[MediaWiki-commits] [Gerrit] icinga-admin to use own cert, not wildcard - change (operations/puppet)

Mon, 24 Feb 2014 14:45:12 -0800 

RobH has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/115315

Change subject: icinga-admin to use own cert, not wildcard
......................................................................

icinga-admin to use own cert, not wildcard

adding in the install of the icinga-admin.w.o certificate along with the
apache vhost template change to support it

Change-Id: I48c8ff1708e00ee447d5248371867705cbb1e17b
RT: 6705
---
A files/ssl/icinga-admin.wikimedia.org.pem
M manifests/misc/icinga.pp
M templates/apache/sites/icinga.wikimedia.org.erb
3 files changed, 33 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/15/115315/1

diff --git a/files/ssl/icinga-admin.wikimedia.org.pem 
b/files/ssl/icinga-admin.wikimedia.org.pem
new file mode 100644
index 0000000..08d7774
--- /dev/null
+++ b/files/ssl/icinga-admin.wikimedia.org.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFOjCCBCKgAwIBAgIDEOLPMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
+HhcNMTQwMjIzMTUzOTEwWhcNMTUwMjI2MTg0MzQ1WjCByTEpMCcGA1UEBRMgN1k4
+ZVEzZHBOMW9FejBZMVljemhzNXRCd21yYk9mT0sxEzARBgNVBAsTCkdUMzU5NzQw
+NDAxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
+KGMpMTQxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
+U1NMKFIpMSMwIQYDVQQDExppY2luZ2EtYWRtaW4ud2lraW1lZGlhLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/Qk0cPyjKf4ssCK4fJOgMVSuET
++9Ukt//GKeWf/ulGFpRtwodsGFhV0/ktV3C1kUxQvu7dTCStPXovPjZH/09S6E0w
+0BvbGfOYggAsBwDBPADKLK5owPYb23Y52dkeeghV/xoAHhdJrR1XhUGIYLe+j3Vk
+nrnuqEohhsE/E994jQS9vllnGYPTkTxh9TrASuxhlkFjUIMJJ0YzkKnHR1kEP2h5
+vIYOfa+PlrWSrZwbLa1WgOl4szL9Px+tsKhNqYhqsWEfZEGDjtUiEQcjahWMVI6F
+eG61edNexs0u/+2XJ0a3jMLUm+jsI+q3EhYviLgfXubxUdj4eC3I0aZxC/UCAwEA
+AaOCAbUwggGxMB8GA1UdIwQYMBaAFGtpPWoYQkrdjwJlOf01JIZ4kRYwMA4GA1Ud
+DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwJQYDVR0R
+BB4wHIIaaWNpbmdhLWFkbWluLndpa2ltZWRpYS5vcmcwQwYDVR0fBDwwOjA4oDag
+NIYyaHR0cDovL3JhcGlkc3NsLWNybC5nZW90cnVzdC5jb20vY3Jscy9yYXBpZHNz
+bC5jcmwwHQYDVR0OBBYEFDk1IHhKbnFgAApMABBdcsVCRb3DMAwGA1UdEwEB/wQC
+MAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFodHRwOi8vcmFwaWRzc2wt
+b2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0dHA6Ly9yYXBpZHNzbC1h
+aWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNVHSAERTBDMEEGCmCGSAGG
++EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVz
+b3VyY2VzL2NwczANBgkqhkiG9w0BAQUFAAOCAQEAvj31+cWh6wO6zv79B/mcZZB3
+XdisFVgFyBWLMJKBC1lxFUy2aj+fXnvO/KcknzHISBFNT6gKb8YIn9B0xtw25oi5
+yG1vgKnOh5gmmKSDzHiUsn2ueiz4msNtrDzDwRFdjqrwj8H6PZee9YH14MmMqv13
+qhYzgXLqz9FqL+YjiAjZ1sz3kqVFwB4046Uv9zas3bpc9jAIr0PcvhB0cC07Hkgi
+Rxrl831Y2yHDvFCa60FN9npqH1UQv8mxrA+pI/1HZlaW874o1qcFHSIoj1mI5Ia9
+z1nP22Sz9JIQe/0SaxI8AsHew3Fz4i7gWPV+7H1w1Zd5L/FGjLUVdVhalfBTgg==
+-----END CERTIFICATE-----
diff --git a/manifests/misc/icinga.pp b/manifests/misc/icinga.pp
index e73b81b..87e55fa 100644
--- a/manifests/misc/icinga.pp
+++ b/manifests/misc/icinga.pp
@@ -118,6 +118,7 @@
 
   apache_site { 'icinga': name => 'icinga.wikimedia.org' }
   install_certificate{ 'icinga.wikimedia.org': }
+  install_certificate{ 'icinga-admin.wikimedia.org': }
 
 }
 
diff --git a/templates/apache/sites/icinga.wikimedia.org.erb 
b/templates/apache/sites/icinga.wikimedia.org.erb
index 7dcfd53..a410d65 100644
--- a/templates/apache/sites/icinga.wikimedia.org.erb
+++ b/templates/apache/sites/icinga.wikimedia.org.erb
@@ -73,8 +73,8 @@
        SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
        SSLHonorCipherOrder on
-       SSLCertificateFile /etc/ssl/private/star.wikimedia.org.pem
-       SSLCertificateKeyFile /etc/ssl/private/star.wikimedia.org.key
+       SSLCertificateFile /etc/ssl/private/icinga-admin.wikimedia.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/icinga-admin.wikimedia.org.key
        SSLCACertificateFile /etc/ssl/certs/RapidSSL_CA.pem
        DocumentRoot /usr/share/icinga/htdocs
 

-- 
To view, visit https://gerrit.wikimedia.org/r/115315
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I48c8ff1708e00ee447d5248371867705cbb1e17b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: RobH <r...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to