTQwMjIyMjMxNTAzWhcNMTUwMjI2MTkyMzQ2WjCBxDEpMCcGA1UEBRMgMEhj
+U0RDZlBaMFRuZTl4TEN4VDZ2RzhjR2M2VUxvb2kxEzARBgNVBAsTCkdUMTgyODQz
+MTUxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
+KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
+U1NMKFIpMR4wHAYDVQQDExVpc2htYWVsLndpa2ltZWRpYS5vcmcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC144qrhl0YcppwjdiZw4jkmqoA0TSx4eh/
+lxM4tCGmlkamk97EpoerziwpRR3k+QnltCIfvKNdX/uwR4PvmVXnpe0o6zmTAuhe
+48d/l82xQc1/aHePKtWJdBpwPH8an32toUO6f8JJS1B7Ell3FJ3tEmHW834Z68w5
+b0bUZShMSds40yvHahGgMkgD69dHAJ9c1TP3m2Y6u4358iaV6ihpIc/KeqM/ACOK
+p/aLzePGEZdDshsNPHUai6V5DASNWqBjcJqUSVv5xruCJomhqDyTxKUkYzr+E72D
+Jtu8se8u22yQl7uRDw/7Df1siMtN89KFT73UPyZ7vLV/7NTmHw2PAgMBAAGjggGw
+MIIBrDAfBgNVHSMEGDAWgBRraT1qGEJK3Y8CZTn9NSSGeJEWMDAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCAGA1UdEQQZMBeC
+FWlzaG1hZWwud2lraW1lZGlhLm9yZzBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8v
+cmFwaWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNybDAdBgNV
+HQ4EFgQU4sKeuAKRUzv1KuM5zLwEoEUaE6UwDAYDVR0TAQH/BAIwADB4BggrBgEF
+BQcBAQRsMGowLQYIKwYBBQUHMAGGIWh0dHA6Ly9yYXBpZHNzbC1vY3NwLmdlb3Ry
+dXN0LmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL3JhcGlkc3NsLWFpYS5nZW90cnVz
+dC5jb20vcmFwaWRzc2wuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEG
+CCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3Bz
+MA0GCSqGSIb3DQEBBQUAA4IBAQA2AKUcWFC3YlcjD1/Es7YgPwgbZrQ345MAuI3k
+wS+uNCGP64FZZsIwYKl48iuhc9J199ZLmiAOqZ+qX9C3JpPko34Hlhh+E9+ER81a
+K9IFXCKLwAUlJjRmxwG7bbKauhNtogmgN7Vf6UQVsX0J2462VOvh78aqvmcFl1uE
++VX5vlQfuh2ojN69Qxb9CN5YIF8l5ZQyNpwvwUQkwHrzzeBpzinHiUEYVD8qNjdY
+KL9A/AzEdQFzov6VHd7ikO28X1zqspIUsBQ5+222Ep1ws8bapQUUwLQT0dW/shGn
+61LLOtu56IfaC7ekNDrn7HU1vM4trV+MJp6UhQj9vKM87HpS
+-END CERTIFICATE-
diff --git a/manifests/role/ishmael.pp b/manifests/role/ishmael.pp
index 8a5a4cd..ba5f09e 100644
--- a/manifests/role/ishmael.pp
+++ b/manifests/role/ishmael.pp
@@ -4,6 +4,8 @@
 
 system::role { 'role::ishmael': description = 'ishmael server' }
 
+install_certificate{ 'ishmael.wikimedia.org': ca = 'RapidSSL_CA.pem' }
+
 class { '::ishmael':
 site_name = 'ishmael.wikimedia.org',
 config_main   = '/srv/ishmael/conf.php',
diff --git a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb 
b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
index 795736a..3bf43ef 100644
--- a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
+++ b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
@@ -10,8 +10,8 @@
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
SSLHonorCipherOrder on
-   SSLCertificateFile /etc/ssl/private/star.wikimedia.org.pem
-   SSLCertificateKeyFile /etc/ssl/private/star.wikimedia.org.key
+   SSLCertificateFile /etc/ssl/private/ishmael.wikimedia.org.pem
+   SSLCertificateKeyFile /etc/ssl/private/ishmael.wikimedia.org.key
SSLCACertificateFile /etc/ssl/certs/RapidSSL_CA.pem
DocumentRoot %= @docroot %
 

-- 
To view, visit https://gerrit.wikimedia.org/r/115318
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id5f19522f1927a28e5099579d3494fa67c5fb02f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: RobH r...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ishmael.wikimedia.org to use its own cert, not wildcard - change (operations/puppet)

2014-02-24 Thread RobH (Code Review)

RobH has submitted this change and it was merged.

Change subject: ishmael.wikimedia.org to use its own cert, not wildcard
..


ishmael.wikimedia.org to use its own cert, not wildcard

Setting ishmael.wikimedia.org to install and use its own cert, rather
than the wildcard

Change-Id: Id5f19522f1927a28e5099579d3494fa67c5fb02f
RT: 6732
---
A files/ssl/ishmael.wikimedia.org.pem
M manifests/role/ishmael.pp
M modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
3 files changed, 34 insertions(+), 2 deletions(-)

Approvals:
  RobH: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/files/ssl/ishmael.wikimedia.org.pem 
b/files/ssl/ishmael.wikimedia.org.pem
new file mode 100644
index 000..5ee85c6
--- /dev/null
+++ b/files/ssl/ishmael.wikimedia.org.pem
@@ -0,0 +1,30 @@
+-BEGIN CERTIFICATE-
+MIIFMDCCBBigAwIBAgIDEOLnMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
+HhcNMTQwMjIyMjMxNTAzWhcNMTUwMjI2MTkyMzQ2WjCBxDEpMCcGA1UEBRMgMEhj
+U0RDZlBaMFRuZTl4TEN4VDZ2RzhjR2M2VUxvb2kxEzARBgNVBAsTCkdUMTgyODQz
+MTUxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
+KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
+U1NMKFIpMR4wHAYDVQQDExVpc2htYWVsLndpa2ltZWRpYS5vcmcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC144qrhl0YcppwjdiZw4jkmqoA0TSx4eh/
+lxM4tCGmlkamk97EpoerziwpRR3k+QnltCIfvKNdX/uwR4PvmVXnpe0o6zmTAuhe
+48d/l82xQc1/aHePKtWJdBpwPH8an32toUO6f8JJS1B7Ell3FJ3tEmHW834Z68w5
+b0bUZShMSds40yvHahGgMkgD69dHAJ9c1TP3m2Y6u4358iaV6ihpIc/KeqM/ACOK
+p/aLzePGEZdDshsNPHUai6V5DASNWqBjcJqUSVv5xruCJomhqDyTxKUkYzr+E72D
+Jtu8se8u22yQl7uRDw/7Df1siMtN89KFT73UPyZ7vLV/7NTmHw2PAgMBAAGjggGw
+MIIBrDAfBgNVHSMEGDAWgBRraT1qGEJK3Y8CZTn9NSSGeJEWMDAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCAGA1UdEQQZMBeC
+FWlzaG1hZWwud2lraW1lZGlhLm9yZzBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8v
+cmFwaWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNybDAdBgNV
+HQ4EFgQU4sKeuAKRUzv1KuM5zLwEoEUaE6UwDAYDVR0TAQH/BAIwADB4BggrBgEF
+BQcBAQRsMGowLQYIKwYBBQUHMAGGIWh0dHA6Ly9yYXBpZHNzbC1vY3NwLmdlb3Ry
+dXN0LmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL3JhcGlkc3NsLWFpYS5nZW90cnVz
+dC5jb20vcmFwaWRzc2wuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEG
+CCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3Bz
+MA0GCSqGSIb3DQEBBQUAA4IBAQA2AKUcWFC3YlcjD1/Es7YgPwgbZrQ345MAuI3k
+wS+uNCGP64FZZsIwYKl48iuhc9J199ZLmiAOqZ+qX9C3JpPko34Hlhh+E9+ER81a
+K9IFXCKLwAUlJjRmxwG7bbKauhNtogmgN7Vf6UQVsX0J2462VOvh78aqvmcFl1uE
++VX5vlQfuh2ojN69Qxb9CN5YIF8l5ZQyNpwvwUQkwHrzzeBpzinHiUEYVD8qNjdY
+KL9A/AzEdQFzov6VHd7ikO28X1zqspIUsBQ5+222Ep1ws8bapQUUwLQT0dW/shGn
+61LLOtu56IfaC7ekNDrn7HU1vM4trV+MJp6UhQj9vKM87HpS
+-END CERTIFICATE-
diff --git a/manifests/role/ishmael.pp b/manifests/role/ishmael.pp
index 8a5a4cd..ba5f09e 100644
--- a/manifests/role/ishmael.pp
+++ b/manifests/role/ishmael.pp
@@ -4,6 +4,8 @@
 
 system::role { 'role::ishmael': description = 'ishmael server' }
 
+install_certificate{ 'ishmael.wikimedia.org': ca = 'RapidSSL_CA.pem' }
+
 class { '::ishmael':
 site_name = 'ishmael.wikimedia.org',
 config_main   = '/srv/ishmael/conf.php',
diff --git a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb 
b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
index 795736a..3bf43ef 100644
--- a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
+++ b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
@@ -10,8 +10,8 @@
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
SSLHonorCipherOrder on
-   SSLCertificateFile /etc/ssl/private/star.wikimedia.org.pem
-   SSLCertificateKeyFile /etc/ssl/private/star.wikimedia.org.key
+   SSLCertificateFile /etc/ssl/private/ishmael.wikimedia.org.pem
+   SSLCertificateKeyFile /etc/ssl/private/ishmael.wikimedia.org.key
SSLCACertificateFile /etc/ssl/certs/RapidSSL_CA.pem
DocumentRoot %= @docroot %
 

-- 
To view, visit https://gerrit.wikimedia.org/r/115318
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id5f19522f1927a28e5099579d3494fa67c5fb02f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: RobH r...@wikimedia.org
Gerrit-Reviewer: RobH r...@wikimedia.org
Gerrit-Reviewer: jenkins-bot 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ishmael.wikimedia.org to use its own cert, not wildcard - change (operations/puppet)

[MediaWiki-commits] [Gerrit] ishmael.wikimedia.org to use its own cert, not wildcard - change (operations/puppet)

2 matches

Site Navigation

Mail list logo

Footer information