opendev/system-config
Code Issues Proposed changes
f5b5ee9336
system-config/modules/openstack_project/manifests/static.pp

530 lines
15 KiB
ObjectPascal
Raw Normal View History

Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
# == Class: openstack_project::static
#
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class openstack_project::static (
Add in wsgi.conf for os-loganalyze Configure to use the read only swift creds that pair up with the read write creds used to push the files. Change-Id: I53252b3ed0d596b3fe36caef179f253bde1739cb
2014-07-03 13:56:16 +10:00
$swift_authurl = '',
$swift_user = '',
$swift_key = '',
$swift_tenant_name = '',
$swift_region_name = '',
$swift_default_container = '',
Switch specs to project-config Change-Id: If256bb1d00ca3ad37d323b9707d10bc2d9519a4f
2014-09-19 18:25:26 -07:00
$project_config_repo = '',
Use SNI/SAN on static.openstack.org A new cert bundle and key have been obtained for static.openstack.org with SubjectAltNames for most of its relevant vhosts. Switch it into place and generalize the current HTTPS configuration for security.openstack.org in preparation for adding HTTPS support to the remaining vhosts in subsequent commits. Also add sane snakeoil fallback behavior for undefined certificate/key files. Change-Id: I65b7dbc3b5ad8735c158a1ac0b41b848ad5d2077
2015-10-08 20:42:07 +00:00
$ssl_cert_file = '',
$ssl_cert_file_contents = '',
$ssl_key_file = '',
$ssl_key_file_contents = '',
$ssl_chain_file = '',
$ssl_chain_file_contents = '',
Expose jenkins_gitfullname and jenkins_gitemail Jenkins is consuming git user and email from jenkinsuser parameters. But these parameters are not exposed on OpenStack manifests. Update all the manifests where it's relevant to send that git username and email, either to jenkins slaves or to static servers where jenkinsuser is needed. Change-Id: I4e2b94b1220f88288401f9106721bc4df7fe9125
2015-03-05 13:28:05 +01:00
$jenkins_gitfullname = 'OpenStack Jenkins',
$jenkins_gitemail = 'jenkins@openstack.org',
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
) {
Switch specs to project-config Change-Id: If256bb1d00ca3ad37d323b9707d10bc2d9519a4f
2014-09-19 18:25:26 -07:00
class { 'project_config':
url => $project_config_repo,
}
Make jenkins_ssh_key visible to static.pp. openstack_project/static.pp needs to include openstack_project in order to use openstack_project::jenkins_ssh_key. Make it so. Change-Id: I4abe98492e32307aa1ba18c1efa485e8b5181b2e Reviewed-on: https://review.openstack.org/12722 Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2012-09-10 10:08:23 -07:00
include openstack_project
Add jenkins user to static.o.o. Change-Id: I41116f1732754772ef4968d8c020073e21f6cb7c Reviewed-on: https://review.openstack.org/11413 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-08-15 09:30:14 -07:00
class { 'jenkins::jenkinsuser':
Expose jenkins_gitfullname and jenkins_gitemail Jenkins is consuming git user and email from jenkinsuser parameters. But these parameters are not exposed on OpenStack manifests. Update all the manifests where it's relevant to send that git username and email, either to jenkins slaves or to static servers where jenkinsuser is needed. Change-Id: I4e2b94b1220f88288401f9106721bc4df7fe9125
2015-03-05 13:28:05 +01:00
ssh_key => $openstack_project::jenkins_ssh_key,
gitfullname => $jenkins_gitfullname,
gitemail => $jenkins_gitemail,
Add jenkins user to static.o.o. Change-Id: I41116f1732754772ef4968d8c020073e21f6cb7c Reviewed-on: https://review.openstack.org/11413 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-08-15 09:30:14 -07:00
}
Remove mlocate from static.o.o mlocate is filling up the disk trying to index logs and docs. Its default is not to index remote mounts, but since these are mounted on static.o.o as block devices it descends into them. Another option is to update PRUNEPATHS in updatedb.conf, but since this is wholly unnecessary let's KISS and just get rid of it. It is only installed because it is a "suggests" of findutils, so has no reverse-dependencies. Change-Id: Ib23f3f1fb3397b66f897a0d284da521ce50293e8
2017-02-14 10:40:08 +11:00
# This will try to index our millions of logs and docs by default
# and cause all sorts of IO and disk-usage issues.
package { 'mlocate':
ensure => absent,
}
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
include ::httpd
include ::httpd::mod::wsgi
Add node definition for static.openstack.org. Add node definition for static.openstack.org and create first simple implementation of what the static.openstack.org host would look like. Change-Id: I04952154246c4985e7ff44909e892918a1336fba Reviewed-on: https://review.openstack.org/11193 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-10 15:38:08 -07:00
Use httpd::mod instead of httpd_mod httpd::mod is a high-level wrapper around httpd_mod, and, since it is used, e.g. in puppet-jenkins and puppet-zuul, it should be uniform across all puppet projects, to be able to properly detect whether Httpd_mod instance defined, like below: if (! defined(Httpd::Mod['rewrite'])) { httpd::mod { 'rewrite': ensure => present } } Change-Id: I2b453b6f15d80bba9b1c29bc0d35651cfae05427 Depends-On: I69e7f9c54d06d7f98b50fdc7d5a67dd10e3e0050
2015-12-04 17:12:23 +00:00
if ! defined(Httpd::Mod['rewrite']) {
httpd::mod { 'rewrite':
ensure => present,
}
Add rewrite/proxy apache modules to static.o.o. This is needed in order to permit proxying for status.o.o. Change-Id: Ifd4c5a7de8d8c088b11cde4131ddcc629950400c Reviewed-on: https://review.openstack.org/18661 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-12-26 11:40:25 -08:00
}
Use httpd::mod instead of httpd_mod httpd::mod is a high-level wrapper around httpd_mod, and, since it is used, e.g. in puppet-jenkins and puppet-zuul, it should be uniform across all puppet projects, to be able to properly detect whether Httpd_mod instance defined, like below: if (! defined(Httpd::Mod['rewrite'])) { httpd::mod { 'rewrite': ensure => present } } Change-Id: I2b453b6f15d80bba9b1c29bc0d35651cfae05427 Depends-On: I69e7f9c54d06d7f98b50fdc7d5a67dd10e3e0050
2015-12-04 17:12:23 +00:00
if ! defined(Httpd::Mod['proxy']) {
httpd::mod { 'proxy':
ensure => present,
}
Add rewrite/proxy apache modules to static.o.o. This is needed in order to permit proxying for status.o.o. Change-Id: Ifd4c5a7de8d8c088b11cde4131ddcc629950400c Reviewed-on: https://review.openstack.org/18661 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-12-26 11:40:25 -08:00
}
Use httpd::mod instead of httpd_mod httpd::mod is a high-level wrapper around httpd_mod, and, since it is used, e.g. in puppet-jenkins and puppet-zuul, it should be uniform across all puppet projects, to be able to properly detect whether Httpd_mod instance defined, like below: if (! defined(Httpd::Mod['rewrite'])) { httpd::mod { 'rewrite': ensure => present } } Change-Id: I2b453b6f15d80bba9b1c29bc0d35651cfae05427 Depends-On: I69e7f9c54d06d7f98b50fdc7d5a67dd10e3e0050
2015-12-04 17:12:23 +00:00
if ! defined(Httpd::Mod['proxy_http']) {
httpd::mod { 'proxy_http':
ensure => present,
}
Add rewrite/proxy apache modules to static.o.o. This is needed in order to permit proxying for status.o.o. Change-Id: Ifd4c5a7de8d8c088b11cde4131ddcc629950400c Reviewed-on: https://review.openstack.org/18661 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-12-26 11:40:25 -08:00
}
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
if ! defined(Httpd::Mod['alias']) {
httpd::mod { 'alias': ensure => present }
}
Set Cache-Control to no-cache for badges Some services might cache badges for a very long time, which may no reflect the latest changes in the governance repo. Set Cache-Control to no-cache to instruct these services to not cache badges ever. Change-Id: I535107c49d5c89b9e09b440f7aac139de213f796
2016-11-30 10:41:03 +01:00
if ! defined(Httpd::Mod['headers']) {
httpd::mod { 'headers': ensure => present }
}
Split pypi_mirror into its own class We want to run more than one of these, and not all on static.o.o, so as a first step, split the relevant code out into a class. Change-Id: I6b3dd294bef3c89ad6353ecdae815ebd6825b0e1
2014-09-04 09:37:57 -07:00
if ! defined(File['/srv/static']) {
file { '/srv/static':
ensure => directory,
}
Reorganize static manifest. No functional changes, only moving code, except one correction to add perms and require for the docs-draft directory. Change-Id: I794810645c477181632bf03648fde1750f4f4a02 Reviewed-on: https://review.openstack.org/25662 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-28 14:49:10 -07:00
}
Use SNI/SAN on static.openstack.org A new cert bundle and key have been obtained for static.openstack.org with SubjectAltNames for most of its relevant vhosts. Switch it into place and generalize the current HTTPS configuration for security.openstack.org in preparation for adding HTTPS support to the remaining vhosts in subsequent commits. Also add sane snakeoil fallback behavior for undefined certificate/key files. Change-Id: I65b7dbc3b5ad8735c158a1ac0b41b848ad5d2077
2015-10-08 20:42:07 +00:00
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0700',
}
# To use the standard ssl-certs package snakeoil certificate, leave both
# $ssl_cert_file and $ssl_cert_file_contents empty. To use an existing
# certificate, specify its path for $ssl_cert_file and leave
# $ssl_cert_file_contents empty. To manage the certificate with puppet,
# provide $ssl_cert_file_contents and optionally specify the path to use for
# it in $ssl_cert_file.
if ($ssl_cert_file == '') and ($ssl_cert_file_contents == '') {
$cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
} else {
if $ssl_cert_file == '' {
$cert_file = "/etc/ssl/certs/${::fqdn}.pem"
} else {
$cert_file = $ssl_cert_file
}
if $ssl_cert_file_contents != '' {
file { $cert_file:
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_cert_file_contents,
require => File['/etc/ssl/certs'],
}
}
}
# To use the standard ssl-certs package snakeoil key, leave both
# $ssl_key_file and $ssl_key_file_contents empty. To use an existing key,
# specify its path for $ssl_key_file and leave $ssl_key_file_contents empty.
# To manage the key with puppet, provide $ssl_key_file_contents and
# optionally specify the path to use for it in $ssl_key_file.
if ($ssl_key_file == '') and ($ssl_key_file_contents == '') {
$key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
} else {
if $ssl_key_file == '' {
$key_file = "/etc/ssl/private/${::fqdn}.key"
} else {
$key_file = $ssl_key_file
}
if $ssl_key_file_contents != '' {
file { $key_file:
ensure => present,
owner => 'root',
group => 'root',
mode => '0600',
content => $ssl_key_file_contents,
require => File['/etc/ssl/private'],
}
}
}
# To avoid using an intermediate certificate chain, leave both
# $ssl_chain_file and $ssl_chain_file_contents empty. To use an existing
# chain, specify its path for $ssl_chain_file and leave
# $ssl_chain_file_contents empty. To manage the chain with puppet, provide
# $ssl_chain_file_contents and optionally specify the path to use for it in
# $ssl_chain_file.
if ($ssl_chain_file == '') and ($ssl_chain_file_contents == '') {
$chain_file = ''
} else {
if $ssl_chain_file == '' {
$chain_file = "/etc/ssl/certs/${::fqdn}_intermediate.pem"
} else {
$chain_file = $ssl_chain_file
}
if $ssl_chain_file_contents != '' {
file { $chain_file:
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_chain_file_contents,
require => File['/etc/ssl/certs'],
before => File[$cert_file],
}
}
}
Reorganize static manifest. No functional changes, only moving code, except one correction to add perms and require for the docs-draft directory. Change-Id: I794810645c477181632bf03648fde1750f4f4a02 Reviewed-on: https://review.openstack.org/25662 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-28 14:49:10 -07:00
###########################################################
# Tarballs
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'tarballs.openstack.org':
Add HTTPS support to tarballs.openstack.org Add HTTPS support to tarballs.openstack.org taking advantage of the SUbjectAltName entry for it in the current static.openstack.org X.509 certificate. Use a generalized vhost template for sites like this which should support access via both HTTP and HTTPS rather than redirecting from one to the other. Change-Id: I04aa73750f8fcee1c6af6efb1667127fd284f359
2015-10-13 18:32:27 +00:00
port => 443, # Is required despite not being used.
