Add LE cert for logs.opendev.org to static
This can be used in an apache vhost later, but should be fine to merge now. Depends-On: https://review.opendev.org/673902 Change-Id: Ic2cb7585433351ec1bdabd88915fa1ca07da44e7
This commit is contained in:
parent
7df5981e12
commit
48cafd19f8
@ -30,7 +30,7 @@ We support automatic provisioning of certificates from Let's Encrypt
|
|||||||
to hosts in the ``opendev.org`` domain.
|
to hosts in the ``opendev.org`` domain.
|
||||||
|
|
||||||
This is implemented in OpenDev via the roles driven from
|
This is implemented in OpenDev via the roles driven from
|
||||||
:git_file:``playbooks/roles/service-letsencrypt.yaml``. The overall
|
:git_file:`playbooks/roles/service-letsencrypt.yaml`. The overall
|
||||||
actions implemented by the above roles are roughly:
|
actions implemented by the above roles are roughly:
|
||||||
|
|
||||||
* Hosts that want a certificate use the ``amce.sh`` tool to request it
|
* Hosts that want a certificate use the ``amce.sh`` tool to request it
|
||||||
@ -63,7 +63,7 @@ Configuring a host to get certificates
|
|||||||
A basic configuration consists of the following steps:
|
A basic configuration consists of the following steps:
|
||||||
|
|
||||||
1. Ensure the host is matched by the ``letsencrypt`` group in
|
1. Ensure the host is matched by the ``letsencrypt`` group in
|
||||||
``inventory/groups.yaml``.
|
:git_file:`inventory/groups.yaml`.
|
||||||
#. DNS entries for ``_acme-chellenge.hostname`` as a ``CNAME`` to
|
#. DNS entries for ``_acme-chellenge.hostname`` as a ``CNAME`` to
|
||||||
``opendev.org`` must be added and live in the ``opendev.org``
|
``opendev.org`` must be added and live in the ``opendev.org``
|
||||||
`zone.db
|
`zone.db
|
||||||
@ -111,7 +111,7 @@ A basic configuration consists of the following steps:
|
|||||||
...
|
...
|
||||||
|
|
||||||
Usually these handlers are defined centrally in
|
Usually these handlers are defined centrally in
|
||||||
:git_file:``playbooks/roles/letsencrypt-create-certs/handlers/main.yaml``
|
:git_file:`playbooks/roles/letsencrypt-create-certs/handlers/main.yaml`
|
||||||
and common tasks such as restarting Apache have pre-defined tasks
|
and common tasks such as restarting Apache have pre-defined tasks
|
||||||
available for easy import.
|
available for easy import.
|
||||||
|
|
||||||
|
@ -56,6 +56,7 @@ groups:
|
|||||||
- graphite01.opendev.org
|
- graphite01.opendev.org
|
||||||
- mirror[0-9]*.opendev.org
|
- mirror[0-9]*.opendev.org
|
||||||
- files[0-9]*.open*.org
|
- files[0-9]*.open*.org
|
||||||
|
- static.openstack.org
|
||||||
logstash:
|
logstash:
|
||||||
- logstash[0-9]*.open*.org
|
- logstash[0-9]*.open*.org
|
||||||
logstash-worker:
|
logstash-worker:
|
||||||
|
3
playbooks/group_vars/static.yaml
Normal file
3
playbooks/group_vars/static.yaml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
letsencrypt_certs:
|
||||||
|
logs-main:
|
||||||
|
- logs.opendev.org
|
@ -17,6 +17,9 @@
|
|||||||
- name: letsencrypt updated tarballs-main
|
- name: letsencrypt updated tarballs-main
|
||||||
import_tasks: restart_apache.yaml
|
import_tasks: restart_apache.yaml
|
||||||
|
|
||||||
|
- name: letsencrypt updated logs-main
|
||||||
|
import_tasks: restart_apache.yaml
|
||||||
|
|
||||||
# Mirrors
|
# Mirrors
|
||||||
|
|
||||||
- name: letsencrypt updated mirror01-dfw-rax-main
|
- name: letsencrypt updated mirror01-dfw-rax-main
|
||||||
|
Loading…
Reference in New Issue
Block a user