Merge "Use LE cert for git.zuul-ci.org"

manifests/site.pp

@@ -442,9 +442,6 @@ node /^files\d*\.open.*\.org$/ {
     git_starlingx_cert_file_contents  => hiera('git_starlingx_cert_file_contents'),
     git_starlingx_key_file_contents   => hiera('git_starlingx_key_file_contents'),
     git_starlingx_chain_file_contents => hiera('git_starlingx_chain_file_contents'),
-    git_zuul_cert_file_contents       => hiera('git_zuul_cert_file_contents'),
-    git_zuul_key_file_contents        => hiera('git_zuul_key_file_contents'),
-    git_zuul_chain_file_contents      => hiera('git_zuul_chain_file_contents'),
     require                           => Class['Openstack_project::Server'],
   }
 
@@ -490,6 +487,16 @@ node /^files\d*\.open.*\.org$/ {
     ssl_chain_file => '/etc/letsencrypt-certs/zuul-ci.org/ca.cer',
     require        => Class['openstack_project::files'],
   }
+
+  openstack_project::website { 'git.zuul-ci.org':
+    docroot             => "/var/www/git-redirect",
+    allow_override_list => "Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule",
+    ssl_cert_file       => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.cer',
+    ssl_key_file        => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.key',
+    ssl_chain_file      => '/etc/letsencrypt-certs/git.zuul-ci.org/ca.cer',
+    require             => Class['openstack_project::files'],
+  }
+
 }
 
 # Node-OS: trusty

modules/openstack_project/manifests/files.pp

@@ -17,9 +17,6 @@ class openstack_project::files (
   $git_starlingx_cert_file_contents,
   $git_starlingx_key_file_contents,
   $git_starlingx_chain_file_contents,
-  $git_zuul_cert_file_contents,
-  $git_zuul_key_file_contents,
-  $git_zuul_chain_file_contents,
 ) {
 
   $afs_root = '/afs/openstack.org/'
@@ -330,40 +327,4 @@ class openstack_project::files (
     require => File['/etc/ssl/certs'],
     before  => File['/etc/ssl/certs/git.starlingx.io.pem'],
   }
-
-  ###########################################################
-  # git.zuul-ci.org
-
-  ::httpd::vhost { 'git.zuul-ci.org':
-    port     => 443, # Is required despite not being used.
-    docroot  => "${www_base}/git-redirect",
-    priority => '50',
-    template => 'openstack_project/git-redirect.vhost.erb',
-    require  => File["${www_base}/git-redirect"],
-  }
-  file { '/etc/ssl/certs/git.zuul-ci.org.pem':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => $git_zuul_cert_file_contents,
-    require => File['/etc/ssl/certs'],
-  }
-  file { '/etc/ssl/private/git.zuul-ci.org.key':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0600',
-    content => $git_zuul_key_file_contents,
-    require => File['/etc/ssl/private'],
-  }
-  file { '/etc/ssl/certs/git.zuul-ci.org_intermediate.pem':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => $git_zuul_chain_file_contents,
-    require => File['/etc/ssl/certs'],
-    before  => File['/etc/ssl/certs/git.zuul-ci.org.pem'],
-  }
 }