Merge "static: move afs sites from files.openstack.org to static.opendev.org"

2020-02-24 00:39:50 +00:00 · 2020-02-24 00:39:50 +00:00 · a2c21661df
commit a2c21661df
parent 71e650eb5a 3206fd02b8
9 changed files with 300 additions and 0 deletions
--- a/playbooks/host_vars/static01.opendev.org.yaml
+++ b/playbooks/host_vars/static01.opendev.org.yaml
@ -3,6 +3,14 @@ letsencrypt_certs:
  static01-opendev-org-main:
    - static.opendev.org
    - static01.opendev.org
+  static01-developer-openstack-org:
+    - developer.openstack.org
+  static01-docs-opendev-org:
+    - docs.opendev.org
+  static01-docs-openstack-org:
+    - docs.openstack.org
+  static01-docs-starlingx-io:
+    - docs.starlingx.io
  static01-governance-openstack-org:
    - governance.openstack.org
  static01-service-types-openstack-org:
@ -17,3 +25,8 @@ letsencrypt_certs:
    - tarballs.opendev.org
  static01-tarballs-openstack-org:
    - tarballs.openstack.org
+  static01-zuul-ci-org:
+    - zuul-ci.org
+    - www.zuul-ci.org
+    - zuulci.org
+    - www.zuulci.org
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@ -38,6 +38,18 @@
 - name: letsencrypt updated static01-opendev-org-main
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

+- name: letsencrypt updated static01-developer-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-docs-opendev-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-docs-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-docs-starlingx-io
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-governance-openstack-org
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

@ -59,6 +71,9 @@
 - name: letsencrypt updated static01-tarballs-openstack-org
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

+- name: letsencrypt updated static01-zuul-ci-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 # review-dev

 - name: letsencrypt updated review-dev01-opendev-org-main
--- a/playbooks/roles/static/files/50-developer.openstack.org.conf
+++ b/playbooks/roles/static/files/50-developer.openstack.org.conf
@ -0,0 +1,42 @@
+<VirtualHost *:80>
+    ServerName developer.openstack.org
+
+    RewriteEngine on
+    RewriteRule ^/(.*) https://developer.openstack.org/$1 [last,redirect=permanent]
+
+    ErrorLog /var/log/apache2/developer.openstack.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/developer.openstack.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName developer.openstack.org
+
+    RewriteEngine on
+
+  SSLCertificateFile      /etc/letsencrypt-certs/developer.openstack.org/developer.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/developer.openstack.org/developer.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/developer.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+    DocumentRoot /afs/openstack.org/developer-docs
+    <Directory /afs/openstack.org/developer-docs>
+        Options Indexes FollowSymLinks MultiViews
+        Satisfy any
+        Require all granted
+        # Allow mod_rewrite rules
+        AllowOverride FileInfo
+        ErrorDocument 404 /errorpage.html
+    </Directory>
+
+    ErrorLog /var/log/apache2/developer.openstack.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/developer.openstack.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+</IfModule>
--- a/playbooks/roles/static/files/50-docs.opendev.org.conf
+++ b/playbooks/roles/static/files/50-docs.opendev.org.conf
@ -0,0 +1,44 @@
+<VirtualHost *:80>
+    ServerName docs.opendev.org
+
+    RewriteEngine on
+    RewriteRule ^/(.*) https://docs.opendev.org/$1 [last,redirect=permanent]
+
+    ErrorLog /var/log/apache2/docs.opendev.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/docs.opendev.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName docs.opendev.org
+
+    RewriteEngine on
+
+  SSLCertificateFile      /etc/letsencrypt-certs/docs.opendev.org/docs.opendev.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/docs.opendev.org/docs.opendev.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/docs.opendev.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+
+    DocumentRoot /afs/openstack.org/project/opendev.org/docs
+    <Directory /afs/openstack.org/project/opendev.org/docs>
+        Options Indexes FollowSymLinks MultiViews
+        Satisfy any
+        Require all granted
+        AllowOverride None
+        # Allow mod_rewrite rules
+        AllowOverrideList Redirect RedirectMatch
+        ErrorDocument 404 /errorpage.html
+    </Directory>
+
+    ErrorLog /var/log/apache2/docs.opendev.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/docs.opendev.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+</IfModule>
--- a/playbooks/roles/static/files/50-docs.openstack.org.conf
+++ b/playbooks/roles/static/files/50-docs.openstack.org.conf
@ -0,0 +1,43 @@
+<VirtualHost *:80>
+    ServerName docs.openstack.org
+
+    RewriteEngine on
+    RewriteRule ^/(.*) https://docs.openstack.org/$1 [last,redirect=permanent]
+
+    ErrorLog /var/log/apache2/docs.openstack.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/docs.openstack.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName docs.openstack.org
+
+    RewriteEngine on
+
+  SSLCertificateFile      /etc/letsencrypt-certs/docs.openstack.org/docs.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/docs.openstack.org/docs.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/docs.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+    DocumentRoot /afs/openstack.org/docs
+    <Directory /afs/openstack.org/docs>
+        Options Indexes FollowSymLinks MultiViews
+        Satisfy any
+        Require all granted
+        AllowOverride None
+        # Allow mod_rewrite rules
+        AllowOverrideList Redirect RedirectMatch
+        ErrorDocument 404 /errorpage.html
+    </Directory>
+
+    ErrorLog /var/log/apache2/docs.openstack.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/docs.openstack.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+</IfModule>
--- a/playbooks/roles/static/files/50-docs.starlingx.io.conf
+++ b/playbooks/roles/static/files/50-docs.starlingx.io.conf
@ -0,0 +1,43 @@
+<VirtualHost *:80>
+    ServerName docs.starlingx.io
+
+    RewriteEngine on
+    RewriteRule ^/(.*) https://docs.starlingx.io/$1 [last,redirect=permanent]
+
+    ErrorLog /var/log/apache2/docs.starlingx.io_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/docs.starlingx.io_access.log combined
+    ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName docs.starlingx.io
+
+    RewriteEngine on
+
+  SSLCertificateFile      /etc/letsencrypt-certs/docs.starlingx.io/docs.starlingx.io.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/docs.starlingx.io/docs.starlingx.io.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/docs.starlingx.io/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+    DocumentRoot /afs/openstack.org/project/starlingx.io/www
+    <Directory /afs/openstack.org/project/starlingx.io/www>
+        Options Indexes FollowSymLinks MultiViews
+        Satisfy any
+        Require all granted
+        AllowOverride None
+        # Allow mod_rewrite rules
+        AllowOverrideList Redirect RedirectMatch
+        ErrorDocument 404 /errorpage.html
+    </Directory>
+
+    ErrorLog /var/log/apache2/docs.starlingx.io_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/docs.starlingx.io_access.log combined
+    ServerSignature Off
+</VirtualHost>
+</IfModule>
--- a/playbooks/roles/static/files/50-zuul-ci.org.conf
+++ b/playbooks/roles/static/files/50-zuul-ci.org.conf
@ -0,0 +1,52 @@
+<VirtualHost *:80>
+    ServerName zuul-ci.org
+    ServerAlias www.zuul-ci.org
+    ServerAlias zuulci.org
+    ServerAlias www.zuulci.org
+
+    RewriteEngine on
+    RewriteRule ^/(.*) https://zuul-ci.org/$1 [last,redirect=permanent]
+
+    ErrorLog /var/log/apache2/zuul-ci.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/zuul-ci.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName zuul-ci.org
+    ServerAlias www.zuul-ci.org
+    ServerAlias zuulci.org
+    ServerAlias www.zuulci.org
+
+    RewriteEngine on
+
+    SSLEngine on
+    SSLProtocol All -SSLv2 -SSLv3
+    # Once the machine is using something to terminate TLS that supports ECDHE
+    # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
+    # only is guarenteed.
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+    SSLHonorCipherOrder on
+    SSLCertificateFile /etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.cer
+    SSLCertificateKeyFile /etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.key
+    SSLCertificateChainFile /etc/letsencrypt-certs/zuul-ci.org/ca.cer
+
+    DocumentRoot /afs/openstack.org/project/zuul-ci.org/www
+    <Directory /afs/openstack.org/project/zuul-ci.org/www>
+        Options Indexes FollowSymLinks MultiViews
+        Satisfy any
+        Require all granted
+        AllowOverride None
+        # Allow mod_rewrite rules
+        AllowOverrideList Redirect RedirectMatch
+        ErrorDocument 404 /errorpage.html
+    </Directory>
+
+    ErrorLog /var/log/apache2/zuul-ci.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/zuul-ci.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+</IfModule>
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@ -59,6 +59,10 @@
  include_tasks: enable_site.yaml
  loop:
    - 00-static.opendev.org
+    - 50-developer.openstack.org
+    - 50-docs.opendev.org
+    - 50-docs.openstack.org
+    - 50-docs.starlingx.io
    - 50-governance.openstack.org
    - 50-security.openstack.org
    - 50-service-types.openstack.org
@ -66,3 +70,4 @@
    - 50-releases.openstack.org
    - 50-tarballs.opendev.org
    - 50-tarballs.openstack.org
+    - 50-zuul-ci.org
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@ -12,6 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+import pytest