docroot => '/srv/static/tarballs',
priority => '50',
ssl => true,
template => 'openstack_project/static-http-and-https.vhost.erb',
vhost_name => 'tarballs.openstack.org',
require => [
File['/srv/static/tarballs'],
File[$cert_file],
File[$key_file],
],
Add node definition for static.openstack.org. Add node definition for static.openstack.org and create first simple implementation of what the static.openstack.org host would look like. Change-Id: I04952154246c4985e7ff44909e892918a1336fba Reviewed-on: https://review.openstack.org/11193 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-10 15:38:08 -07:00
}
Reorganize static manifest. No functional changes, only moving code, except one correction to add perms and require for the docs-draft directory. Change-Id: I794810645c477181632bf03648fde1750f4f4a02 Reviewed-on: https://review.openstack.org/25662 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-28 14:49:10 -07:00
file { '/srv/static/tarballs':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => User['jenkins'],
}
###########################################################
Add redirects from ci.o.o to docs.o.o/infra We're moving the content of http://ci.openstack.org to http://docs.openstack.org/infra and will use this to redirect old deep links once the content is in place. It's safe to land this in the meantime since it won't be hit until we switch DNS for ci.openstack.org. Change-Id: I6c6091e1dd18931211691972c408db8f3bf81719
2015-04-16 15:39:12 +00:00
# legacy ci.openstack.org site redirect
Reorganize static manifest. No functional changes, only moving code, except one correction to add perms and require for the docs-draft directory. Change-Id: I794810645c477181632bf03648fde1750f4f4a02 Reviewed-on: https://review.openstack.org/25662 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-28 14:49:10 -07:00
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'ci.openstack.org':
Add redirects from ci.o.o to docs.o.o/infra We're moving the content of http://ci.openstack.org to http://docs.openstack.org/infra and will use this to redirect old deep links once the content is in place. It's safe to land this in the meantime since it won't be hit until we switch DNS for ci.openstack.org. Change-Id: I6c6091e1dd18931211691972c408db8f3bf81719
2015-04-16 15:39:12 +00:00
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/ci.vhost.erb',
Reorganize static manifest. No functional changes, only moving code, except one correction to add perms and require for the docs-draft directory. Change-Id: I794810645c477181632bf03648fde1750f4f4a02 Reviewed-on: https://review.openstack.org/25662 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-28 14:49:10 -07:00
}
###########################################################
# Logs
Use common log server implementation Depends-On: Ib8476df83b7c5491158fa3cab588213be60fa2ab Change-Id: I390f6ea8aaace276d211d55a0e17f25dd6ae26b5
2015-03-24 15:49:19 -07:00
class { 'openstackci::logserver':
jenkins_ssh_key => $openstack_project::jenkins_ssh_key,
domain => 'openstack.org',
Enable and configure the ara middleware for logs-dev.o.o This installs the ara middleware for the logs.opentack.org server. The depended-on review only enables it for logs-dev.o.o. Change-Id: I9a2d996de46cb8ce34dc75ccda42b1799969e7ac Depends-On: I3b10c93b4902a9b45e23c227863e472697f662ef
2017-10-20 18:28:59 -04:00
ara_middleware => true,
Bump amount of mod_wsgi processes for static vhosts to 16 The default of 8 processes does not appear to be sufficient to handle the concurrent requests for openstack's log analyzer and ara simultaneously under load. Change-Id: I928fcbcc670c68bfb7b206949edca1a5e6daf35a
2018-11-07 15:34:47 -05:00
wsgi_processes => 16,
Use common log server implementation Depends-On: Ib8476df83b7c5491158fa3cab588213be60fa2ab Change-Id: I390f6ea8aaace276d211d55a0e17f25dd6ae26b5
2015-03-24 15:49:19 -07:00
swift_authurl => $swift_authurl,
swift_user => $swift_user,
swift_key => $swift_key,
swift_tenant_name => $swift_tenant_name,
swift_region_name => $swift_region_name,
swift_default_container => $swift_default_container,
puppet/static: move logs resources in system-config Move resources for OpenStack logs from puppet-openstackci to here. Change-Id: I354639545c9cbc12f1b844946962946aa2bb4fb0 Depends-On: I65e8ecf39130377c088c053e5623212f7db60f7a
2017-07-25 08:25:06 -07:00
readmes => {
'/*/*/*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html',
'/periodic*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html',
'/*/*/*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html',
'/periodic*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html',
Add a static footer for TripleO Quickstart logs Use a static html file from the tripleo-ci repo to help users debug TripleO Quickstart jobs, the same way as devstack-gate. Change-Id: If0d50040f9935976765d537e9ef0213631fe7e76
2017-07-25 12:47:05 -07:00
'/*/*/*/*/*tripleo-ci-*/*/logs/' => '/help/tripleo-quickstart-logs.html'
puppet/static: move logs resources in system-config Move resources for OpenStack logs from puppet-openstackci to here. Change-Id: I354639545c9cbc12f1b844946962946aa2bb4fb0 Depends-On: I65e8ecf39130377c088c053e5623212f7db60f7a
2017-07-25 08:25:06 -07:00
}
}
Add logs.opendev.org vhost This is a near-copy of the vhost template from puppet-openstackci. Change-Id: I191e41b501629e2cdd82381d66daa3b850e0be81
2019-07-31 13:54:28 -07:00
::httpd::vhost { "logs.opendev.org":
port => 443,
priority => '50',
ssl => true,
docroot => '/srv/static/logs',
require => File['/srv/static/logs'],
vhost_name => 'logs.opendev.org',
template => 'openstack_project/logs.vhost.erb',
}
puppet/static: move logs resources in system-config Move resources for OpenStack logs from puppet-openstackci to here. Change-Id: I354639545c9cbc12f1b844946962946aa2bb4fb0 Depends-On: I65e8ecf39130377c088c053e5623212f7db60f7a
