Add review-dev01.opendev.org

Add a new review-dev server on the opendev domain with LE support
enabled.

Depends-On: https://review.opendev.org/705661
Change-Id: Ie32124cd617e9986602301f230e83bb138524fdf

.zuul.yaml

@@ -1056,27 +1056,34 @@
           label: ubuntu-bionic
         - name: review01.opendev.org
           label: ubuntu-bionic
-        - name: review-dev01.openstack.org
+        - name: review-dev01.opendev.org
           label: ubuntu-bionic
     vars:
       run_playbooks:
+        - playbooks/service-letsencrypt.yaml
         - playbooks/service-review-dev.yaml
         - playbooks/service-review.yaml
     host-vars:
-      review-dev01.openstack.org:
+      review-dev01.opendev.org:
         host_copy_output:
           '/home/gerrit2/review_site/etc': logs
           '/home/gerrit2/review_site/logs': logs
+          '/var/log/apache2/': logs
+          '/var/log/acme.sh': logs
       review01.opendev.org:
         host_copy_output:
           '/home/gerrit2/review_site/etc': logs
           '/home/gerrit2/review_site/logs': logs
+          '/var/log/apache2/': logs
+          '/var/log/acme.sh': logs
     files:
       - playbooks/group_vars/review.yaml
       - ^playbooks/host_vars/review\d+.opendev.org.yaml
       - playbooks/group_vars/review-dev.yaml
       - ^playbooks/host_vars/review-dev\d+.opendev.org.yaml
       - ^playbooks/service-review.*.yaml
+      - playbooks/roles/letsencrypt.*
+      - playbooks/service-letsencrypt.yaml
       - playbooks/zuul/templates/group_vars/review-dev.yaml.j2
       - playbooks/zuul/templates/group_vars/review.yaml.j2
       - playbooks/roles/gerrit/

hiera/common.yaml

@@ -314,6 +314,7 @@ cacti_hosts:
 - mirror01.regionone.linaro-us.opendev.org
 - mirror01.regionone.linaro-london.openstack.org
 - mirror-update.openstack.org
+- review-dev01.opendev.org
 - review-dev01.openstack.org
 - review.openstack.org
 - static.openstack.org

inventory/groups.yaml

@@ -69,6 +69,7 @@ groups:
     - insecure-ci-registry[0-9]*.opendev.org
     - mirror[0-9]*.opendev.org
     - files[0-9]*.open*.org
+    - review-dev[0-9]*.open*.org
     - static.openstack.org
     - static[0-9]*.opendev.org
     - gitea[0-9]*.opendev.org

inventory/openstack.yaml

@@ -681,6 +681,13 @@ all:
         region_name: DFW
       public_v4: 23.253.230.186
       public_v6: 2001:4800:7817:103:be76:4eff:fe05:5870
+    review-dev01.opendev.org:
+      ansible_host: 2001:4800:7819:104:be76:4eff:fe04:8e55
+      location:
+        cloud: openstackci-rax
+        region_name: DFW
+      public_v4: 23.253.109.153
+      public_v6: 2001:4800:7819:104:be76:4eff:fe04:8e55
     review-dev01.openstack.org:
       ansible_host: 2001:4800:7819:104:be76:4eff:fe04:4153
       location:

playbooks/host_vars/review-dev01.opendev.org.yaml

@@ -0,0 +1,12 @@
+ansible_python_interpreter: python3
+letsencrypt_certs:
+  review-dev01-opendev-org-main:
+    - review-dev.opendev.org
+    - review-dev01.opendev.org
+# We have to set the letsencrypt_gid to something that isn't 3000
+# to not conflict with gerrit2's gid
+letsencrypt_gid: 3001
+gerrit_storyboard_url: https://storyboard-dev.openstack.org
+gerrit_vhost_name: review-dev.opendev.org
+gerrit_ssl_cert_file: /etc/letsencrypt-certs/review-dev.opendev.org/review-dev.opendev.org.cer
+gerrit_ssl_key_file: /etc/letsencrypt-certs/review-dev.opendev.org/review-dev.opendev.org.key

playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml

@@ -8,6 +8,7 @@
   group:
     name: letsencrypt
     state: present
+    gid: "{{ letsencrypt_gid | default(omit) }}"
 
 - name: Install driver script
   copy:

playbooks/roles/letsencrypt-create-certs/handlers/main.yaml

@@ -44,6 +44,11 @@
 - name: letsencrypt updated static01-security-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+# review-dev
+
+- name: letsencrypt updated review-dev01-opendev-org-main
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 # Mirrors
 
 - name: letsencrypt updated mirror01-dfw-rax-main

playbooks/service-review-dev.yaml

@@ -1,5 +1,5 @@
-- hosts: "review-dev01.openstack.org:!disabled"
-  name: "Configure gerrit on review-dev01.openstack.org"
+- hosts: "review-dev:!disabled"
+  name: "Configure gerrit on review-dev"
   roles:
     - pip3
     - install-podman

testinfra/test_gerrit.py

@@ -14,7 +14,7 @@
 
 
 testinfra_hosts = [
-    'review-dev01.openstack.org',
+    'review-dev01.opendev.org',
     'review01.opendev.org',
 ]