static: implement legacy redirect sites

This is a slight divergence from the accepted spec, where we were
going to implement these redirects via a new haproxy instance
(I961456d44a56f2334d3c94ef27e408f27409cd65).  We've decided it's
easier to keep them on static.opendev.org

The following sites are configured to redirect to whatever they are
redirecting to now on static.opendev.org:

 * devstack.org
 * www.devstack.org
 * ci.openstack.org
 * cinder.openstack.org
 * glance.openstack.org
 * horizon.openstack.org
 * keystone.openstack.org
 * nova.openstack.org
 * qa.openstack.org
 * summit.openstack.org
 * swift.openstack.org

As a bonus, they all get a https instance too, which they didn't have
before.

testinfra coverage should be total for this change.  I have created
the _acme-challange CNAME records for all the above.

Story: #2006598
Task: #38881

Change-Id: I3f1fc108e7bb1c9500ad4d1a51df13bb4ae00cb9

playbooks/host_vars/static01.opendev.org.yaml

@@ -5,14 +5,23 @@ letsencrypt_certs:
     - static01.opendev.org
     - files.openstack.org
     - static.openstack.org
+  static01-ci-openstack-org:
+    - ci.openstack.org
+  static01-cinder-openstack-org:
+    - cinder.openstack.org
   static01-developer-openstack-org:
     - developer.openstack.org
+  static01-devstack-org:
+    - devstack.org
+    - www.devstack.org
   static01-docs-opendev-org:
     - docs.opendev.org
   static01-docs-openstack-org:
     - docs.openstack.org
   static01-docs-starlingx-io:
     - docs.starlingx.io
+  static01-glance-openstack-org:
+    - glance.openstack.org
   static01-git-airshipit-org:
     - git.airshipit.org
   static01-git-openstack-org:
@@ -23,12 +32,24 @@ letsencrypt_certs:
     - git.zuul-ci.org
   static01-governance-openstack-org:
     - governance.openstack.org
+  static01-horizon-openstack-org:
+    - horizon.openstack.org
+  static01-keystone-openstack-org:
+    - keystone.openstack.org
+  static01-nova-openstack-org:
+    - nova.openstack.org
+  static01-qa-openstack-org:
+    - qa.openstack.org
   static01-service-types-openstack-org:
     - service-types.openstack.org
   static01-security-openstack-org:
     - security.openstack.org
   static01-specs-openstack-org:
     - specs.openstack.org
+  static01-summit-openstack-org:
+    - summit.openstack.org
+  static01-swift-openstack-org:
+    - swift.openstack.org
   static01-releases-openstack-org:
     - releases.openstack.org
   static01-tarballs-opendev-org:

playbooks/roles/letsencrypt-create-certs/handlers/main.yaml

@@ -38,9 +38,18 @@
 - name: letsencrypt updated static01-opendev-org-main
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated static01-ci-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-cinder-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-developer-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated static01-devstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-docs-opendev-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
@@ -50,6 +59,9 @@
 - name: letsencrypt updated static01-docs-starlingx-io
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated static01-glance-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-git-airshipit-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
@@ -65,6 +77,18 @@
 - name: letsencrypt updated static01-governance-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated static01-horizon-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-keystone-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-nova-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-qa-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-service-types-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
@@ -74,6 +98,12 @@
 - name: letsencrypt updated static01-security-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated static01-summit-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-swift-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-releases-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 

playbooks/roles/static/files/50-ci.openstack.org.conf

@@ -0,0 +1,43 @@
+<Macro CiRedirects>
+  RewriteEngine On
+
+  RewriteRule ^/jenkins-job-builder(/.*|$) https://docs.openstack.org/infra/jenkins-job-builder$1 [last,redirect=permanent]
+  RewriteRule ^/nodepool(/.*|$) https://docs.openstack.org/infra/nodepool$1 [last,redirect=permanent]
+  RewriteRule ^/openstackid(/.*|$) https://docs.openstack.org/infra/openstackid$1 [last,redirect=permanent]
+  RewriteRule ^/shade(/.*|$) https://docs.openstack.org/infra/shade$1 [last,redirect=permanent]
+  RewriteRule ^/storyboard(/.*|$) https://docs.openstack.org/infra/storyboard$1 [last,redirect=permanent]
+  RewriteRule ^/zuul(/.*|$) https://docs.openstack.org/infra/zuul$1 [last,redirect=permanent]
+  RewriteRule ^/(.*) https://docs.openstack.org/infra/system-config/$1 [last,redirect=permanent]
+</Macro>
+
+<VirtualHost *:80>
+  ServerName ci.openstack.org
+
+  Use CiRedirects
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/ci.openstack.org_error.log
+  CustomLog /var/log/apache2/ci.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName ci.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/ci.openstack.org/ci.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/ci.openstack.org/ci.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/ci.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  Use CiRedirects
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/ci.openstack.org_error.log
+  CustomLog /var/log/apache2/ci.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+UndefMacro CiRedirects

playbooks/roles/static/files/50-cinder.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName cinder.openstack.org
+
+ RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/cinder/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/cinder.openstack.org_error.log
+  CustomLog /var/log/apache2/cinder.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName cinder.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/cinder.openstack.org/cinder.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/cinder.openstack.org/cinder.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/cinder.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/cinder/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/cinder.openstack.org_error.log
+  CustomLog /var/log/apache2/cinder.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-devstack.org.conf

@@ -0,0 +1,33 @@
+<VirtualHost *:80>
+  ServerName devstack.org
+  ServerAlias *.devstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/devstack/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/devstack.org_error.log
+  CustomLog /var/log/apache2/devstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName devstack.org
+  ServerAlias www.devstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/devstack.org/devstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/devstack.org/devstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/devstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/devstack/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/devstack.org_error.log
+  CustomLog /var/log/apache2/devstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-glance.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName glance.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/glance/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/glance.openstack.org_error.log
+  CustomLog /var/log/apache2/glance.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName glance.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/glance.openstack.org/glance.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/glance.openstack.org/glance.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/glance.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/glance/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/glance.openstack.org_error.log
+  CustomLog /var/log/apache2/glance.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-horizon.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName horizon.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/horizon/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/horizon.openstack.org_error.log
+  CustomLog /var/log/apache2/horizon.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName horizon.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/horizon.openstack.org/horizon.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/horizon.openstack.org/horizon.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/horizon.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/horizon/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/horizon.openstack.org_error.log
+  CustomLog /var/log/apache2/horizon.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-keystone.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName keystone.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/keystone/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/keystone.openstack.org_error.log
+  CustomLog /var/log/apache2/keystone.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName keystone.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/keystone.openstack.org/keystone.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/keystone.openstack.org/keystone.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/keystone.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/keystone/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/keystone.openstack.org_error.log
+  CustomLog /var/log/apache2/keystone.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-nova.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName nova.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/nova/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/nova.openstack.org_error.log
+  CustomLog /var/log/apache2/nova.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName nova.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/nova.openstack.org/nova.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/nova.openstack.org/nova.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/nova.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/nova/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/nova.openstack.org_error.log
+  CustomLog /var/log/apache2/nova.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-qa.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName qa.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/qa/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/qa.openstack.org_error.log
+  CustomLog /var/log/apache2/qa.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName qa.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/qa.openstack.org/qa.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/qa.openstack.org/qa.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/qa.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/qa/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/qa.openstack.org_error.log
+  CustomLog /var/log/apache2/qa.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-summit.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName summit.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://openstack.org/summit/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/summit.openstack.org_error.log
+  CustomLog /var/log/apache2/summit.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName summit.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/summit.openstack.org/summit.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/summit.openstack.org/summit.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/summit.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://openstack.org/summit/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/summit.openstack.org_error.log
+  CustomLog /var/log/apache2/summit.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/files/50-swift.openstack.org.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+  ServerName swift.openstack.org
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/swift/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/swift.openstack.org_error.log
+  CustomLog /var/log/apache2/swift.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName swift.openstack.org
+
+  SSLCertificateFile      /etc/letsencrypt-certs/swift.openstack.org/swift.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/swift.openstack.org/swift.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/swift.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  RewriteEngine On
+  RewriteRule ^/(.*) https://docs.openstack.org/developer/swift/$1 [last,redirect=permanent]
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/swift.openstack.org_error.log
+  CustomLog /var/log/apache2/swift.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>

playbooks/roles/static/tasks/enable_site.yaml

@@ -1,4 +1,4 @@
-- name: Add custom default site
+- name: Add {{ item }} configuration
   copy:
     src: '{{ item }}.conf'
     dest: /etc/apache2/sites-available/

