From: Martin Zobel-Helas <zobel@debian.org>
Date: Fri, 27 Jun 2014 20:33:48 +0000 (+0200)
Subject: add ssl cert for tracker.debian.org
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=82b9d41d7bb568559cbe51e64aec0f32cb7cf3fa;p=mirror%2Fdsa-puppet.git

add ssl cert for tracker.debian.org

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 4e878b981..6c794b683 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -154,6 +154,10 @@ class roles {
 		include roles::sso
 	}
 
+	if has_role('tracker') {
+		include roles::tracker
+	}
+
 	if has_role('buildd_master') {
 		include roles::buildd_master
 	}
diff --git a/modules/roles/manifests/tracker.pp b/modules/roles/manifests/tracker.pp
new file mode 100644
index 000000000..ed1eb709c
--- /dev/null
+++ b/modules/roles/manifests/tracker.pp
@@ -0,0 +1,5 @@
+class roles::tracker {
+	ssl::service { 'tracker.debian.org':
+		notify => Service['apache2'],
+	}
+}
diff --git a/modules/ssl/files/chains/tracker.debian.org b/modules/ssl/files/chains/tracker.debian.org
new file mode 120000
index 000000000..6aaa9147c
--- /dev/null
+++ b/modules/ssl/files/chains/tracker.debian.org
@@ -0,0 +1 @@
+GANDI-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/tracker.debian.org.crt b/modules/ssl/files/servicecerts/tracker.debian.org.crt
new file mode 100644
index 000000000..b86047a27
--- /dev/null
+++ b/modules/ssl/files/servicecerts/tracker.debian.org.crt
@@ -0,0 +1,107 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d1:df:a0:62:f1:d4:59:fe:78:05:eb:d9:69:ff:75:2d
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA
+        Validity
+            Not Before: Jun 27 00:00:00 2014 GMT
+            Not After : Jun 27 23:59:59 2015 GMT
+        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=tracker.debian.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c8:7a:d0:ed:05:94:a7:d3:24:c4:71:76:f9:c4:
+                    e6:32:11:33:0e:2a:85:24:62:21:c0:ef:1f:91:27:
+                    81:ba:96:9a:ff:52:76:df:45:4e:f9:75:b1:3a:36:
+                    6f:bf:2f:be:aa:da:93:4c:70:56:a1:65:2b:61:21:
+                    7d:6c:f3:b3:78:80:c7:b9:76:fb:c2:cc:eb:e3:3f:
+                    90:3b:8d:d2:a6:7e:ca:f0:ef:c9:f2:8a:55:b2:05:
+                    a3:e7:77:8a:5b:03:ee:e3:92:f2:7b:8e:35:d9:66:
+                    08:18:a8:b4:ee:c6:6e:ca:dc:4a:9d:d2:d9:a6:d7:
+                    4e:51:09:be:6a:11:21:89:64:23:56:3e:73:22:80:
+                    00:5d:9c:8b:4e:d3:e6:fc:9e:ae:11:3c:b5:8c:a0:
+                    54:1d:70:2a:b9:03:b8:7e:04:06:da:10:91:1e:17:
+                    3a:ed:b4:d8:66:42:fe:b5:d7:fc:68:71:6f:dc:e8:
+                    71:07:d4:78:cc:53:56:c5:d5:b8:88:a1:eb:1a:9a:
+                    20:ff:43:f6:d4:54:7e:b2:0c:91:e4:e7:06:01:ae:
+                    e7:b1:05:6f:e6:04:b8:d4:1f:3d:69:a3:d2:03:36:
+                    c0:94:a1:6c:8c:39:66:39:51:18:b0:48:c7:a1:3e:
+                    21:fe:8a:60:b1:35:36:80:06:ea:a6:3f:b8:ac:f0:
+                    3a:17
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21
+
+            X509v3 Subject Key Identifier: 
+                FF:B9:2F:8F:30:CA:EC:50:0D:22:35:BD:50:46:02:68:55:79:61:3E
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6449.1.2.2.26
+                  CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/
