diff --git a/inventory/openstack.yaml b/inventory/openstack.yaml
index da55f7a20c..671f07e350 100644
--- a/inventory/openstack.yaml
+++ b/inventory/openstack.yaml
@@ -709,13 +709,6 @@ all:
region_name: DFW
public_v4: 23.253.245.150
public_v6: 2001:4800:7818:101:be76:4eff:fe04:7c28
- static.openstack.org:
- ansible_host: 2001:4800:7817:104:be76:4eff:fe05:dbee
- location:
- cloud: openstackci-rax
- region_name: DFW
- public_v4: 23.253.108.137
- public_v6: 2001:4800:7817:104:be76:4eff:fe05:dbee
status.openstack.org:
ansible_host: 2001:4800:7818:103:be76:4eff:fe06:905
location:
diff --git a/manifests/site.pp b/manifests/site.pp
index 26399354c9..91d0d31703 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -405,25 +405,6 @@ node /^storyboard-dev\d+\.opendev\.org$/ {
}
-# A machine to serve static content.
-# Node-OS: trusty
-# Node-OS: xenial
-node /^static\d*\.open.*\.org$/ {
- class { 'openstack_project::server': }
- class { 'openstack_project::static':
- project_config_repo => 'https://opendev.org/openstack/project-config',
- swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/',
- swift_user => 'infra-files-ro',
- swift_key => hiera('infra_files_ro_password'),
- swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'),
- swift_region_name => 'DFW',
- swift_default_container => 'infra-files',
- ssl_cert_file_contents => hiera('static_ssl_cert_file_contents'),
- ssl_key_file_contents => hiera('static_ssl_key_file_contents'),
- ssl_chain_file_contents => hiera('static_ssl_chain_file_contents'),
- }
-}
-
# Node-OS: xenial
node /^zk\d+\.open.*\.org$/ {
# We use IP addresses here so that zk listens on the public facing addresses
diff --git a/modules/openstack_project/manifests/static.pp b/modules/openstack_project/manifests/static.pp
deleted file mode 100644
index 16a955f411..0000000000
--- a/modules/openstack_project/manifests/static.pp
+++ /dev/null
@@ -1,529 +0,0 @@
-# == Class: openstack_project::static
-#
-class openstack_project::static (
- $swift_authurl = '',
- $swift_user = '',
- $swift_key = '',
- $swift_tenant_name = '',
- $swift_region_name = '',
- $swift_default_container = '',
- $project_config_repo = '',
- $ssl_cert_file = '',
- $ssl_cert_file_contents = '',
- $ssl_key_file = '',
- $ssl_key_file_contents = '',
- $ssl_chain_file = '',
- $ssl_chain_file_contents = '',
- $jenkins_gitfullname = 'OpenStack Jenkins',
- $jenkins_gitemail = 'jenkins@openstack.org',
-) {
- class { 'project_config':
- url => $project_config_repo,
- }
-
- include openstack_project
- class { 'jenkins::jenkinsuser':
- ssh_key => $openstack_project::jenkins_ssh_key,
- gitfullname => $jenkins_gitfullname,
- gitemail => $jenkins_gitemail,
- }
-
- # This will try to index our millions of logs and docs by default
- # and cause all sorts of IO and disk-usage issues.
