Add param to specify app protocol

Templates/manifests for https hosting already exist, but we currently force http hosting. This patch adds a 'protocol' param to allow the capability to host with https. This patch also changes the hostname to default to the fully qualified domain name and changes certs/keys to snakeoil. Change-Id: Ic3cd47f4166c5219030254e8ae557b654f0756eb
2015-09-01 14:10:20 -07:00 · 2015-09-01 14:10:20 -07:00 · 579d39bbda
commit 579d39bbda
parent e1482bf068
4 changed files with 29 additions and 6 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -21,7 +21,15 @@ class refstack (
  $mysql_database      = 'refstack',
  $mysql_user          = 'refstack',
  $mysql_user_password,
-  $hostname            = $::ipaddress,
+  $hostname            = $::fqdn,
+  $protocol            = 'http',
+
+  $ssl_cert_content = undef,
+  $ssl_cert         = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+  $ssl_key_content  = undef,
+  $ssl_key          = '/etc/ssl/private/ssl-cert-snakeoil.key',
+  $ssl_ca_content   = undef,
+  $ssl_ca           = undef, # '/etc/ssl/certs/ca.pem'
 ) {

  # Configure the entire refstack instance. This does not install anything,
@ -30,11 +38,23 @@ class refstack (
    mysql_database      => $mysql_database,
    mysql_user          => $mysql_user,
    mysql_user_password => $mysql_user_password,
-    hostname            => $hostname
+    hostname            => $hostname,
+    protocol            => $protocol,
+    ssl_cert_content    => $ssl_cert_content,
+    ssl_cert            => $ssl_cert,
+    ssl_key_content     => $ssl_key_content,
+    ssl_key             => $ssl_key,
+    ssl_ca_content      => $ssl_ca_content,
+    ssl_ca              => $ssl_ca
  }

  include ::refstack::mysql
  include ::refstack::app
  include ::refstack::api
-  include ::refstack::apache::http
+
+  if $protocol == 'https' {
+    include ::refstack::apache::https
+  } else {
+    include ::refstack::apache::http
+  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -27,7 +27,8 @@ class refstack::params (
  $user                   = 'refstack',
  $group                  = 'refstack',
  $server_admin           = undef,
-  $hostname               = $::ipaddress,
+  $hostname               = $::fqdn,
+  $protocol               = 'http',

  # [database] refstack.conf
  $mysql_user             = 'refstack',
@ -38,9 +39,9 @@ class refstack::params (

  # Apache2 ssl configuration
  $ssl_cert_content = undef,
-  $ssl_cert         = '/etc/ssl/certs/refstack.pem',
+  $ssl_cert         = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
  $ssl_key_content  = undef,
-  $ssl_key          = '/etc/ssl/private/refstack.key',
+  $ssl_key          = '/etc/ssl/private/ssl-cert-snakeoil.key',
  $ssl_ca_content   = undef,
  $ssl_ca           = undef, # '/etc/ssl/certs/ca.pem'
 ) {
--- a/templates/refstack_https.vhost.erb
+++ b/templates/refstack_https.vhost.erb
@ -25,6 +25,7 @@
    CustomLog ${APACHE_LOG_DIR}/refstack-ssl-access.log combined

    SSLEngine on
+    SSLProtocol All -SSLv2 -SSLv3

    SSLCertificateFile      <%= @ssl_cert %>
    SSLCertificateKeyFile   <%= @ssl_key %>
--- a/vagrant.pp
+++ b/vagrant.pp
@ -1,6 +1,7 @@
 node default {
  class { '::refstack':
    hostname            => '192.168.99.88',
+    protocol            => 'http',
    mysql_user_password => 'refstack',
  }
 }