Merge "Revert registry.zuul-ci.org"
This commit is contained in:
commit
a01fecb422
@ -47,8 +47,6 @@ letsencrypt_certs:
|
|||||||
- meetings.opendev.org
|
- meetings.opendev.org
|
||||||
static-planet-openstack-org:
|
static-planet-openstack-org:
|
||||||
- planet.openstack.org
|
- planet.openstack.org
|
||||||
static-registry-zuul-ci-org:
|
|
||||||
- registry.zuul-ci.org
|
|
||||||
static-service-types-openstack-org:
|
static-service-types-openstack-org:
|
||||||
- service-types.openstack.org
|
- service-types.openstack.org
|
||||||
static-security-openstack-org:
|
static-security-openstack-org:
|
||||||
|
@ -115,9 +115,6 @@
|
|||||||
- name: letsencrypt updated static-planet-openstack-org
|
- name: letsencrypt updated static-planet-openstack-org
|
||||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||||
|
|
||||||
- name: letsencrypt updated static-registry-zuul-ci-org
|
|
||||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
||||||
|
|
||||||
- name: letsencrypt updated static-service-types-openstack-org
|
- name: letsencrypt updated static-service-types-openstack-org
|
||||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||||
|
|
||||||
|
@ -1,44 +0,0 @@
|
|||||||
<VirtualHost *:80>
|
|
||||||
ServerName registry.zuul-ci.org
|
|
||||||
|
|
||||||
RewriteEngine on
|
|
||||||
RewriteRule ^/(.*) https://registry.zuul-ci.org/$1 [last,redirect=permanent]
|
|
||||||
|
|
||||||
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
|
|
||||||
LogLevel warn
|
|
||||||
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
|
||||||
<VirtualHost *:443>
|
|
||||||
ServerName registry.zuul-ci.org
|
|
||||||
|
|
||||||
RewriteEngine on
|
|
||||||
|
|
||||||
SSLEngine on
|
|
||||||
SSLProtocol All -SSLv2 -SSLv3
|
|
||||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
||||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
||||||
# only is guarenteed.
|
|
||||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
||||||
SSLHonorCipherOrder on
|
|
||||||
SSLCertificateFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.cer
|
|
||||||
SSLCertificateKeyFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.key
|
|
||||||
SSLCertificateChainFile /etc/letsencrypt-certs/registry.zuul-ci.org/ca.cer
|
|
||||||
|
|
||||||
DocumentRoot /var/www/registry
|
|
||||||
<Directory /var/www/registry>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
Require all granted
|
|
||||||
AllowOverride None
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
RewriteRule ^/v2/(.+)$ https://quay.io/v2/corvus/$1 [R=302,L]
|
|
||||||
|
|
||||||
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
|
|
||||||
LogLevel warn
|
|
||||||
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
</IfModule>
|
|
@ -123,7 +123,6 @@
|
|||||||
- 50-meetings.opendev.org
|
- 50-meetings.opendev.org
|
||||||
- 50-nova.openstack.org
|
- 50-nova.openstack.org
|
||||||
- 50-planet.openstack.org
|
- 50-planet.openstack.org
|
||||||
- 50-registry.zuul-ci.org
|
|
||||||
- 50-security.openstack.org
|
- 50-security.openstack.org
|
||||||
- 50-service-types.openstack.org
|
- 50-service-types.openstack.org
|
||||||
- 50-specs.openstack.org
|
- 50-specs.openstack.org
|
||||||
|
@ -1,32 +0,0 @@
|
|||||||
- hosts: "prod_bastion[0]"