- package { 'mlocate':
- ensure => absent,
- }
-
- include ::httpd
- include ::httpd::mod::wsgi
-
- if ! defined(Httpd::Mod['rewrite']) {
- httpd::mod { 'rewrite':
- ensure => present,
- }
- }
-
- if ! defined(Httpd::Mod['proxy']) {
- httpd::mod { 'proxy':
- ensure => present,
- }
- }
-
- if ! defined(Httpd::Mod['proxy_http']) {
- httpd::mod { 'proxy_http':
- ensure => present,
- }
- }
-
- if ! defined(Httpd::Mod['alias']) {
- httpd::mod { 'alias': ensure => present }
- }
-
- if ! defined(Httpd::Mod['headers']) {
- httpd::mod { 'headers': ensure => present }
- }
-
- if ! defined(File['/srv/static']) {
- file { '/srv/static':
- ensure => directory,
- }
- }
-
- file { '/etc/ssl/certs':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- }
-
- file { '/etc/ssl/private':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0700',
- }
-
- # To use the standard ssl-certs package snakeoil certificate, leave both
- # $ssl_cert_file and $ssl_cert_file_contents empty. To use an existing
- # certificate, specify its path for $ssl_cert_file and leave
- # $ssl_cert_file_contents empty. To manage the certificate with puppet,
- # provide $ssl_cert_file_contents and optionally specify the path to use for
- # it in $ssl_cert_file.
- if ($ssl_cert_file == '') and ($ssl_cert_file_contents == '') {
- $cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
- } else {
- if $ssl_cert_file == '' {
- $cert_file = "/etc/ssl/certs/${::fqdn}.pem"
- } else {
- $cert_file = $ssl_cert_file
- }
- if $ssl_cert_file_contents != '' {
- file { $cert_file:
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $ssl_cert_file_contents,
- require => File['/etc/ssl/certs'],
- }
- }
- }
-
- # To use the standard ssl-certs package snakeoil key, leave both
- # $ssl_key_file and $ssl_key_file_contents empty. To use an existing key,
- # specify its path for $ssl_key_file and leave $ssl_key_file_contents empty.
- # To manage the key with puppet, provide $ssl_key_file_contents and
- # optionally specify the path to use for it in $ssl_key_file.
- if ($ssl_key_file == '') and ($ssl_key_file_contents == '') {
- $key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
- } else {
- if $ssl_key_file == '' {
- $key_file = "/etc/ssl/private/${::fqdn}.key"
- } else {
- $key_file = $ssl_key_file
- }
- if $ssl_key_file_contents != '' {
- file { $key_file:
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0600',
- content => $ssl_key_file_contents,
- require => File['/etc/ssl/private'],
- }
- }
- }
-
- # To avoid using an intermediate certificate chain, leave both
- # $ssl_chain_file and $ssl_chain_file_contents empty. To use an existing
- # chain, specify its path for $ssl_chain_file and leave
- # $ssl_chain_file_contents empty. To manage the chain with puppet, provide
- # $ssl_chain_file_contents and optionally specify the path to use for it in
- # $ssl_chain_file.
- if ($ssl_chain_file == '') and ($ssl_chain_file_contents == '') {
- $chain_file = ''
- } else {
- if $ssl_chain_file == '' {
- $chain_file = "/etc/ssl/certs/${::fqdn}_intermediate.pem"
- } else {
- $chain_file = $ssl_chain_file
- }
- if $ssl_chain_file_contents != '' {
- file { $chain_file:
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $ssl_chain_file_contents,
- require => File['/etc/ssl/certs'],
- before => File[$cert_file],
- }
- }
- }
-
- ###########################################################
- # Tarballs
-
- ::httpd::vhost { 'tarballs.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => '/srv/static/tarballs',
- priority => '50',
- ssl => true,
- template => 'openstack_project/static-http-and-https.vhost.erb',
- vhost_name => 'tarballs.openstack.org',
- require => [
- File['/srv/static/tarballs'],
- File[$cert_file],
- File[$key_file],
- ],
- }
-
- file { '/srv/static/tarballs':
- ensure => directory,
- owner => 'jenkins',
- group => 'jenkins',
- require => User['jenkins'],
- }
-
- ###########################################################
- # legacy ci.openstack.org site redirect
-
- ::httpd::vhost { 'ci.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/ci.vhost.erb',
- }
-
- ###########################################################
- # Logs
- class { 'openstackci::logserver':
- jenkins_ssh_key => $openstack_project::jenkins_ssh_key,
- domain => 'openstack.org',
- ara_middleware => true,
- wsgi_processes => 16,
- swift_authurl => $swift_authurl,
- swift_user => $swift_user,
- swift_key => $swift_key,
- swift_tenant_name => $swift_tenant_name,
- swift_region_name => $swift_region_name,
- swift_default_container => $swift_default_container,
- readmes => {
- '/*/*/*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html',
- '/periodic*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html',
- '/*/*/*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html',
- '/periodic*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html',
- '/*/*/*/*/*tripleo-ci-*/*/logs/' => '/help/tripleo-quickstart-logs.html'
- }
- }
-
- ::httpd::vhost { "logs.opendev.org":
- port => 443,
- priority => '50',
- ssl => true,
- docroot => '/srv/static/logs',
- require => File['/srv/static/logs'],
- vhost_name => 'logs.opendev.org',
- template => 'openstack_project/logs.vhost.erb',
- }
-
- vcsrepo { '/opt/devstack-gate':
- ensure => latest,
- provider => git,
- revision => 'master',
- source => 'https://opendev.org/openstack/devstack-gate',
- }
-
- file { '/srv/static/logs/help':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- require => File['/srv/static/logs'],
- }
- file { '/srv/static/logs/help/tempest-logs.html':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'file:///opt/devstack-gate/help/tempest-logs.html',
- require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']],
- }
- file { '/srv/static/logs/help/tempest-overview.html':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'file:///opt/devstack-gate/help/tempest-overview.html',
- require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']],
- }
-
- vcsrepo { '/opt/tripleo-ci':
- ensure => latest,
- provider => git,
- revision => 'master',
- source => 'https://opendev.org/openstack/tripleo-ci',
- }
- file { '/srv/static/logs/help/tripleo-quickstart-logs.html':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'file:///opt/tripleo-ci/docs/tripleo-quickstart-logs.html',
- require => [File['/srv/static/logs/help'], Vcsrepo['/opt/tripleo-ci']],
- }
-
- ###########################################################
- # Security
-
- ::httpd::vhost { 'security.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => '/srv/static/security',
- priority => '50',
- ssl => true,
- template => 'openstack_project/static-https-redirect.vhost.erb',
- vhost_name => 'security.openstack.org',
- require => [
- File['/srv/static/security'],
- File[$cert_file],
- File[$key_file],
- ],
- }
-
- file { '/srv/static/security':
- ensure => directory,
- owner => 'jenkins',
- group => 'jenkins',
- require => User['jenkins'],
- }
-
- ###########################################################
- # Governance (TC and UC) & Election
-
- # Extra aliases and directories needed for vhost template:
- $governance_aliases = {
- '/election/' => '/srv/static/election/',
- '/sigs/' => '/srv/static/sigs/',
- '/tc/' => '/srv/static/tc/',
- '/uc/' => '/srv/static/uc/',
- }
- # Extra redirects needed for vhost template:
- $governance_redirects = {
- '/badges/' => '/tc/badges/',
- '/goals/' => '/tc/goals/',
- '/reference/' => '/tc/reference/',
- '/resolutions/' => '/tc/resolutions/',
- }
- # One of these must also be the docroot
- $governance_directories = [
- '/srv/static/election',
- '/srv/static/governance',
- '/srv/static/sigs',
- '/srv/static/tc',
- '/srv/static/uc',
- ]
-
- ::httpd::vhost { 'governance.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => '/srv/static/governance',
- priority => '50',
- ssl => true,
- template => 'openstack_project/static-governance.vhost.erb',
- vhost_name => 'governance.openstack.org',
- require => [
- File[$governance_directories],
- File[$cert_file],
- File[$key_file],
- ],
- }
-
- file { $governance_directories:
- ensure => directory,
