Serve meetings.opendev.org

This site replaces eavesdrop.openstack.org. I think this name makes more sense. That is/was being published by jobs directly pushing this onto the eavesdrop server. Instead, the publishing jobs for irc-meetings now publish to /afs/openstack.org/project/meetings.opendev.org. This makes the site available via the static server. This is actually a production no-op; nothing has changed for the current publishing. It is still todo to figure out the correct redirects to keep things working from the existing eavesdrop.openstack.org and stop the old publishing method. Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/794085 Change-Id: Ia582c4cee1f074e78cee32626be86fd5eb1d81bd
2 years ago · 270daa1b1a
parent 728fd00c6d
commit 270daa1b1a
6 changed files with 53 additions and 0 deletions
--- a/inventory/service/host_vars/static01.opendev.org.yaml
+++ b/inventory/service/host_vars/static01.opendev.org.yaml
@ -41,6 +41,8 @@ letsencrypt_certs:
    - keystone.openstack.org
  static01-nova-openstack-org:
    - nova.openstack.org
+  static01-meetings-opendev-org:
+    - meetings.opendev.org
  static01-planet-openstack-org:
    - planet.openstack.org
  static01-service-types-openstack-org:
--- a/playbooks/roles/afs-release/files/release-volumes.py
+++ b/playbooks/roles/afs-release/files/release-volumes.py
@ -35,6 +35,7 @@ VOLUMES = ['docs',
           'project.airship',
           'project.governance',
           'project.opendev',
+           'project.meetings',
           'project.releases',
           'project.security',
           'project.service-types',
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@ -90,6 +90,9 @@
 - name: letsencrypt updated static01-keystone-openstack-org
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

+- name: letsencrypt updated static01-meetings-opendev-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-nova-openstack-org
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

--- a/playbooks/roles/static/files/50-meetings.opendev.org.conf
+++ b/playbooks/roles/static/files/50-meetings.opendev.org.conf
@ -0,0 +1,40 @@
+Define AFS_ROOT /afs/openstack.org/project/meetings.opendev.org
+
+<VirtualHost *:80>
+  ServerName meetings.opendev.org
+  RewriteEngine On
+  RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
+  LogLevel warn
+  ErrorLog /var/log/apache2/meetings.opendev.org_error.log
+  CustomLog /var/log/apache2/meetings.opendev.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+
+  ServerName meetings.opendev.org
+
+  DocumentRoot ${AFS_ROOT}
+
+  SSLCertificateFile      /etc/letsencrypt-certs/meetings.opendev.org/meetings.opendev.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/meetings.opendev.org/meetings.opendev.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/meetings.opendev.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  <Directory ${AFS_ROOT}>
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverrideList Redirect RedirectMatch
+    Require all granted
+  </Directory>
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/meetings.opendev.org_error.log
+  CustomLog /var/log/apache2/meetings.opendev.org_access.log combined
+  ServerSignature Off
+
+</VirtualHost>
+</IfModule>
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@ -92,6 +92,7 @@
    - 50-glance.openstack.org
    - 50-horizon.openstack.org
    - 50-keystone.openstack.org
+    - 50-meetings.opendev.org
    - 50-nova.openstack.org
    - 50-planet.openstack.org
    - 50-security.openstack.org
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@ -220,6 +220,12 @@ def test_planet_openstack_org_redirects(host):
    assert '301 Moved Permanently' in cmd.stdout
    assert 'https://opendev.org/openstack/openstack-planet' in cmd.stdout

+def test_meetings_opendev_org(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve meetings.opendev.org:443:127.0.0.1 '
+                   'https://meetings.opendev.org/')
+    assert 'IRC channels and meetings' in cmd.stdout
+
 ci_redirects = (
    ('/jenkins-job-builder', 'https://docs.openstack.org/infra/jenkins-job-builder'),
    ('/nodepool', 'https://docs.openstack.org/infra/nodepool'),