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
# Do a test pull through the HTTP redirect registry site running
|
|
||||||
# on the static host.
|
|
||||||
|
|
||||||
- name: Add registry redirect hosts
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/hosts
|
|
||||||
regexp: '.*{{ item.registry }}$'
|
|
||||||
line: '{{ hostvars[item.host].ansible_host }} {{ item.registry }}'
|
|
||||||
state: present
|
|
||||||
loop:
|
|
||||||
- { 'host' : 'static99.opendev.org',
|
|
||||||
'registry': 'registry.zuul-ci.org' }
|
|
||||||
|
|
||||||
- name: Do a test docker pull through redirect
|
|
||||||
command: docker pull registry.zuul-ci.org/zuul:8.2.0
|
|
||||||
register: _docker_pull
|
|
||||||
|
|
||||||
- name: Check output
|
|
||||||
assert:
|
|
||||||
that: '"Digest: sha256:4a54086c286a7f12434d3d0fb620081c5d967c5fe335229a239155913662f4a1" in _docker_pull.stdout'
|
|
||||||
|
|
||||||
- name: Install podman
|
|
||||||
package:
|
|
||||||
name: podman
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Do a test podman pull through redirect
|
|
||||||
command: podman --log-level=debug pull registry.zuul-ci.org/zuul:8.2.0
|
|
||||||
register: _podman_pull
|
|
@ -236,27 +236,3 @@ def test_ci_openstack_org(host, path, target):
|
|||||||
' https://ci.openstack.org%s' % path)
|
' https://ci.openstack.org%s' % path)
|
||||||
assert '301 Moved Permanently' in cmd.stdout
|
assert '301 Moved Permanently' in cmd.stdout
|
||||||
assert target in cmd.stdout
|
assert target in cmd.stdout
|
||||||
|
|
||||||
def test_registry_zuul_ci_org(host):
|
|
||||||
# The functional test does an actual pull; here we just check some
|
|
||||||
# specific URLs work. In particular, we want to make sure that we
|
|
||||||
# don't proxy /v2/.
|
|
||||||
|
|
||||||
cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1'
|
|
||||||
' https://registry.zuul-ci.org/v2/')
|
|
||||||
assert '301 Moved Permanently' not in cmd.stdout
|
|
||||||
assert '302 Found' not in cmd.stdout
|
|
||||||
assert cmd.stdout.strip() == ""
|
|
||||||
|
|
||||||
cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1'
|
|
||||||
' -I https://registry.zuul-ci.org/v2/zuul/manifests/8.2.0')
|
|
||||||
assert '302 Found' in cmd.stdout
|
|
||||||
assert 'Location: https://quay.io/v2/corvus/zuul/manifests/8.2.0' in cmd.stdout
|
|
||||||
|
|
||||||
cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1'
|
|
||||||
' https://registry.zuul-ci.org/v2/zuul/blobs/'
|
|
||||||
'sha256:5dda314a937ad03f8beac81c714da74e459b6174301368e0903ef586a68ae150')
|
|
||||||
assert '302 Found' in cmd.stdout
|
|
||||||
assert ('https://quay.io/v2/corvus/zuul/blobs/'
|
|
||||||
'sha256:5dda314a937ad03f8beac81c714da74e459b6174301368e0903ef586a68ae150'
|
|
||||||
in cmd.stdout)
|
|
||||||
|
@ -1124,7 +1124,6 @@
|
|||||||
run_playbooks:
|
run_playbooks:
|
||||||
- playbooks/letsencrypt.yaml
|
- playbooks/letsencrypt.yaml
|
||||||
- playbooks/service-static.yaml
|
- playbooks/service-static.yaml
|
||||||
run_test_playbook: playbooks/test-static.yaml
|
|
||||||
files:
|
files:
|
||||||
- playbooks/bootstrap-bridge.yaml
|
- playbooks/bootstrap-bridge.yaml
|
||||||
- playbooks/roles/apache-ua-filter/
|
- playbooks/roles/apache-ua-filter/
|
||||||
@ -1132,7 +1131,6 @@
|
|||||||
- playbooks/roles/letsencrypt
|
- playbooks/roles/letsencrypt
|
||||||
- playbooks/letsencrypt.yaml
|
- playbooks/letsencrypt.yaml
|
||||||
- playbooks/service-static.yaml
|
- playbooks/service-static.yaml
|
||||||
- playbooks/test-static.yaml
|
|
||||||
- testinfra/test_static.py
|
- testinfra/test_static.py
|
||||||
host-vars:
|
host-vars:
|
||||||
static99.opendev.org:
|
static99.opendev.org:
|
||||||
|
Loading…
Reference in New Issue
Block a user