From cddd9e626556ea5f9f1cd97c8cb888735dc00203 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Thu, 16 Jul 2015 19:54:21 +0000
Subject: [PATCH] Switch jenkins.openstack.org to a snakeoil cert

The SSL cert for jenkins.openstack.org was obtained in 2013 when
this interface was more heavily used by our developer community.
Since then we've rolled out 7 additional Jenkins masters and so this
is no longer a useful primary reference. The only real need for
authenticated connections to its WebUI at this point is systems
administrators performing maintenance and minimal local
configuration, for which ToFU of a self-signed cert is sufficient.

Change-Id: Ibf95983a2ac76c2e9e39bcfc99643e3cac401245
---
 manifests/site.pp                                         | 6 +++---
 modules/openstack_project/files/ssl_cert_check/ssldomains | 1 -
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 8bc825c203..a86bc8b83d 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -134,9 +134,9 @@ node 'jenkins.openstack.org' {
     project_config_repo     => 'https://git.openstack.org/openstack-infra/project-config',
     jenkins_jobs_password   => hiera('jenkins_jobs_password', 'XXX'),
     jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'),
-    ssl_cert_file_contents  => hiera('jenkins_ssl_cert_file_contents', 'XXX'),
-    ssl_key_file_contents   => hiera('jenkins_ssl_key_file_contents', 'XXX'),
-    ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents', 'XXX'),
+    ssl_cert_file           => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+    ssl_key_file            => '/etc/ssl/private/ssl-cert-snakeoil.key',
+    ssl_chain_file          => '',
   }
 }
 
diff --git a/modules/openstack_project/files/ssl_cert_check/ssldomains b/modules/openstack_project/files/ssl_cert_check/ssldomains
index 370d11d53c..1da1f73a89 100644
--- a/modules/openstack_project/files/ssl_cert_check/ssldomains
+++ b/modules/openstack_project/files/ssl_cert_check/ssldomains
@@ -3,7 +3,6 @@ etherpad.openstack.org 443
 git.openstack.org 443
 groups.openstack.org 443
 groups-dev.openstack.org 443
-jenkins.openstack.org 443
 openstackid.org 443
 openstackid-dev.openstack.org 443
 review.openstack.org 443