- owner => 'jenkins',
- group => 'jenkins',
- require => User['jenkins'],
- }
-
- ###########################################################
- # Specs
-
- ::httpd::vhost { 'specs.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => '/srv/static/specs',
- priority => '50',
- ssl => true,
- template => 'openstack_project/static-http-and-https.vhost.erb',
- vhost_name => 'specs.openstack.org',
- require => [
- File['/srv/static/specs'],
- File[$cert_file],
- File[$key_file],
- ],
- }
-
- file { '/srv/static/specs':
- ensure => directory,
- owner => 'jenkins',
- group => 'jenkins',
- require => User['jenkins'],
- }
-
- ###########################################################
- # legacy summit.openstack.org site redirect
-
- ::httpd::vhost { 'summit.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/summit.vhost.erb',
- }
-
- ###########################################################
- # legacy site redirects
-
- ::httpd::vhost { 'devstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- serveraliases => ['*.devstack.org'],
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ::httpd::vhost { 'cinder.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ::httpd::vhost { 'glance.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ::httpd::vhost { 'horizon.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ::httpd::vhost { 'keystone.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ::httpd::vhost { 'nova.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ::httpd::vhost { 'qa.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ::httpd::vhost { 'swift.openstack.org':
- port => 80,
- priority => '50',
- docroot => 'MEANINGLESS_ARGUMENT',
- template => 'openstack_project/legacy.vhost.erb',
- }
-
- ###########################################################
- # Trystack
-
- ::httpd::vhost { 'trystack.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => '/opt/trystack',
- priority => '50',
- ssl => true,
- template => 'openstack_project/static-http-and-https.vhost.erb',
- vhost_name => 'trystack.openstack.org',
- serveraliases => ['trystack.org', 'www.trystack.org'],
- require => [
- Vcsrepo['/opt/trystack'],
- File[$cert_file],
- File[$key_file],
- ],
- }
-
- vcsrepo { '/opt/trystack':
- ensure => latest,
- provider => git,
- revision => 'master',
- source => 'https://opendev.org/x/trystack-site',
- }
-
- ###########################################################
- # Releases
-
- ::httpd::vhost { 'releases.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => '/srv/static/releases',
- priority => '50',
- ssl => true,
- template => 'openstack_project/static-https-redirect.vhost.erb',
- vhost_name => 'releases.openstack.org',
- require => [
- File['/srv/static/releases'],
- File[$cert_file],
- File[$key_file],
- ],
- }
-
- file { '/srv/static/releases':
- ensure => directory,
- owner => 'jenkins',
- group => 'jenkins',
- require => User['jenkins'],
- }
-
- ###########################################################
- # service-types.openstack.org
-
- ::httpd::vhost { 'service-types.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => '/srv/static/service-types',
- priority => '50',
- ssl => true,
- template => 'openstack_project/static-https-redirect.vhost.erb',
- vhost_name => 'service-types.openstack.org',
- require => [
- File['/srv/static/service-types'],
- File[$cert_file],
- File[$key_file],
- ],
- }
-
- file { '/srv/static/service-types':
- ensure => directory,
- owner => 'jenkins',
- group => 'jenkins',
- require => User['jenkins'],
- }
-
-
- # Until Apache 2.4.24 the event MPM has some issues scalability
- # bottlenecks that were seen to drop connections, especially on
- # larger files; see
- # https://httpd.apache.org/docs/2.4/mod/event.html
- #
- # The main advantage of event MPM is for keep-alive requests which
- # are not really a big issue on this static file server. Therefore
- # we switch to the threaded worker MPM as a workaround. This can be
- # reconsidered when the apache version running is sufficient to
- # avoid these problems.
