From cc619fe5892303b7b36506ed61d8e0e8ae041669 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 4 Feb 2020 07:01:55 -0600 Subject: [PATCH] Add review-dev01.opendev.org Add a new review-dev server on the opendev domain with LE support enabled. Depends-On: https://review.opendev.org/705661 Change-Id: Ie32124cd617e9986602301f230e83bb138524fdf --- .zuul.yaml | 11 +++++++++-- hiera/common.yaml | 1 + inventory/groups.yaml | 1 + inventory/openstack.yaml | 7 +++++++ playbooks/host_vars/review-dev01.opendev.org.yaml | 12 ++++++++++++ .../letsencrypt-acme-sh-install/tasks/main.yaml | 1 + .../letsencrypt-create-certs/handlers/main.yaml | 5 +++++ playbooks/service-review-dev.yaml | 4 ++-- testinfra/test_gerrit.py | 2 +- 9 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 playbooks/host_vars/review-dev01.opendev.org.yaml diff --git a/.zuul.yaml b/.zuul.yaml index 6d5ac93e94..330919209c 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1056,27 +1056,34 @@ label: ubuntu-bionic - name: review01.opendev.org label: ubuntu-bionic - - name: review-dev01.openstack.org + - name: review-dev01.opendev.org label: ubuntu-bionic vars: run_playbooks: + - playbooks/service-letsencrypt.yaml - playbooks/service-review-dev.yaml - playbooks/service-review.yaml host-vars: - review-dev01.openstack.org: + review-dev01.opendev.org: host_copy_output: '/home/gerrit2/review_site/etc': logs '/home/gerrit2/review_site/logs': logs + '/var/log/apache2/': logs + '/var/log/acme.sh': logs review01.opendev.org: host_copy_output: '/home/gerrit2/review_site/etc': logs '/home/gerrit2/review_site/logs': logs + '/var/log/apache2/': logs + '/var/log/acme.sh': logs files: - playbooks/group_vars/review.yaml - ^playbooks/host_vars/review\d+.opendev.org.yaml - playbooks/group_vars/review-dev.yaml - ^playbooks/host_vars/review-dev\d+.opendev.org.yaml - ^playbooks/service-review.*.yaml + - playbooks/roles/letsencrypt.* + - playbooks/service-letsencrypt.yaml - playbooks/zuul/templates/group_vars/review-dev.yaml.j2 - playbooks/zuul/templates/group_vars/review.yaml.j2 - playbooks/roles/gerrit/ diff --git a/hiera/common.yaml b/hiera/common.yaml index 136b89e2fa..3b7e72eb89 100644 --- a/hiera/common.yaml +++ b/hiera/common.yaml @@ -314,6 +314,7 @@ cacti_hosts: - mirror01.regionone.linaro-us.opendev.org - mirror01.regionone.linaro-london.openstack.org - mirror-update.openstack.org +- review-dev01.opendev.org - review-dev01.openstack.org - review.openstack.org - static.openstack.org diff --git a/inventory/groups.yaml b/inventory/groups.yaml index e3f9a32380..84f526c5c8 100644 --- a/inventory/groups.yaml +++ b/inventory/groups.yaml @@ -69,6 +69,7 @@ groups: - insecure-ci-registry[0-9]*.opendev.org - mirror[0-9]*.opendev.org - files[0-9]*.open*.org + - review-dev[0-9]*.open*.org - static.openstack.org - static[0-9]*.opendev.org - gitea[0-9]*.opendev.org diff --git a/inventory/openstack.yaml b/inventory/openstack.yaml index 5cd128f0eb..d784c335cf 100644 --- a/inventory/openstack.yaml +++ b/inventory/openstack.yaml @@ -681,6 +681,13 @@ all: region_name: DFW public_v4: 23.253.230.186 public_v6: 2001:4800:7817:103:be76:4eff:fe05:5870 + review-dev01.opendev.org: + ansible_host: 2001:4800:7819:104:be76:4eff:fe04:8e55 + location: + cloud: openstackci-rax + region_name: DFW + public_v4: 23.253.109.153 + public_v6: 2001:4800:7819:104:be76:4eff:fe04:8e55 review-dev01.openstack.org: ansible_host: 2001:4800:7819:104:be76:4eff:fe04:4153 location: diff --git a/playbooks/host_vars/review-dev01.opendev.org.yaml b/playbooks/host_vars/review-dev01.opendev.org.yaml new file mode 100644 index 0000000000..594c5569bc --- /dev/null +++ b/playbooks/host_vars/review-dev01.opendev.org.yaml @@ -0,0 +1,12 @@ +ansible_python_interpreter: python3 +letsencrypt_certs: + review-dev01-opendev-org-main: + - review-dev.opendev.org + - review-dev01.opendev.org +# We have to set the letsencrypt_gid to something that isn't 3000 +# to not conflict with gerrit2's gid +letsencrypt_gid: 3001 +gerrit_storyboard_url: https://storyboard-dev.openstack.org +gerrit_vhost_name: review-dev.opendev.org +gerrit_ssl_cert_file: /etc/letsencrypt-certs/review-dev.opendev.org/review-dev.opendev.org.cer +gerrit_ssl_key_file: /etc/letsencrypt-certs/review-dev.opendev.org/review-dev.opendev.org.key diff --git a/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml b/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml index 46878127e7..5f7e10d955 100644 --- a/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml +++ b/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml @@ -8,6 +8,7 @@ group: name: letsencrypt state: present + gid: "{{ letsencrypt_gid | default(omit) }}" - name: Install driver script copy: diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index 6ad43ebe13..0068d11ca0 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -44,6 +44,11 @@ - name: letsencrypt updated static01-security-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +# review-dev + +- name: letsencrypt updated review-dev01-opendev-org-main + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + # Mirrors - name: letsencrypt updated mirror01-dfw-rax-main diff --git a/playbooks/service-review-dev.yaml b/playbooks/service-review-dev.yaml index f5e72937cc..8e21662fbf 100644 --- a/playbooks/service-review-dev.yaml +++ b/playbooks/service-review-dev.yaml @@ -1,5 +1,5 @@ -- hosts: "review-dev01.openstack.org:!disabled" - name: "Configure gerrit on review-dev01.openstack.org" +- hosts: "review-dev:!disabled" + name: "Configure gerrit on review-dev" roles: - pip3 - install-podman diff --git a/testinfra/test_gerrit.py b/testinfra/test_gerrit.py index 9cd946d459..c9b72ac152 100644 --- a/testinfra/test_gerrit.py +++ b/testinfra/test_gerrit.py @@ -14,7 +14,7 @@ testinfra_hosts = [ - 'review-dev01.openstack.org', + 'review-dev01.opendev.org', 'review01.opendev.org', ]