From 270daa1b1a58ec2cff89a5c3db916e760541e0ac Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Wed, 2 Jun 2021 11:51:54 +1000
Subject: [PATCH] Serve meetings.opendev.org

This site replaces eavesdrop.openstack.org.  I think this name makes
more sense.

That is/was being published by jobs directly pushing this onto the
eavesdrop server.  Instead, the publishing jobs for irc-meetings now
publish to /afs/openstack.org/project/meetings.opendev.org.  This
makes the site available via the static server.

This is actually a production no-op; nothing has changed for the
current publishing.  It is still todo to figure out the correct
redirects to keep things working from the existing
eavesdrop.openstack.org and stop the old publishing method.

Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/794085
Change-Id: Ia582c4cee1f074e78cee32626be86fd5eb1d81bd
---
 .../host_vars/static01.opendev.org.yaml       |  2 +
 .../afs-release/files/release-volumes.py      |  1 +
 .../handlers/main.yaml                        |  3 ++
 .../static/files/50-meetings.opendev.org.conf | 40 +++++++++++++++++++
 playbooks/roles/static/tasks/main.yaml        |  1 +
 testinfra/test_static.py                      |  6 +++
 6 files changed, 53 insertions(+)
 create mode 100644 playbooks/roles/static/files/50-meetings.opendev.org.conf

diff --git a/inventory/service/host_vars/static01.opendev.org.yaml b/inventory/service/host_vars/static01.opendev.org.yaml
index a200108c80..5bf870b2fc 100644
--- a/inventory/service/host_vars/static01.opendev.org.yaml
+++ b/inventory/service/host_vars/static01.opendev.org.yaml
@@ -41,6 +41,8 @@ letsencrypt_certs:
     - keystone.openstack.org
   static01-nova-openstack-org:
     - nova.openstack.org
+  static01-meetings-opendev-org:
+    - meetings.opendev.org
   static01-planet-openstack-org:
     - planet.openstack.org
   static01-service-types-openstack-org:
diff --git a/playbooks/roles/afs-release/files/release-volumes.py b/playbooks/roles/afs-release/files/release-volumes.py
index 7559a6771a..ba2e6f744a 100644
--- a/playbooks/roles/afs-release/files/release-volumes.py
+++ b/playbooks/roles/afs-release/files/release-volumes.py
@@ -35,6 +35,7 @@ VOLUMES = ['docs',
            'project.airship',
            'project.governance',
            'project.opendev',
+           'project.meetings',
            'project.releases',
            'project.security',
            'project.service-types',
diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
index 277b1f5094..5e70ba75d6 100644
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@@ -90,6 +90,9 @@
 - name: letsencrypt updated static01-keystone-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated static01-meetings-opendev-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-nova-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
diff --git a/playbooks/roles/static/files/50-meetings.opendev.org.conf b/playbooks/roles/static/files/50-meetings.opendev.org.conf
new file mode 100644
index 0000000000..3be197f9e6
--- /dev/null
+++ b/playbooks/roles/static/files/50-meetings.opendev.org.conf
@@ -0,0 +1,40 @@
+Define AFS_ROOT /afs/openstack.org/project/meetings.opendev.org
+
+<VirtualHost *:80>
+  ServerName meetings.opendev.org
+  RewriteEngine On
+  RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
+  LogLevel warn
+  ErrorLog /var/log/apache2/meetings.opendev.org_error.log
+  CustomLog /var/log/apache2/meetings.opendev.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+
+  ServerName meetings.opendev.org
+
+  DocumentRoot ${AFS_ROOT}
+
+  SSLCertificateFile      /etc/letsencrypt-certs/meetings.opendev.org/meetings.opendev.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/meetings.opendev.org/meetings.opendev.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/meetings.opendev.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  <Directory ${AFS_ROOT}>
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverrideList Redirect RedirectMatch
+    Require all granted
+  </Directory>
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/meetings.opendev.org_error.log
+  CustomLog /var/log/apache2/meetings.opendev.org_access.log combined
+  ServerSignature Off
+
+</VirtualHost>
+</IfModule>
diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml
index 5dbde6c35e..7135fb914b 100644
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@@ -92,6 +92,7 @@
     - 50-glance.openstack.org
     - 50-horizon.openstack.org
     - 50-keystone.openstack.org
+    - 50-meetings.opendev.org
     - 50-nova.openstack.org
     - 50-planet.openstack.org
     - 50-security.openstack.org
diff --git a/testinfra/test_static.py b/testinfra/test_static.py
index ddf118f9fa..444452b768 100644
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@@ -220,6 +220,12 @@ def test_planet_openstack_org_redirects(host):
     assert '301 Moved Permanently' in cmd.stdout
     assert 'https://opendev.org/openstack/openstack-planet' in cmd.stdout
 
+def test_meetings_opendev_org(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve meetings.opendev.org:443:127.0.0.1 '
+                   'https://meetings.opendev.org/')
+    assert 'IRC channels and meetings' in cmd.stdout
+
 ci_redirects = (
     ('/jenkins-job-builder', 'https://docs.openstack.org/infra/jenkins-job-builder'),
     ('/nodepool', 'https://docs.openstack.org/infra/nodepool'),