Add LE cert for logs.opendev.org to static

This can be used in an apache vhost later, but should be fine to merge now. Depends-On: https://review.opendev.org/673902 Change-Id: Ic2cb7585433351ec1bdabd88915fa1ca07da44e7
2019-07-31 13:00:50 -07:00 · 2019-07-31 13:00:50 -07:00 · 48cafd19f8
parent 7df5981e12
commit 48cafd19f8
4 changed files with 10 additions and 3 deletions
--- a/doc/source/letsencrypt.rst
+++ b/doc/source/letsencrypt.rst
@ -30,7 +30,7 @@ We support automatic provisioning of certificates from Let's Encrypt
 to hosts in the ``opendev.org`` domain.

 This is implemented in OpenDev via the roles driven from
-:git_file:``playbooks/roles/service-letsencrypt.yaml``.  The overall
+:git_file:`playbooks/roles/service-letsencrypt.yaml`.  The overall
 actions implemented by the above roles are roughly:

 * Hosts that want a certificate use the ``amce.sh`` tool to request it
@ -63,7 +63,7 @@ Configuring a host to get certificates
 A basic configuration consists of the following steps:

 1. Ensure the host is matched by the ``letsencrypt`` group in
-   ``inventory/groups.yaml``.
+   :git_file:`inventory/groups.yaml`.
 #. DNS entries for ``_acme-chellenge.hostname`` as a ``CNAME`` to
   ``opendev.org`` must be added and live in the ``opendev.org``
   `zone.db
@ -111,7 +111,7 @@ A basic configuration consists of the following steps:
       ...

   Usually these handlers are defined centrally in
-   :git_file:``playbooks/roles/letsencrypt-create-certs/handlers/main.yaml``
+   :git_file:`playbooks/roles/letsencrypt-create-certs/handlers/main.yaml`
   and common tasks such as restarting Apache have pre-defined tasks
   available for easy import.

--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@ -56,6 +56,7 @@ groups:
    - graphite01.opendev.org
    - mirror[0-9]*.opendev.org
    - files[0-9]*.open*.org
+    - static.openstack.org
  logstash:
    - logstash[0-9]*.open*.org
  logstash-worker:
--- a/playbooks/group_vars/static.yaml
+++ b/playbooks/group_vars/static.yaml
@ -0,0 +1,3 @@
+letsencrypt_certs:
+  logs-main:
+    - logs.opendev.org
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@ -17,6 +17,9 @@
 - name: letsencrypt updated tarballs-main
  import_tasks: restart_apache.yaml

+- name: letsencrypt updated logs-main
+  import_tasks: restart_apache.yaml
+
 # Mirrors

 - name: letsencrypt updated mirror01-dfw-rax-main