playbooks/roles/static/tasks/main.yaml

@@ -65,15 +65,25 @@
   include_tasks: enable_site.yaml
   loop:
     - 00-static.opendev.org
+    - 50-ci.openstack.org
+    - 50-cinder.openstack.org
     - 50-developer.openstack.org
+    - 50-devstack.org
     - 50-docs.opendev.org
     - 50-docs.openstack.org
     - 50-docs.starlingx.io
     - 50-governance.openstack.org
+    - 50-glance.openstack.org
+    - 50-horizon.openstack.org
+    - 50-keystone.openstack.org
+    - 50-nova.openstack.org
+    - 50-qa.openstack.org
     - 50-security.openstack.org
     - 50-service-types.openstack.org
     - 50-specs.openstack.org
     - 50-releases.openstack.org
+    - 50-summit.openstack.org
+    - 50-swift.openstack.org
     - 50-tarballs.opendev.org
     - 50-tarballs.openstack.org
     - 50-zuul-ci.org

testinfra/test_static.py

@@ -156,3 +156,62 @@ def test_git_redirects(host, url, target):
                    (hostname, url))
     assert '302 Found' in cmd.stdout
     assert target in cmd.stdout
+
+doc_redirects = (
+    ('devstack.org', 'https://docs.openstack.org/developer/devstack'),
+    ('www.devstack.org', 'https://docs.openstack.org/developer/devstack'),
+    ('cinder.openstack.org', 'https://docs.openstack.org/developer/cinder'),
+    ('glance.openstack.org', 'https://docs.openstack.org/developer/glance'),
+    ('horizon.openstack.org', 'https://docs.openstack.org/developer/horizon'),
+    ('keystone.openstack.org', 'https://docs.openstack.org/developer/keystone'),
+    ('nova.openstack.org', 'https://docs.openstack.org/developer/nova'),
+    ('qa.openstack.org', 'https://docs.openstack.org/developer/qa'),
+    ('swift.openstack.org', 'https://docs.openstack.org/developer/swift'),
+)
+
+@pytest.mark.parametrize("hostname,target", doc_redirects)
+def test_doc_redirects(host, hostname, target):
+    cmd = host.run('curl --resolve %s:80:127.0.0.1 http://%s' %
+                   (hostname, hostname))
+    assert '301 Moved Permanently' in cmd.stdout
+    assert target in cmd.stdout
+
+    cmd = host.run('curl --insecure --resolve %s:443:127.0.0.1 https://%s' %
+                   (hostname, hostname))
+    assert '301 Moved Permanently' in cmd.stdout
+    assert target in cmd.stdout
+
+def test_summit_openstack_org(host):
+    cmd = host.run('curl --resolve summit.openstack.org:80:127.0.0.1'
+                   ' http://summit.openstack.org')
+    assert '301 Moved Permanently' in cmd.stdout
+    assert 'https://openstack.org/summit/' in cmd.stdout
+
+    cmd = host.run('curl --insecure '
+                   ' --resolve summit.openstack.org:443:127.0.0.1'
+                   ' https://summit.openstack.org')
+    assert '301 Moved Permanently' in cmd.stdout
+    assert 'https://openstack.org/summit/' in cmd.stdout
+
+ci_redirects = (
+    ('/jenkins-job-builder', 'https://docs.openstack.org/infra/jenkins-job-builder'),
+    ('/nodepool', 'https://docs.openstack.org/infra/nodepool'),
+    ('/openstackid', 'https://docs.openstack.org/infra/openstackid'),
+    ('/shade', 'https://docs.openstack.org/infra/shade'),
+    ('/storyboard', 'https://docs.openstack.org/infra/storyboard'),
+    ('/zuul', 'https://docs.openstack.org/infra/zuul'),
+    ('/', 'https://docs.openstack.org/infra/system-config/'),
+)
+
+@pytest.mark.parametrize("path,target", ci_redirects)
+def test_ci_openstack_org(host, path, target):
+    cmd = host.run('curl --resolve ci.openstack.org:80:127.0.0.1'
+                   ' http://ci.openstack.org%s' % path)
+    assert '301 Moved Permanently' in cmd.stdout
+    assert target in cmd.stdout
+
+    cmd = host.run('curl --insecure '
+                   ' --resolve ci.openstack.org:443:127.0.0.1'
+                   ' https://ci.openstack.org%s' % path)
+    assert '301 Moved Permanently' in cmd.stdout
+    assert target in cmd.stdout