Host a redirect for api.openstack.org

There is some ancient redirect we don't control somewhere in Liquid Web's IP space which has been serving a redirect from api.openstack.org to developer.openstack.org for who knows how long. Since we already have a farm of redirect vhosts for other sites on static.openstack.org, add this one as well so we can clean up this strange and confusing external dependency. Change-Id: I8051121761366ccbd07f3795c9aecc766f9fb7ff
2024-05-14 19:49:32 +00:00 · 2024-05-14 19:49:32 +00:00 · 82a3c31641
commit 82a3c31641
parent 764b9968e0
5 changed files with 48 additions and 0 deletions
--- a/inventory/service/group_vars/static.yaml
+++ b/inventory/service/group_vars/static.yaml
@ -4,6 +4,8 @@ letsencrypt_certs:
    - '{{ inventory_hostname }}'
    - files.openstack.org
    - static.openstack.org
+  static-api-openstack-org:
+    - api.openstack.org
  static-ask-openstack-org:
    - ask.openstack.org
  static-docs-airshipit-org:
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@ -52,6 +52,9 @@
 - name: letsencrypt updated static-opendev-org-main
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

+- name: letsencrypt updated static-api-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static-ask-openstack-org
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

--- a/playbooks/roles/static/files/50-api.openstack.org.conf
+++ b/playbooks/roles/static/files/50-api.openstack.org.conf
@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName api.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://developer.openstack.org/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/api.openstack.org_error.log
+  CustomLog /var/log/apache2/api.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName api.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/api.openstack.org/api.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/api.openstack.org/api.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/api.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://developer.openstack.org/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/api.openstack.org_error.log
+  CustomLog /var/log/apache2/api.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@ -105,6 +105,7 @@
  include_tasks: enable_site.yaml
  loop:
    - 00-static.opendev.org
+    - 50-api.openstack.org
    - 50-ask.openstack.org
    - 50-ci.openstack.org
    - 50-cinder.openstack.org
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@ -187,6 +187,17 @@ def test_doc_redirects(host, hostname, target):
    assert '301 Moved Permanently' in cmd.stdout
    assert target in cmd.stdout

+def test_api_openstack_org(host):
+    cmd = host.run('curl --resolve api.openstack.org:80:127.0.0.1'
+                   ' http://api.openstack.org')
+    assert '301 Moved Permanently' in cmd.stdout
+    assert 'https://developer.openstack.org/' in cmd.stdout
+
+    cmd = host.run('curl --resolve api.openstack.org:443:127.0.0.1'
+                   ' https://api.openstack.org')
+    assert '301 Moved Permanently' in cmd.stdout
+    assert 'https://developer.openstack.org/' in cmd.stdout
+
 def test_summit_openstack_org(host):
    cmd = host.run('curl --resolve summit.openstack.org:80:127.0.0.1'
                   ' http://summit.openstack.org')