 testinfra_hosts = ['static01.opendev.org']

@ -71,3 +72,45 @@ def test_releases_openstack_org(host):
                   '--resolve releases.openstack.org:443:127.0.0.1 '
                   'https://releases.openstack.org')
    assert 'OpenStack Releases: OpenStack Releases' in cmd.stdout
+
+def test_developer_openstack_org(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve developer.openstack.org:443:127.0.0.1 '
+                   'https://developer.openstack.org')
+    assert 'OpenStack Docs: Application Development' in cmd.stdout
+
+def test_docs_openstack_org(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve docs.openstack.org:443:127.0.0.1 '
+                   'https://docs.openstack.org')
+    # links to the latest, make sure it redirected us
+    assert '301 Moved Permanently' in cmd.stdout
+
+def test_docs_opendev_org(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve docs.opendev.org:443:127.0.0.1 '
+                   'https://docs.opendev.org')
+    assert 'Index of /' in cmd.stdout
+
+def test_docs_starlingx_io(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve docs.starlingx.io:443:127.0.0.1 '
+                   'https://docs.starlingx.io')
+    # links to the latest, make sure it redirected us
+    assert 'StarlingX Docs: Welcome to the StarlingX Documentation' \
+        in cmd.stdout
+
+zuul_names = (
+    'zuul-ci.org',
+    'www.zuul-ci.org',
+    'zuulci.org',
+    'www.zuulci.org',
+)
+
+@pytest.mark.parametrize("name", zuul_names)
+def test_docs_openstack_org(host, name):
+
+    cmd = host.run('curl --insecure '
+                   '--resolve %s:443:127.0.0.1 https://%s/ ' %
+                   (name, name))
+    assert 'Zuul is an open source CI tool' in cmd.stdout