2017-07-25 08:25:06 -07:00
vcsrepo { '/opt/devstack-gate':
ensure => latest,
provider => git,
revision => 'master',
Update opendev git references in puppet modules Not updating the gerrit git links thing, because that needs to be a wider patch that updates the link syntax too. Change-Id: I98013ba79e707540879e0cf2849a35c52f3371e8
2019-04-20 18:00:29 +00:00
source => 'https://opendev.org/openstack/devstack-gate',
puppet/static: move logs resources in system-config Move resources for OpenStack logs from puppet-openstackci to here. Change-Id: I354639545c9cbc12f1b844946962946aa2bb4fb0 Depends-On: I65e8ecf39130377c088c053e5623212f7db60f7a
2017-07-25 08:25:06 -07:00
}
file { '/srv/static/logs/help':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/static/logs'],
}
file { '/srv/static/logs/help/tempest-logs.html':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'file:///opt/devstack-gate/help/tempest-logs.html',
require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']],
}
file { '/srv/static/logs/help/tempest-overview.html':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'file:///opt/devstack-gate/help/tempest-overview.html',
require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']],
Add pypi mirror building slaves. Change-Id: I9c5ea870d365f65ff19d91ca579ee127f67d9ea8 Reviewed-on: https://review.openstack.org/25314 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-25 11:30:37 -07:00
}
Add a static footer for TripleO Quickstart logs Use a static html file from the tripleo-ci repo to help users debug TripleO Quickstart jobs, the same way as devstack-gate. Change-Id: If0d50040f9935976765d537e9ef0213631fe7e76
2017-07-25 12:47:05 -07:00
vcsrepo { '/opt/tripleo-ci':
ensure => latest,
provider => git,
revision => 'master',
Update opendev git references in puppet modules Not updating the gerrit git links thing, because that needs to be a wider patch that updates the link syntax too. Change-Id: I98013ba79e707540879e0cf2849a35c52f3371e8
2019-04-20 18:00:29 +00:00
source => 'https://opendev.org/openstack/tripleo-ci',
Add a static footer for TripleO Quickstart logs Use a static html file from the tripleo-ci repo to help users debug TripleO Quickstart jobs, the same way as devstack-gate. Change-Id: If0d50040f9935976765d537e9ef0213631fe7e76
2017-07-25 12:47:05 -07:00
}
file { '/srv/static/logs/help/tripleo-quickstart-logs.html':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'file:///opt/tripleo-ci/docs/tripleo-quickstart-logs.html',
require => [File['/srv/static/logs/help'], Vcsrepo['/opt/tripleo-ci']],
}
Add a security.openstack.org site for advisories This is the Apache vhost definition providing a place to host security advisory documents, which will be auto-published in a continuous fashion from files in the openstack/ossa repo. Change-Id: I13e4e9731345d629854b4c11efeac8fe2f6b6058
2014-11-07 20:09:46 +00:00
###########################################################
# Security
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'security.openstack.org':
Move security.openstack.org to HTTPS As we migrate things like security contact information off www.openstack.org and onto security.openstack.org, people are going to want some extra assurances they're not looking at a copy that's been monkeyed with in transit. Serve it via HTTPS and redirect prior HTTP URLs. Change-Id: Ifdd8eaa7d92c3103637360ec125e6a6096fed598
2015-02-11 21:59:50 +00:00
port => 443, # Is required despite not being used.
docroot => '/srv/static/security',
priority => '50',
ssl => true,
Rename security.o.o vhost template for reusability There is no longer any security.openstack.org specific content in the vhost template, so rename it to something more general in preparation for use by additional similar vhosts. Change-Id: Ifb6843ec25cecdf497df107f066cc59bd81c5a19
2015-10-13 18:13:48 +00:00
template => 'openstack_project/static-https-redirect.vhost.erb',
Move security.openstack.org to HTTPS As we migrate things like security contact information off www.openstack.org and onto security.openstack.org, people are going to want some extra assurances they're not looking at a copy that's been monkeyed with in transit. Serve it via HTTPS and redirect prior HTTP URLs. Change-Id: Ifdd8eaa7d92c3103637360ec125e6a6096fed598
2015-02-11 21:59:50 +00:00
vhost_name => 'security.openstack.org',
Use SNI/SAN on static.openstack.org A new cert bundle and key have been obtained for static.openstack.org with SubjectAltNames for most of its relevant vhosts. Switch it into place and generalize the current HTTPS configuration for security.openstack.org in preparation for adding HTTPS support to the remaining vhosts in subsequent commits. Also add sane snakeoil fallback behavior for undefined certificate/key files. Change-Id: I65b7dbc3b5ad8735c158a1ac0b41b848ad5d2077
2015-10-08 20:42:07 +00:00
require => [
File['/srv/static/security'],
File[$cert_file],
File[$key_file],
],
Add a security.openstack.org site for advisories This is the Apache vhost definition providing a place to host security advisory documents, which will be auto-published in a continuous fashion from files in the openstack/ossa repo. Change-Id: I13e4e9731345d629854b4c11efeac8fe2f6b6058
2014-11-07 20:09:46 +00:00
}
file { '/srv/static/security':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => User['jenkins'],
}
Add a governance.openstack.org site for policies This is the Apache vhost definition providing a place to host governance policy documents, which will be auto-published in a continuous fashion from files in the openstack/governance repo. Change-Id: I5df3dc0d8288840def27333d7b49a658c5c7e890
2014-11-02 15:25:08 +00:00
###########################################################