+                Policy: 2.23.140.1.2.1
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.gandi.net/GandiStandardSSLCA.crl
+
+            Authority Information Access: 
+                CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt
+                OCSP - URI:http://ocsp.gandi.net
+
+            X509v3 Subject Alternative Name: 
+                DNS:tracker.debian.org, DNS:www.tracker.debian.org
+    Signature Algorithm: sha1WithRSAEncryption
+         55:c9:ac:88:28:25:a0:0a:df:fc:e8:99:4e:63:5b:bb:1c:8a:
+         83:ad:fa:4d:f5:f3:1b:0b:a0:f3:6c:7c:27:07:5e:52:92:f9:
+         a6:3c:49:fe:fc:5a:f4:b9:b2:fb:c5:54:58:05:90:fc:6c:ce:
+         5b:b6:17:d7:ab:88:d0:25:8a:2e:c7:6e:e1:43:b9:fa:85:57:
+         f5:77:0e:ec:c9:6e:7c:8e:db:d0:00:85:0e:fc:55:f7:47:41:
+         9e:e0:5c:4d:21:e6:ed:3c:fd:ea:f5:e7:9e:90:2e:66:68:2c:
+         6c:e9:45:ba:62:5f:d8:a6:d5:bf:9e:46:27:bd:82:d6:1a:a7:
+         e0:28:62:35:78:45:b4:90:e8:7d:15:94:43:e7:4e:ed:c7:53:
+         eb:b2:4e:d1:12:e3:89:1f:7c:c5:43:71:6f:7c:1f:a6:d2:7e:
+         c3:02:c2:b7:a8:0c:32:dd:57:74:32:e7:66:aa:f8:f8:b5:7e:
+         80:e3:42:2c:12:d2:6e:25:04:35:6b:31:38:c9:6b:c6:c8:92:
+         55:f9:d1:5b:e6:03:31:49:0a:21:51:a3:95:d1:00:72:bd:58:
+         a3:10:72:4a:ff:f8:1d:9e:b9:4f:ad:f3:84:d6:ed:51:be:94:
+         a6:54:77:e4:f9:f8:ef:bc:f4:9f:71:b7:69:d2:38:d9:0b:db:
+         bb:db:b3:70
+-----BEGIN CERTIFICATE-----
+MIIE7zCCA9egAwIBAgIRANHfoGLx1Fn+eAXr2Wn/dS0wDQYJKoZIhvcNAQEFBQAw
+QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu
+ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDYyNzAwMDAwMFoXDTE1MDYyNzIzNTk1
+OVowXTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL
+ExJHYW5kaSBTdGFuZGFyZCBTU0wxGzAZBgNVBAMTEnRyYWNrZXIuZGViaWFuLm9y
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMh60O0FlKfTJMRxdvnE
+5jIRMw4qhSRiIcDvH5EngbqWmv9Sdt9FTvl1sTo2b78vvqrak0xwVqFlK2EhfWzz
+s3iAx7l2+8LM6+M/kDuN0qZ+yvDvyfKKVbIFo+d3ilsD7uOS8nuONdlmCBiotO7G
+bsrcSp3S2abXTlEJvmoRIYlkI1Y+cyKAAF2ci07T5vyerhE8tYygVB1wKrkDuH4E
+BtoQkR4XOu202GZC/rXX/Ghxb9zocQfUeMxTVsXVuIih6xqaIP9D9tRUfrIMkeTn
+BgGu57EFb+YEuNQfPWmj0gM2wJShbIw5ZjlRGLBIx6E+If6KYLE1NoAG6qY/uKzw
+OhcCAwEAAaOCAcQwggHAMB8GA1UdIwQYMBaAFLao/6KoL9CmzUuxaPPnUBAxp3kh
+MB0GA1UdDgQWBBT/uS+PMMrsUA0iNb1QRgJoVXlhPjAOBgNVHQ8BAf8EBAMCBaAw
+DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYAYD
+VR0gBFkwVzBLBgsrBgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3
+LmdhbmRpLm5ldC9jb250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgGBmeBDAECATA8
+BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9HYW5kaVN0YW5k
+YXJkU1NMQ0EuY3JsMGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcwAoYraHR0cDov
+L2NydC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAhBggrBgEFBQcw
+AYYVaHR0cDovL29jc3AuZ2FuZGkubmV0MDUGA1UdEQQuMCyCEnRyYWNrZXIuZGVi
+aWFuLm9yZ4IWd3d3LnRyYWNrZXIuZGViaWFuLm9yZzANBgkqhkiG9w0BAQUFAAOC
+AQEAVcmsiCgloArf/OiZTmNbuxyKg636TfXzGwug82x8JwdeUpL5pjxJ/vxa9Lmy
++8VUWAWQ/GzOW7YX16uI0CWKLsdu4UO5+oVX9XcO7MlufI7b0ACFDvxV90dBnuBc
+TSHm7Tz96vXnnpAuZmgsbOlFumJf2KbVv55GJ72C1hqn4ChiNXhFtJDofRWUQ+dO
+7cdT67JO0RLjiR98xUNxb3wfptJ+wwLCt6gMMt1XdDLnZqr4+LV+gONCLBLSbiUE
+NWsxOMlrxsiSVfnRW+YDMUkKIVGjldEAcr1YoxBySv/4HZ65T63zhNbtUb6UplR3
+5Pn477z0n3G3adI42Qvbu9uzcA==
+-----END CERTIFICATE-----