From 48cafd19f8b9eebe7cd986975288705c68cf5b3e Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Wed, 31 Jul 2019 13:00:50 -0700
Subject: [PATCH] Add LE cert for logs.opendev.org to static

This can be used in an apache vhost later, but should be fine to
merge now.

Depends-On: https://review.opendev.org/673902
Change-Id: Ic2cb7585433351ec1bdabd88915fa1ca07da44e7
---
 doc/source/letsencrypt.rst                                  | 6 +++---
 inventory/groups.yaml                                       | 1 +
 playbooks/group_vars/static.yaml                            | 3 +++
 playbooks/roles/letsencrypt-create-certs/handlers/main.yaml | 3 +++
 4 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 playbooks/group_vars/static.yaml

diff --git a/doc/source/letsencrypt.rst b/doc/source/letsencrypt.rst
index afa2d32ec6..260cb209f7 100644
--- a/doc/source/letsencrypt.rst
+++ b/doc/source/letsencrypt.rst
@@ -30,7 +30,7 @@ We support automatic provisioning of certificates from Let's Encrypt
 to hosts in the ``opendev.org`` domain.
 
 This is implemented in OpenDev via the roles driven from
-:git_file:``playbooks/roles/service-letsencrypt.yaml``.  The overall
+:git_file:`playbooks/roles/service-letsencrypt.yaml`.  The overall
 actions implemented by the above roles are roughly:
 
 * Hosts that want a certificate use the ``amce.sh`` tool to request it
@@ -63,7 +63,7 @@ Configuring a host to get certificates
 A basic configuration consists of the following steps:
 
 1. Ensure the host is matched by the ``letsencrypt`` group in
-   ``inventory/groups.yaml``.
+   :git_file:`inventory/groups.yaml`.
 #. DNS entries for ``_acme-chellenge.hostname`` as a ``CNAME`` to
    ``opendev.org`` must be added and live in the ``opendev.org``
    `zone.db
@@ -111,7 +111,7 @@ A basic configuration consists of the following steps:
        ...
 
    Usually these handlers are defined centrally in
-   :git_file:``playbooks/roles/letsencrypt-create-certs/handlers/main.yaml``
+   :git_file:`playbooks/roles/letsencrypt-create-certs/handlers/main.yaml`
    and common tasks such as restarting Apache have pre-defined tasks
    available for easy import.
 
diff --git a/inventory/groups.yaml b/inventory/groups.yaml
index 62625e7d09..884d0f6f26 100644
--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@@ -56,6 +56,7 @@ groups:
     - graphite01.opendev.org
     - mirror[0-9]*.opendev.org
     - files[0-9]*.open*.org
+    - static.openstack.org
   logstash:
     - logstash[0-9]*.open*.org
   logstash-worker:
diff --git a/playbooks/group_vars/static.yaml b/playbooks/group_vars/static.yaml
new file mode 100644
index 0000000000..49f19d187d
--- /dev/null
+++ b/playbooks/group_vars/static.yaml
@@ -0,0 +1,3 @@
+letsencrypt_certs:
+  logs-main:
+    - logs.opendev.org
diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
index 5f8f667c11..4c77952867 100644
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@@ -17,6 +17,9 @@
 - name: letsencrypt updated tarballs-main
   import_tasks: restart_apache.yaml
 
+- name: letsencrypt updated logs-main
+  import_tasks: restart_apache.yaml
+
 # Mirrors
 
 - name: letsencrypt updated mirror01-dfw-rax-main