Create space for governance.o.o/uc publication The governance.o.o website will provide a space for publication of User Committee documents (openstack/governance-uc) under governance.o.o/uc/, under a model similar to what was followed for /election. Change-Id: I8bb109c38832b04440210f7be6bb18d25b91750d
2016-09-05 14:18:31 +02:00
# Governance (TC and UC) & Election
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
# Extra aliases and directories needed for vhost template:
$governance_aliases = {
Create space for governance.o.o/uc publication The governance.o.o website will provide a space for publication of User Committee documents (openstack/governance-uc) under governance.o.o/uc/, under a model similar to what was followed for /election. Change-Id: I8bb109c38832b04440210f7be6bb18d25b91750d
2016-09-05 14:18:31 +02:00
'/election/' => '/srv/static/election/',
Create publish space for SIGs under governance.o.o Create space for publication of the content from the upcoming openstack/governance-sigs repository under governance.o.o. Change-Id: I5d30976f00418b6d8002e5db86343fdb7459d32e
2017-11-23 14:10:02 +01:00
'/sigs/' => '/srv/static/sigs/',
Also serve TC contents from governance.o.o/tc In preparation of moving TC content under governance.o.o/tc/, set up a redirect from /tc/ to /srv/static/tc, while still using /srv/static/tc as docroot. This is step 5 in implementing a neutral governance website, as described in [1]. [1] http://specs.openstack.org/openstack-infra/infra-specs/specs/neutral-governance-website.html Change-Id: I7a4c4d16118821ad87fd5ae507765ad0d522a2f7
2016-11-30 10:44:28 +01:00
'/tc/' => '/srv/static/tc/',
Create space for governance.o.o/uc publication The governance.o.o website will provide a space for publication of User Committee documents (openstack/governance-uc) under governance.o.o/uc/, under a model similar to what was followed for /election. Change-Id: I8bb109c38832b04440210f7be6bb18d25b91750d
2016-09-05 14:18:31 +02:00
'/uc/' => '/srv/static/uc/',
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
}
Set up redirects to preserve governance.o.o links Before switching the governance.o.o docroot to neutral content from openstack/governance-website, set up some redirects to preserve old links to TC reference documents and resolutions. This is steps 7 and 8 in the plan to switch to a neutral governance website, as described in [1]. [1] http://specs.openstack.org/openstack-infra/infra-specs/specs/neutral-governance-website.html Change-Id: I12a60816b9fcbe8c467a7bc3219149e6a053ffa8
2016-11-30 11:09:29 +01:00
# Extra redirects needed for vhost template:
$governance_redirects = {
governance.o.o: add redirect for badges Badges are published under /srv/static/tc, and links pointing to http://governance.openstack.org/badges were created everywhere. In order to avoid breaking those links when we switch the docroot, create an additional redirect for the /badges/ subdirectory. Change-Id: Id2eb469cd1be16da04e73a752aa586a58330499c
2016-12-08 11:40:00 +01:00
'/badges/' => '/tc/badges/',
Set up redirects to preserve governance.o.o links Before switching the governance.o.o docroot to neutral content from openstack/governance-website, set up some redirects to preserve old links to TC reference documents and resolutions. This is steps 7 and 8 in the plan to switch to a neutral governance website, as described in [1]. [1] http://specs.openstack.org/openstack-infra/infra-specs/specs/neutral-governance-website.html Change-Id: I12a60816b9fcbe8c467a7bc3219149e6a053ffa8
2016-11-30 11:09:29 +01:00
'/goals/' => '/tc/goals/',
'/reference/' => '/tc/reference/',
'/resolutions/' => '/tc/resolutions/',
}
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
# One of these must also be the docroot
$governance_directories = [
'/srv/static/election',
'/srv/static/governance',
Create publish space for SIGs under governance.o.o Create space for publication of the content from the upcoming openstack/governance-sigs repository under governance.o.o. Change-Id: I5d30976f00418b6d8002e5db86343fdb7459d32e
2017-11-23 14:10:02 +01:00
'/srv/static/sigs',
Create /srv/static/tc for publication purposes As a first step to publishing TC documents under /tc/, get the /srv/static/tc directory created. This is the first part of step 3 in: http://specs.openstack.org/openstack-infra/infra-specs/specs/neutral-governance-website.html Change-Id: Id6e8f10ba5da6106faf77387be44781bd963041c
2016-11-09 15:56:07 +01:00
'/srv/static/tc',
Create space for governance.o.o/uc publication The governance.o.o website will provide a space for publication of User Committee documents (openstack/governance-uc) under governance.o.o/uc/, under a model similar to what was followed for /election. Change-Id: I8bb109c38832b04440210f7be6bb18d25b91750d
2016-09-05 14:18:31 +02:00
'/srv/static/uc',
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
]
Add a governance.openstack.org site for policies This is the Apache vhost definition providing a place to host governance policy documents, which will be auto-published in a continuous fashion from files in the openstack/governance repo. Change-Id: I5df3dc0d8288840def27333d7b49a658c5c7e890
2014-11-02 15:25:08 +00:00
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'governance.openstack.org':
Revert "Add election alias to governance.openstack.org" This reverts commit 91dcb510bace2f3a14745c18e945f8504a325c15. The implementation ignored that the referenced template is being used by many vhosts but the lists for aliases and directories were defined at (and referenced from) the containing class scope. This coupled with the newly introduced conditional for the directories array caused all other vhosts using this template to no longer get Directory blocks for their docroots. Change-Id: I808e654a6fb77440e7aecbde4456ddc720fe0d9a
2016-07-01 23:17:38 +00:00
port => 443, # Is required despite not being used.
