Merge "Revert registry.zuul-ci.org"

This commit is contained in:
Zuul 2023-11-15 02:46:11 +00:00 committed by Gerrit Code Review
commit a01fecb422
7 changed files with 0 additions and 108 deletions

View File

@ -47,8 +47,6 @@ letsencrypt_certs:
- meetings.opendev.org
static-planet-openstack-org:
- planet.openstack.org
static-registry-zuul-ci-org:
- registry.zuul-ci.org
static-service-types-openstack-org:
- service-types.openstack.org
static-security-openstack-org:

View File

@ -115,9 +115,6 @@
- name: letsencrypt updated static-planet-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static-registry-zuul-ci-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static-service-types-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

View File

@ -1,44 +0,0 @@
<VirtualHost *:80>
ServerName registry.zuul-ci.org
RewriteEngine on
RewriteRule ^/(.*) https://registry.zuul-ci.org/$1 [last,redirect=permanent]
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
LogLevel warn
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName registry.zuul-ci.org
RewriteEngine on
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/registry.zuul-ci.org/ca.cer
DocumentRoot /var/www/registry
<Directory /var/www/registry>
Options Indexes FollowSymLinks MultiViews
Require all granted
AllowOverride None
</Directory>
RewriteRule ^/v2/(.+)$ https://quay.io/v2/corvus/$1 [R=302,L]
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
LogLevel warn
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>

View File

@ -123,7 +123,6 @@
- 50-meetings.opendev.org
- 50-nova.openstack.org
- 50-planet.openstack.org
- 50-registry.zuul-ci.org
- 50-security.openstack.org
- 50-service-types.openstack.org
- 50-specs.openstack.org

View File

@ -1,32 +0,0 @@
- hosts: "prod_bastion[0]"
tasks:
# Do a test pull through the HTTP redirect registry site running
# on the static host.
- name: Add registry redirect hosts
lineinfile:
dest: /etc/hosts
regexp: '.*{{ item.registry }}$'
line: '{{ hostvars[item.host].ansible_host }} {{ item.registry }}'
state: present
loop:
- { 'host' : 'static99.opendev.org',
'registry': 'registry.zuul-ci.org' }
- name: Do a test docker pull through redirect
command: docker pull registry.zuul-ci.org/zuul:8.2.0
register: _docker_pull
- name: Check output
assert:
that: '"Digest: sha256:4a54086c286a7f12434d3d0fb620081c5d967c5fe335229a239155913662f4a1" in _docker_pull.stdout'
- name: Install podman
package:
name: podman
state: present
- name: Do a test podman pull through redirect
command: podman --log-level=debug pull registry.zuul-ci.org/zuul:8.2.0
register: _podman_pull

View File

@ -236,27 +236,3 @@ def test_ci_openstack_org(host, path, target):
' https://ci.openstack.org%s' % path)
assert '301 Moved Permanently' in cmd.stdout
assert target in cmd.stdout
def test_registry_zuul_ci_org(host):
# The functional test does an actual pull; here we just check some
# specific URLs work. In particular, we want to make sure that we
# don't proxy /v2/.
cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1'
' https://registry.zuul-ci.org/v2/')
assert '301 Moved Permanently' not in cmd.stdout
assert '302 Found' not in cmd.stdout
assert cmd.stdout.strip() == ""
cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1'
' -I https://registry.zuul-ci.org/v2/zuul/manifests/8.2.0')
assert '302 Found' in cmd.stdout
assert 'Location: https://quay.io/v2/corvus/zuul/manifests/8.2.0' in cmd.stdout
cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1'
' https://registry.zuul-ci.org/v2/zuul/blobs/'
'sha256:5dda314a937ad03f8beac81c714da74e459b6174301368e0903ef586a68ae150')
assert '302 Found' in cmd.stdout
assert ('https://quay.io/v2/corvus/zuul/blobs/'
'sha256:5dda314a937ad03f8beac81c714da74e459b6174301368e0903ef586a68ae150'
in cmd.stdout)

View File

@ -1124,7 +1124,6 @@
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-static.yaml
run_test_playbook: playbooks/test-static.yaml
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/roles/apache-ua-filter/
@ -1132,7 +1131,6 @@
- playbooks/roles/letsencrypt
- playbooks/letsencrypt.yaml
- playbooks/service-static.yaml
- playbooks/test-static.yaml
- testinfra/test_static.py
host-vars:
static99.opendev.org: