From 579d39bbda64fda705dec518b86787d18292bd0d Mon Sep 17 00:00:00 2001
From: Paul Van Eck <pvaneck@us.ibm.com>
Date: Tue, 1 Sep 2015 14:10:20 -0700
Subject: [PATCH] Add param to specify app protocol

Templates/manifests for https hosting already exist, but we currently force
http hosting. This patch adds a 'protocol' param to allow the capability
to host with https. This patch also changes the hostname to default to
the fully qualified domain name and changes certs/keys to snakeoil.

Change-Id: Ic3cd47f4166c5219030254e8ae557b654f0756eb
---
 manifests/init.pp                  | 26 +++++++++++++++++++++++---
 manifests/params.pp                |  7 ++++---
 templates/refstack_https.vhost.erb |  1 +
 vagrant.pp                         |  1 +
 4 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index fcdc931..06fa6c0 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -21,7 +21,15 @@ class refstack (
   $mysql_database      = 'refstack',
   $mysql_user          = 'refstack',
   $mysql_user_password,
-  $hostname            = $::ipaddress,
+  $hostname            = $::fqdn,
+  $protocol            = 'http',
+
+  $ssl_cert_content = undef,
+  $ssl_cert         = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+  $ssl_key_content  = undef,
+  $ssl_key          = '/etc/ssl/private/ssl-cert-snakeoil.key',
+  $ssl_ca_content   = undef,
+  $ssl_ca           = undef, # '/etc/ssl/certs/ca.pem'
 ) {
 
   # Configure the entire refstack instance. This does not install anything,
@@ -30,11 +38,23 @@ class refstack (
     mysql_database      => $mysql_database,
     mysql_user          => $mysql_user,
     mysql_user_password => $mysql_user_password,
-    hostname            => $hostname
+    hostname            => $hostname,
+    protocol            => $protocol,
+    ssl_cert_content    => $ssl_cert_content,
+    ssl_cert            => $ssl_cert,
+    ssl_key_content     => $ssl_key_content,
+    ssl_key             => $ssl_key,
+    ssl_ca_content      => $ssl_ca_content,
+    ssl_ca              => $ssl_ca
   }
 
   include ::refstack::mysql
   include ::refstack::app
   include ::refstack::api
-  include ::refstack::apache::http
+
+  if $protocol == 'https' {
+    include ::refstack::apache::https
+  } else {
+    include ::refstack::apache::http
+  }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 528d2b1..19fb73d 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -27,7 +27,8 @@ class refstack::params (
   $user                   = 'refstack',
   $group                  = 'refstack',
   $server_admin           = undef,
-  $hostname               = $::ipaddress,
+  $hostname               = $::fqdn,
+  $protocol               = 'http',
 
   # [database] refstack.conf
   $mysql_user             = 'refstack',
@@ -38,9 +39,9 @@ class refstack::params (
 
   # Apache2 ssl configuration
   $ssl_cert_content = undef,
-  $ssl_cert         = '/etc/ssl/certs/refstack.pem',
+  $ssl_cert         = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
   $ssl_key_content  = undef,
-  $ssl_key          = '/etc/ssl/private/refstack.key',
+  $ssl_key          = '/etc/ssl/private/ssl-cert-snakeoil.key',
   $ssl_ca_content   = undef,
   $ssl_ca           = undef, # '/etc/ssl/certs/ca.pem'
 ) {
diff --git a/templates/refstack_https.vhost.erb b/templates/refstack_https.vhost.erb
index 65444af..8bc2dec 100644
--- a/templates/refstack_https.vhost.erb
+++ b/templates/refstack_https.vhost.erb
@@ -25,6 +25,7 @@
     CustomLog ${APACHE_LOG_DIR}/refstack-ssl-access.log combined
 
     SSLEngine on
+    SSLProtocol All -SSLv2 -SSLv3
 
     SSLCertificateFile      <%= @ssl_cert %>
     SSLCertificateKeyFile   <%= @ssl_key %>
diff --git a/vagrant.pp b/vagrant.pp
index c057d64..10c8cdf 100644
--- a/vagrant.pp
+++ b/vagrant.pp
@@ -1,6 +1,7 @@
 node default {
   class { '::refstack':
     hostname            => '192.168.99.88',
+    protocol            => 'http',
     mysql_user_password => 'refstack',
   }
 }