-
- httpd::mod { 'mpm_event': ensure => 'absent' }
- httpd::mod { 'mpm_worker': ensure => 'present' }
-
-}
diff --git a/modules/openstack_project/templates/ci.vhost.erb b/modules/openstack_project/templates/ci.vhost.erb
deleted file mode 100644
index c33675ebce..0000000000
--- a/modules/openstack_project/templates/ci.vhost.erb
+++ /dev/null
@@ -1,22 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-NameVirtualHost <%= @vhost_name %>:<%= @port %>
-:<%= @port %>>
- ServerName <%= @srvname %>
-
- RewriteEngine On
-RewriteRule ^/jenkins-job-builder(/.*|$) https://docs.openstack.org/infra/jenkins-job-builder$1 [last,redirect=permanent]
- RewriteRule ^/nodepool(/.*|$) https://docs.openstack.org/infra/nodepool$1 [last,redirect=permanent]
- RewriteRule ^/openstackid(/.*|$) https://docs.openstack.org/infra/openstackid$1 [last,redirect=permanent]
- RewriteRule ^/shade(/.*|$) https://docs.openstack.org/infra/shade$1 [last,redirect=permanent]
- RewriteRule ^/storyboard(/.*|$) https://docs.openstack.org/infra/storyboard$1 [last,redirect=permanent]
- RewriteRule ^/zuul(/.*|$) https://docs.openstack.org/infra/zuul$1 [last,redirect=permanent]
- RewriteRule ^/(.*) https://docs.openstack.org/infra/system-config/$1 [last,redirect=permanent]
-
- ErrorLog /var/log/apache2/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/apache2/<%= @name %>_access.log combined
- ServerSignature Off
-
diff --git a/modules/openstack_project/templates/logs.vhost.erb b/modules/openstack_project/templates/logs.vhost.erb
deleted file mode 100644
index 7328d4b056..0000000000
--- a/modules/openstack_project/templates/logs.vhost.erb
+++ /dev/null
@@ -1,193 +0,0 @@
-# -*- apache -*-
-# ************************************
-# Managed by Puppet
-# ************************************
-
-NameVirtualHost <%= @vhost_name %>:80
-NameVirtualHost <%= @vhost_name %>:443
-
-
- ServerName <%= @vhost_name %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif ! ['', nil].include?(@serveraliases) -%>
-<%= " ServerAlias #{@serveraliases}" %>
-<% end -%>
- RewriteEngine On
- RewriteRule ^/(.*)$ https://<%= @vhost_name %>/$1 [L,R=301]
- DocumentRoot <%= @docroot %>
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- AllowOverrideList Redirect RedirectMatch
- Satisfy Any
- Require all granted
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
-
- ServerName <%= @vhost_name %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif ! ['', nil, :undef].include?(@serveraliases) -%>
-<%= " ServerAlias #{@serveraliases}" %>
-<% end -%>
-
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile /etc/letsencrypt-certs/logs.opendev.org/logs.opendev.org.cer
- SSLCertificateKeyFile /etc/letsencrypt-certs/logs.opendev.org/logs.opendev.org.key
- SSLCertificateChainFile /etc/letsencrypt-certs/logs.opendev.org/ca.cer
-
- DocumentRoot <%= @docroot %>
-
- # Authorize cross request, e.g. fetch job-output from the zuul builds page
- Header set Access-Control-Allow-Origin "*"
-
- WSGIDaemonProcess logs2 user=www-data group=www-data processes=16 threads=1
- WSGIProcessGroup logs2
- WSGIApplicationGroup %{GLOBAL}
-
- AddType text/plain .log
- AddType text/plain .sh
- AddType text/plain .yaml
- AddType text/plain .yml
-
- # use Apache to compress the results afterwards, to save on the wire
- # it's approx 18x savings of wire traffic to compress. We need to
- # compress by content types that htmlify can produce
- AddOutputFilterByType DEFLATE text/plain text/html application/x-font-ttf image/svg+xml
-
-
- ForceType text/html
- AddDefaultCharset UTF-8
- AddEncoding x-gzip gz
-
-
- ForceType text/css
- AddDefaultCharset UTF-8
- AddEncoding x-gzip gz
-
-
- ForceType text/javascript
- AddDefaultCharset UTF-8
- AddEncoding x-gzip gz
-
-
- ForceType application/x-font-ttf
- AddEncoding x-gzip gz
-
-
- ForceType image/svg+xml
- AddEncoding x-gzip gz
-
-
- ForceType application/json
- AddEncoding x-gzip gz
-
-
- # mod_mime_magic is sometimes passing css files as asm sources
- # e.g css files generated by coverage reports
- ForceType text/css
-
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- Satisfy Any
- ExpiresActive On
- # Data in the logs server is static once generated by a job
- ExpiresDefault "access plus 2 weeks"
-
-
- Allow from all
- Satisfy Any
-
-
-
- ReadmeName /help/tempest-overview.html
-
-
- ReadmeName /help/tempest-overview.html
-
-
- ReadmeName /help/tempest-logs.html
-
-
- ReadmeName /help/tempest-logs.html
-
-
- ReadmeName /help/tripleo-quickstart-logs.html
-
-
- /periodic*/*>
- IndexOrderDefault Descending Date
-
-
- RewriteEngine On
-
-
- Allow from all
- Satisfy Any
-
-
- # ARA sqlite middleware configuration
- # See docs for details: https://ara.readthedocs.io/en/latest/advanced.html
- SetEnv ARA_WSGI_TMPDIR_MAX_AGE 3600
- SetEnv ARA_WSGI_LOG_ROOT /srv/static/logs
- SetEnv ARA_WSGI_DATABASE_DIRECTORY ara-report
-
- # Redirect .*/ara-report to the ARA sqlite wsgi middleware
- # This middleware automatically loads the ARA web application with the
- # database located at .*/ara-report/ansible.sqlite.
- # If we get a request directly to the database file, don't load the middleware
- # so that users can download the raw database if they wish.
- WSGIScriptAliasMatch ^.*/ara-report(?!/ansible.sqlite) /usr/local/bin/ara-wsgi-sqlite
-
- # Everything beyond this point is rewritten to htmlify.
- # Make sure we don't do that for dynamic ARA reports.
- RewriteCond %{REQUEST_URI} ^.*/ara-report [NC]
- RewriteRule .* - [L]
-
- # If the specified file does not exist, look if there is a gzipped version
- # If there is, serve that one instead
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME}.gz -f
- RewriteRule ^/(.*)$ %{REQUEST_URI}.gz
-
- # rewrite (txt|log).gz & console.html[.gz] files to map to our
- # internal htmlify wsgi app
- # PT, Pass-through: to come back around and get picked up by the
- # WSGIScriptAlias
- # NS, No-subrequest: on coming back through, mod-autoindex may have added
- # index.html which would match the !-f condition. We
- # therefore ensure the rewrite doesn't trigger by
- # disallowing subrequests.
- RewriteRule ^/(.*\.(txt|log)\.gz)$ /htmlify/$1 [QSA,L,PT,NS]
- RewriteRule ^/(.*console\.html(\.gz)?)$ /htmlify/$1 [QSA,L,PT,NS]
-
- # Check if the request exists as a file, directory or symbolic link
- # If not, write the request to htmlify to see if we can fetch from swift
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-l
- RewriteCond %{REQUEST_FILENAME} !^/icon
- RewriteRule ^/(.*)$ /htmlify/$1 [QSA,L,PT,NS]
-
- WSGIScriptAlias /htmlify /usr/local/lib/python2.7/dist-packages/os_loganalyze/wsgi.py
-
- ErrorLog /var/log/apache2/<%= @vhost_name %>_ssl_error.log
- LogLevel warn
- CustomLog /var/log/apache2/<%= @vhost_name %>_ssl_access.log combined
- ServerSignature Off
-
diff --git a/modules/openstack_project/templates/static-governance.vhost.erb b/modules/openstack_project/templates/static-governance.vhost.erb
deleted file mode 100644
index 3b6a57c6a2..0000000000
--- a/modules/openstack_project/templates/static-governance.vhost.erb
+++ /dev/null
@@ -1,68 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @vhost_name %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif ! ['', nil].include?(@serveraliases) -%>
-<%= " ServerAlias #{@serveraliases}" %>
-<% end -%>
- RewriteEngine On
- RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @vhost_name %>
- DocumentRoot <%= @docroot %>
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
- SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
-<% if scope['openstack_project::static::chain_file'] != '' %>
- SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
-<% end %>
- # Alias other folders
- <% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%>
- Alias "<%= a %>" "<%= d %>"
- <% end -%>
- # Set up redirects
- <% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%>
- Redirect "<%= a %>" "<%= d %>"
- <% end -%>
- <% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%>
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverrideList Redirect RedirectMatch
- Satisfy Any
- Require all granted
-
- <% end -%>
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Satisfy Any
- Require all granted
-
- Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
- Header set Pragma "no-cache"
-
- ErrorDocument 404 /badges/project-unofficial.svg
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
diff --git a/modules/openstack_project/templates/static-http-and-https.vhost.erb b/modules/openstack_project/templates/static-http-and-https.vhost.erb
deleted file mode 100644
index e29fbabe0c..0000000000
--- a/modules/openstack_project/templates/static-http-and-https.vhost.erb
+++ /dev/null
@@ -1,58 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @vhost_name %>
-<% if @serveraliases.is_a? Array -%>
- # Permanently redirect these ServerAlias entries to ServerName
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif ! ['', nil].include?(@serveraliases) -%>
-<%= " ServerAlias #{@serveraliases}" %>
- RewriteEngine On
- RewriteCond %{HTTP_HOST} !<%= @vhost_name %>$ [NC]
- RewriteRule ^/(.*)$ http://<%= @vhost_name %>/$1 [L,R=301]
-<% end -%>
- DocumentRoot <%= @docroot %>
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- AllowOverrideList Redirect RedirectMatch
- Satisfy Any
- Require all granted
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @vhost_name %>
- DocumentRoot <%= @docroot %>
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
- SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
-<% if scope['openstack_project::static::chain_file'] != '' %>
- SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
-<% end %>
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- AllowOverrideList Redirect RedirectMatch
- Satisfy Any
- Require all granted
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
diff --git a/modules/openstack_project/templates/static-https-redirect.vhost.erb b/modules/openstack_project/templates/static-https-redirect.vhost.erb
deleted file mode 100644
index 839d044757..0000000000
--- a/modules/openstack_project/templates/static-https-redirect.vhost.erb
+++ /dev/null
@@ -1,48 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @vhost_name %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif ! ['', nil].include?(@serveraliases) -%>
-<%= " ServerAlias #{@serveraliases}" %>
-<% end -%>
- RewriteEngine On
- RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @vhost_name %>
- DocumentRoot <%= @docroot %>
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
- SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
-<% if scope['openstack_project::static::chain_file'] != '' %>
- SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
-<% end %>
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- AllowOverrideList Redirect RedirectMatch
- Satisfy Any
- Require all granted
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
- CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
- ServerSignature Off
-
-
diff --git a/modules/openstack_project/templates/summit.vhost.erb b/modules/openstack_project/templates/summit.vhost.erb
deleted file mode 100644
index 29963ac5e3..0000000000
--- a/modules/openstack_project/templates/summit.vhost.erb
+++ /dev/null
@@ -1,21 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-NameVirtualHost <%= @vhost_name %>:<%= @port %>
-:<%= @port %>>
- ServerName <%= @srvname %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif ! ['', nil].include?(@serveraliases) -%>
-<%= " ServerAlias #{@serveraliases}" %>
-<% end -%>
-
- RewriteEngine On
- RewriteRule ^/(.*) http://openstack.org/summit/$1 [last,redirect=permanent]
-
- ErrorLog /var/log/apache2/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/apache2/<%= @name %>_access.log combined
- ServerSignature Off
-