Switch governance.o.o root to governance-website Switch the governance.openstack.org docroot to the neutral content from the governance-website repository. This completes the plan to switch to a neutral governance website, as described in [1]. [1] http://specs.openstack.org/openstack-infra/infra-specs/specs/neutral-governance-website.html Change-Id: I3b67ef932ca1f8150d0e7ba50481c32b85eeff71
2016-12-08 11:23:48 +01:00
docroot => '/srv/static/governance',
Revert "Add election alias to governance.openstack.org" This reverts commit 91dcb510bace2f3a14745c18e945f8504a325c15. The implementation ignored that the referenced template is being used by many vhosts but the lists for aliases and directories were defined at (and referenced from) the containing class scope. This coupled with the newly introduced conditional for the directories array caused all other vhosts using this template to no longer get Directory blocks for their docroots. Change-Id: I808e654a6fb77440e7aecbde4456ddc720fe0d9a
2016-07-01 23:17:38 +00:00
priority => '50',
ssl => true,
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
template => 'openstack_project/static-governance.vhost.erb',
Revert "Add election alias to governance.openstack.org" This reverts commit 91dcb510bace2f3a14745c18e945f8504a325c15. The implementation ignored that the referenced template is being used by many vhosts but the lists for aliases and directories were defined at (and referenced from) the containing class scope. This coupled with the newly introduced conditional for the directories array caused all other vhosts using this template to no longer get Directory blocks for their docroots. Change-Id: I808e654a6fb77440e7aecbde4456ddc720fe0d9a
2016-07-01 23:17:38 +00:00
vhost_name => 'governance.openstack.org',
require => [
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
File[$governance_directories],
Add HTTPS for governance.openstack.org Change-Id: I294d7f18472ad5b172797fe4309e2a5ba1173866
2015-10-22 17:34:54 +00:00
File[$cert_file],
File[$key_file],
],
Add a governance.openstack.org site for policies This is the Apache vhost definition providing a place to host governance policy documents, which will be auto-published in a continuous fashion from files in the openstack/governance repo. Change-Id: I5df3dc0d8288840def27333d7b49a658c5c7e890
2014-11-02 15:25:08 +00:00
}
Add election alias to governance.openstack.org Add an alias for /election/ to go to /srv/static/election where the election repo will be published to. This is a reworked resubmission of Ie5e783c65396e9fb74f3d739e775e51a948652fe which was reverted in I808e654a6fb77440e7aecbde4456ddc720fe0d9a . Change-Id: I1a8e179d26e57247322fe3ed604e838722d43334 Partially-Implements: spec publish-election-repo Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
2016-03-15 12:45:22 +11:00
file { $governance_directories:
Add a governance.openstack.org site for policies This is the Apache vhost definition providing a place to host governance policy documents, which will be auto-published in a continuous fashion from files in the openstack/governance repo. Change-Id: I5df3dc0d8288840def27333d7b49a658c5c7e890
2014-11-02 15:25:08 +00:00
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => User['jenkins'],
}
Publish specs jobs for *-specs The gate jobs already publish the specs as drafts and it would be very beneficial to actually see those online at a permanent place - rather than going to github. This patch: * Sets up a new site specs.openstack.org * Creates new job-template '{name}-publish-specs' for publishing specs * Creates new specs-job job-group for gating and publishing specs * Converts all *-specs repositories to use the new job-group * Creates Zuul specs-job macro to use these jobs * Replaces those *-specs repositories that use already docs and python27 gates to use the new job-group and thus get published. The patch does not take care of publishing of repositories that do not use both the docs and python27 gates, this will be done separately. implements bp publish-specs Co-Authored-By: Andreas Jaeger <aj@suse.de> Change-Id: Icc1c780cea8cd24c7a108429f84b2450056c6eed
2014-07-10 12:38:15 -04:00
###########################################################
# Specs
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'specs.openstack.org':
Add HTTPS for specs.openstack.org Change-Id: I134de97c99ad296ca5c9e35eb68d98f15e0cd585
2015-10-22 17:35:45 +00:00
port => 443, # Is required despite not being used.
docroot => '/srv/static/specs',
priority => '50',
ssl => true,
template => 'openstack_project/static-http-and-https.vhost.erb',
vhost_name => 'specs.openstack.org',
require => [
File['/srv/static/specs'],
File[$cert_file],
File[$key_file],
],
Publish specs jobs for *-specs The gate jobs already publish the specs as drafts and it would be very beneficial to actually see those online at a permanent place - rather than going to github. This patch: * Sets up a new site specs.openstack.org * Creates new job-template '{name}-publish-specs' for publishing specs * Creates new specs-job job-group for gating and publishing specs * Converts all *-specs repositories to use the new job-group * Creates Zuul specs-job macro to use these jobs * Replaces those *-specs repositories that use already docs and python27 gates to use the new job-group and thus get published. The patch does not take care of publishing of repositories that do not use both the docs and python27 gates, this will be done separately. implements bp publish-specs Co-Authored-By: Andreas Jaeger <aj@suse.de> Change-Id: Icc1c780cea8cd24c7a108429f84b2450056c6eed
2014-07-10 12:38:15 -04:00
}
file { '/srv/static/specs':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => User['jenkins'],
}
Host a summit.openstack.org redirect on static This provides a hollow "summit.openstack.org" vhost as a permanent redirect to the openstack.org/summit site. As the summit schedule site is no longer maintained, this ensures browser traffic goes somewhere with helpful details about the summit rather than just timing out. Change-Id: I5007214e69f8656981b6d173a0c6aa38be464fba
2014-11-01 22:55:18 +00:00
###########################################################
# legacy summit.openstack.org site redirect
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'summit.openstack.org':
Host a summit.openstack.org redirect on static This provides a hollow "summit.openstack.org" vhost as a permanent redirect to the openstack.org/summit site. As the summit schedule site is no longer maintained, this ensures browser traffic goes somewhere with helpful details about the summit rather than just timing out. Change-Id: I5007214e69f8656981b6d173a0c6aa38be464fba
2014-11-01 22:55:18 +00:00
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/summit.vhost.erb',
}
Host a devstack.org redirect on static This provides a hollow "devstack.org" vhost as a permanent redirect to the docs.openstack.org/developer/devstack site. It also aliases *.devstack.org to the same vhost. Change-Id: Ib96e4d4e21bbdd961eb32529c66acf750d79bec5
2014-10-21 18:41:14 +00:00
###########################################################
Add legacy redirects to static.o.o The legacy redirects that are on old-wiki.o.o should go away. But they certainly should stop being served by old-wiki. Note, this excludes quantum, which is a dead redirect anyway and workitems which never really got off the ground and only contains out of date info from diablo-4. Change-Id: If78ba98ff927420d003fa69b49ed073e3a44ea09
2017-03-08 09:30:59 -06:00
# legacy site redirects
Host a devstack.org redirect on static This provides a hollow "devstack.org" vhost as a permanent redirect to the docs.openstack.org/developer/devstack site. It also aliases *.devstack.org to the same vhost. Change-Id: Ib96e4d4e21bbdd961eb32529c66acf750d79bec5
2014-10-21 18:41:14 +00:00
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'devstack.org':
Host a devstack.org redirect on static This provides a hollow "devstack.org" vhost as a permanent redirect to the docs.openstack.org/developer/devstack site. It also aliases *.devstack.org to the same vhost. Change-Id: Ib96e4d4e21bbdd961eb32529c66acf750d79bec5
2014-10-21 18:41:14 +00:00
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
serveraliases => ['*.devstack.org'],
Add legacy redirects to static.o.o The legacy redirects that are on old-wiki.o.o should go away. But they certainly should stop being served by old-wiki. Note, this excludes quantum, which is a dead redirect anyway and workitems which never really got off the ground and only contains out of date info from diablo-4. Change-Id: If78ba98ff927420d003fa69b49ed073e3a44ea09
2017-03-08 09:30:59 -06:00
template => 'openstack_project/legacy.vhost.erb',
}
::httpd::vhost { 'cinder.openstack.org':
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/legacy.vhost.erb',
}
::httpd::vhost { 'glance.openstack.org':
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/legacy.vhost.erb',
}
::httpd::vhost { 'horizon.openstack.org':
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/legacy.vhost.erb',
}
::httpd::vhost { 'keystone.openstack.org':
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/legacy.vhost.erb',
}
::httpd::vhost { 'nova.openstack.org':
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/legacy.vhost.erb',
}
::httpd::vhost { 'qa.openstack.org':
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/legacy.vhost.erb',
}
::httpd::vhost { 'swift.openstack.org':
port => 80,
priority => '50',
docroot => 'MEANINGLESS_ARGUMENT',
template => 'openstack_project/legacy.vhost.erb',
Host a devstack.org redirect on static This provides a hollow "devstack.org" vhost as a permanent redirect to the docs.openstack.org/developer/devstack site. It also aliases *.devstack.org to the same vhost. Change-Id: Ib96e4d4e21bbdd961eb32529c66acf750d79bec5
2014-10-21 18:41:14 +00:00
}
Add trystack.o.o into -infra trystack.org is a simple static site, moving it under -infra will provide an easy way of maintaining it. Change-Id: I662769ede97f147f35f63accef7ef1769d7938f0 Depends-On: I96b0d459cb8ffcde42fae751c01f9a3b78760390 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-06-23 20:58:54 +00:00
###########################################################
# Trystack
Migrate to puppet-httpd module puppet-httpd is the openstack-infra module for of puppetlabs-apache (0.0.4) release. This patchset will remove the puppetlabs-apache namespace from -infra allow for possible future patchsets to use newer puppetlabs-apache modules. Change-Id: Id9f08de5ca32eac884a01f11a2cf34e1044d3048 Depends-On: I4f4648538801a60f45b28cedc73b24d8905cfe14 Depends-On: Ifcc60d173430e30159aa794e5adb5ba71107e647 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-07-06 13:05:17 -04:00
::httpd::vhost { 'trystack.openstack.org':
Add HTTPS for trystack.openstack.org Add HTTPS for trystack.openstack.org and incorporate ServerAlias support into the static-http-and-https and static-https-redirect vhost templates. Change-Id: I7c3ab22485689bf22dfe706fa7b0f6777604db25
2015-10-22 17:38:33 +00:00
port => 443, # Is required despite not being used.
Rewrite trystack.org to trystack.o.o Add the required serveraliases and rewrite settings needed to support both trystack.openstack.org and trystack.org. Change-Id: I1a6560be8a1a24b50b1d047ed990e5f029ac5ee5 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-08-10 10:36:55 -04:00
docroot => '/opt/trystack',
Add HTTPS for trystack.openstack.org Add HTTPS for trystack.openstack.org and incorporate ServerAlias support into the static-http-and-https and static-https-redirect vhost templates. Change-Id: I7c3ab22485689bf22dfe706fa7b0f6777604db25
2015-10-22 17:38:33 +00:00
priority => '50',
ssl => true,
template => 'openstack_project/static-http-and-https.vhost.erb',
vhost_name => 'trystack.openstack.org',
Also add serveralias for www.trystack.org Change-Id: I59d930c1c358f81c70f98f8533fd50c8ddda3ce0 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-08-14 11:03:28 -04:00
serveraliases => ['trystack.org', 'www.trystack.org'],
Add HTTPS for trystack.openstack.org Add HTTPS for trystack.openstack.org and incorporate ServerAlias support into the static-http-and-https and static-https-redirect vhost templates. Change-Id: I7c3ab22485689bf22dfe706fa7b0f6777604db25
2015-10-22 17:38:33 +00:00
require => [
Vcsrepo['/opt/trystack'],
File[$cert_file],
File[$key_file],
],
Add trystack.o.o into -infra trystack.org is a simple static site, moving it under -infra will provide an easy way of maintaining it. Change-Id: I662769ede97f147f35f63accef7ef1769d7938f0 Depends-On: I96b0d459cb8ffcde42fae751c01f9a3b78760390 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-06-23 20:58:54 +00:00
}
vcsrepo { '/opt/trystack':
ensure => latest,
provider => git,
revision => 'master',
Update opendev git references in puppet modules Not updating the gerrit git links thing, because that needs to be a wider patch that updates the link syntax too. Change-Id: I98013ba79e707540879e0cf2849a35c52f3371e8
2019-04-20 18:00:29 +00:00
source => 'https://opendev.org/x/trystack-site',
Add trystack.o.o into -infra trystack.org is a simple static site, moving it under -infra will provide an easy way of maintaining it. Change-Id: I662769ede97f147f35f63accef7ef1769d7938f0 Depends-On: I96b0d459cb8ffcde42fae751c01f9a3b78760390 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2015-06-23 20:58:54 +00:00
}
add new vhost for releases.openstack.org This patch adds the new virtualhost for releases.openstack.org, to receive documents published by the release management team. Change-Id: I41221d84e6c985bcc55f9b2a6f15210d2410bc84
2016-01-12 17:55:02 +00:00
###########################################################
# Releases
::httpd::vhost { 'releases.openstack.org':
port => 443, # Is required despite not being used.
docroot => '/srv/static/releases',
priority => '50',
ssl => true,
Roll releases site into common cert Now that the static.o.o SSL cert has been renewed, additional CNs have been included in the SAN set for it. As a result, we can simplify configuration for the newer sites added since the prior renewal. Change-Id: I77f49cea53b0a06ce4399d46b00806a2cbd7e509
2017-06-30 20:30:54 +00:00
template => 'openstack_project/static-https-redirect.vhost.erb',
add new vhost for releases.openstack.org This patch adds the new virtualhost for releases.openstack.org, to receive documents published by the release management team. Change-Id: I41221d84e6c985bcc55f9b2a6f15210d2410bc84
2016-01-12 17:55:02 +00:00
vhost_name => 'releases.openstack.org',
require => [
File['/srv/static/releases'],
Roll releases site into common cert Now that the static.o.o SSL cert has been renewed, additional CNs have been included in the SAN set for it. As a result, we can simplify configuration for the newer sites added since the prior renewal. Change-Id: I77f49cea53b0a06ce4399d46b00806a2cbd7e509
2017-06-30 20:30:54 +00:00
File[$cert_file],
File[$key_file],
add new vhost for releases.openstack.org This patch adds the new virtualhost for releases.openstack.org, to receive documents published by the release management team. Change-Id: I41221d84e6c985bcc55f9b2a6f15210d2410bc84
2016-01-12 17:55:02 +00:00
],
}
file { '/srv/static/releases':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => User['jenkins'],
}
Switch static.openstack.org to worker MPM We are seeing in the static.openstack.org logs the problem metioned in [1] which is leadning to dropped connections. This mpm showed some scalability bottlenecks in the past leading to the following error: "scoreboard is full, not at MaxRequestWorkers". ... From 2.4.24 onward, mpm-event is smarter and it is able to handle graceful terminations in a much better way I don't think we want to go outside the packages provided by Trusty, and it seems that even upping the number of servers/threads is not a reliable work-around to this problem. It seems like the simplest thing to do is avoid the problem all together by switching to the woker MPM, which is very simliar but not optimised for HTTP keep-alive. Since this is not an ajax-y type interactive server with a lot of long-lived clients, I think this will work fine. [1] https://httpd.apache.org/docs/2.4/mod/event.html Change-Id: I064b81076bcfcb200e0990627fc1aa0be8bbf058
2017-01-30 14:35:45 +11:00
Add vhost on static.o.o for service-types.o.o We want to publish json information from the service-types-authority to service-types.openstack.org. We need a vhost for that, and also a directory for the post job to copy data to. Change-Id: Ia53a6e508e4b6d79fab08b4c51dc3ad97a929502
2017-06-28 12:07:19 -05:00
###########################################################
# service-types.openstack.org
::httpd::vhost { 'service-types.openstack.org':
port => 443, # Is required despite not being used.
docroot => '/srv/static/service-types',
priority => '50',
ssl => true,
template => 'openstack_project/static-https-redirect.vhost.erb',
vhost_name => 'service-types.openstack.org',
require => [
File['/srv/static/service-types'],
File[$cert_file],
File[$key_file],
],
}
file { '/srv/static/service-types':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => User['jenkins'],
}
Switch static.openstack.org to worker MPM We are seeing in the static.openstack.org logs the problem metioned in [1] which is leadning to dropped connections. This mpm showed some scalability bottlenecks in the past leading to the following error: "scoreboard is full, not at MaxRequestWorkers". ... From 2.4.24 onward, mpm-event is smarter and it is able to handle graceful terminations in a much better way I don't think we want to go outside the packages provided by Trusty, and it seems that even upping the number of servers/threads is not a reliable work-around to this problem. It seems like the simplest thing to do is avoid the problem all together by switching to the woker MPM, which is very simliar but not optimised for HTTP keep-alive. Since this is not an ajax-y type interactive server with a lot of long-lived clients, I think this will work fine. [1] https://httpd.apache.org/docs/2.4/mod/event.html Change-Id: I064b81076bcfcb200e0990627fc1aa0be8bbf058
2017-01-30 14:35:45 +11:00
# Until Apache 2.4.24 the event MPM has some issues scalability
# bottlenecks that were seen to drop connections, especially on
# larger files; see
# https://httpd.apache.org/docs/2.4/mod/event.html
#
# The main advantage of event MPM is for keep-alive requests which
# are not really a big issue on this static file server. Therefore
# we switch to the threaded worker MPM as a workaround. This can be
# reconsidered when the apache version running is sufficient to
# avoid these problems.
httpd::mod { 'mpm_event': ensure => 'absent' }
httpd::mod { 'mpm_worker': ensure => 'present' }
Add node definition for static.openstack.org. Add node definition for static.openstack.org and create first simple implementation of what the static.openstack.org host would look like. Change-Id: I04952154246c4985e7ff44909e892918a1336fba Reviewed-on: https://review.openstack.org/11193 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-10 15:38:08 -07:00
}
Copy Permalink