Commit 979ceab2 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

software/cloudooo: rempve ssl parameter that was never working.

parent 9fe1035e
Pipeline #9957 failed with stage
in 0 seconds
......@@ -18,4 +18,4 @@ md5sum = 6e4431cf4b0a0d034402604b1e2844c0
[template-cloudooo-instance]
filename = instance-cloudooo.cfg.in
md5sum = e01ee969a45d44d386653a9eb699cc59
md5sum = 689a7e4b6e33b9512481a5420e4aa37b
......@@ -18,27 +18,6 @@
"default": 1,
"type": "integer"
},
"ssl": {
"description": "Custom ssl certificate, key and optionaly client ca-cert and crl",
"properties": {
"cert": {
"description": "The content of the certificate file",
"type": "string"
},
"key": {
"description": "The content of the ssl key file",
"type": "string"
},
"ca-cert": {
"description": "The content of the ca-certificate file",
"type": "string"
},
"crl": {
"description": "The content of the revocation file",
"type": "string"
}
}
},
"timeout": {
"description": "Configure apache with this timeout",
"type": "integer"
......
......@@ -24,11 +24,6 @@
{% endif -%}
{% do assert(timeout > 0) -%}
{% set ssl_parameter_dict = instance_parameter_dict.get('ssl', {}) %}
{% if instance_parameter_dict.get('ssl-dict-parameter-name') -%}
{% set ssl_parameter_dict = slapparameter_dict.get(instance_parameter_dict['ssl-dict-parameter-name'], ssl_parameter_dict) -%}
{% endif -%}
{% set mimetype_entry_addition = instance_parameter_dict.get('mimetype-entry-addition', '') -%}
{% if instance_parameter_dict.get('mimetype-entry-addition-parameter-name') -%}
{% set mimetype_entry_addition = mimetype_entry_addition ~ "\n" ~ slapparameter_dict.get(instance_parameter_dict['mimetype-entry-addition-parameter-name'], '') -%}
......@@ -110,9 +105,6 @@ cert = ${apache-ssl:cert}
key = ${apache-ssl:key}
cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache
# Client x509 auth
ca-cert = ${apache-ssl-client:cert}
crl = ${apache-ssl-client:crl}
[apache-promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
......@@ -131,28 +123,10 @@ ca-cert = ${directory:apache-conf}/ca.crt
crl = ${directory:apache-conf}/crl.pem
[apache-ssl]
{% if ssl_parameter_dict.get('key') -%}
key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% else %}
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{%- endif %}
[apache-ssl-client]
{% if ssl_parameter_dict.get('ca-cert') -%}
cert = ${apache-ssl-ca:rendered}
crl = ${apache-ssl-crl:rendered}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{% else %}
cert =
crl =
{%- endif %}
[apache-logrotate]
< = logrotate-entry-base
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment