From: Andreas Gerstenberg <gerstenberg@pixelpark.com>
Date: Tue, 20 Feb 2018 10:47:20 +0000 (+0100)
Subject: spk-blog web-client tests
X-Git-Tag: v0.1.0~1597
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=9a1d5dbb094918f27f730f95cdb28dbc462720e4;p=pixelpark%2Fhiera.git

spk-blog web-client tests
---

diff --git a/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml b/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml
index 24a5497e..528c1fcf 100644
--- a/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml
+++ b/customer/spk-blog/insideforum-spk-de.pixelpark.net.yaml
@@ -60,8 +60,9 @@ infra::profile::apache::pp_vhosts:
     ssl_key: '/etc/pki/tls/private/sparkasseblog.de-key.pem'
     ssl_chain: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
     ssl_verify_client: optional
-    ssl_crl: '/etc/pki/tls/certs/d-trust_ca_2-1_2015.crl'
-    ssl_ca: '/etc/pki/tls/certs/d-trust_ca_2-1_2015.crt'
+    ssl_crl: '/etc/pki/tls/certs/spk-cacrl.pem'
+    ssl_ca: '/etc/pki/tls/certs/spk-root-ca.pem'
+    ssl_verify_depth: 2
     directories:
       - provider: location
         path: '/'
@@ -77,10 +78,31 @@ infra::profile::apache::pp_vhosts:
       - "HTTPS on HTTPS=on"
 
 infra::profile::cron::cronjobs:
-  fetchcrl:
+  fetch_d-trust_crl:
     ensure: 'present'
     user: root
-    command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust_ca_2-1_2015.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl && systemctl reload httpd'
+    command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
     minute: '0'
     hour: '5'
-    description: um 05:00 Uhr wird die Revocationlist geholt. somit muss der Webserver reloaded werden
+    description: Die Revocationlist von D-Trust runterladen
+  fetch_commodo_crl:
+    ensure: 'present'
+    user: root
+    command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
+    minute: '0'
+    hour: '5'
+    description: Die Revocationlist von Commodo runterladen
+  merge_crls:
+    ensure: 'present'
+    user: root
+    command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
+    minute: '3'
+    hour: '5'
+    description: Merge der Revocationlists
+  reload_webserver:
+    ensure: 'present'
+    user: root
+    command: 'systemctl reload httpd'
+    minute: '5'
+    hour: '5'
+    description: Merge der Revocationlists