Remove files02.openstack.org and related puppet
All this has moved to static.opendev.org; the server can now be removed. Change-Id: I8ca5d7a206e950c28bb8372a85b6a62d6b9ba00c
This commit is contained in:
parent
8171dc437c
commit
f55580fbf0
@ -6,7 +6,6 @@ groups:
|
||||
- review-dev[0-9]*.open*.org
|
||||
- mirror[0-9]*.open*.org
|
||||
- mirror-update[0-9]*.opendev.org
|
||||
- files[0-9]*.open*.org
|
||||
- ze[0-9]*.open*.org
|
||||
- afsdb*.open*.org
|
||||
- afs[0-9]*.open*.org
|
||||
@ -45,7 +44,6 @@ groups:
|
||||
ethercalc: ethercalc*.open*.org
|
||||
etherpad: etherpad[0-9]*.open*.org
|
||||
etherpad-dev: etherpad-dev[0-9]*.open*.org
|
||||
files: files[0-9]*.open*.org
|
||||
firehose: firehose[0-9]*.open*.org
|
||||
gerrit:
|
||||
- review-dev[0-9]*.open*.org
|
||||
@ -124,7 +122,6 @@ groups:
|
||||
- ethercalc[0-9]*.open*.org
|
||||
- etherpad-dev[0-9]*.open*.org
|
||||
- etherpad[0-9]*.open*.org
|
||||
- files[0-9]*.open*.org
|
||||
- firehose[0-9]*.open*.org
|
||||
- grafana[0-9]*.open*.org
|
||||
- graphite*.open*.org
|
||||
@ -171,7 +168,6 @@ groups:
|
||||
- ethercalc[0-9]*.open*.org
|
||||
- etherpad[0-9]*.open*.org
|
||||
- etherpad-dev[0-9]*.open*.org
|
||||
- files[0-9]*.open*.org
|
||||
- firehose[0-9]*.open*.org
|
||||
- grafana[0-9]*.open*.org
|
||||
- graphite[0-9]*.open*.org
|
||||
@ -242,7 +238,6 @@ groups:
|
||||
- ethercalc[0-9]*.open*.org
|
||||
- etherpad-dev[0-9]*.open*.org
|
||||
- etherpad[0-9]*.open*.org
|
||||
- files[0-9]*.open*.org
|
||||
- grafana[0-9]*.open*.org
|
||||
- graphite*.open*.org
|
||||
- health[0-9]*.openstack.org
|
||||
|
@ -154,13 +154,6 @@ all:
|
||||
region_name: DFW
|
||||
public_v4: 23.253.238.66
|
||||
public_v6: 2001:4800:7817:104:be76:4eff:fe04:8f0c
|
||||
files02.openstack.org:
|
||||
ansible_host: 2001:4800:7817:103:be76:4eff:fe04:e3e3
|
||||
location:
|
||||
cloud: openstackci-rax
|
||||
region_name: DFW
|
||||
public_v4: 23.253.125.17
|
||||
public_v6: 2001:4800:7817:103:be76:4eff:fe04:e3e3
|
||||
firehose01.openstack.org:
|
||||
ansible_host: 2001:4800:7818:103:be76:4eff:fe04:40aa
|
||||
location:
|
||||
|
@ -336,89 +336,6 @@ node /^mirror\d*\..*\.open.*\.org$/ {
|
||||
}
|
||||
}
|
||||
|
||||
# Serve static AFS content for docs and other sites.
|
||||
# Node-OS: xenial
|
||||
node /^files\d*\.open.*\.org$/ {
|
||||
$group = "files"
|
||||
class { 'openstack_project::server':
|
||||
afs => true,
|
||||
afs_cache_size => 10000000, # 10GB
|
||||
}
|
||||
|
||||
class { 'openstack_project::files':
|
||||
vhost_name => 'files.openstack.org',
|
||||
developer_cert_file_contents => hiera('developer_cert_file_contents'),
|
||||
developer_key_file_contents => hiera('developer_key_file_contents'),
|
||||
developer_chain_file_contents => hiera('developer_chain_file_contents'),
|
||||
docs_cert_file_contents => hiera('docs_cert_file_contents'),
|
||||
docs_key_file_contents => hiera('docs_key_file_contents'),
|
||||
docs_chain_file_contents => hiera('docs_chain_file_contents'),
|
||||
git_airship_cert_file_contents => hiera('git_airship_cert_file_contents'),
|
||||
git_airship_key_file_contents => hiera('git_airship_key_file_contents'),
|
||||
git_airship_chain_file_contents => hiera('git_airship_chain_file_contents'),
|
||||
git_openstack_cert_file_contents => hiera('git_openstack_cert_file_contents'),
|
||||
git_openstack_key_file_contents => hiera('git_openstack_key_file_contents'),
|
||||
git_openstack_chain_file_contents => hiera('git_openstack_chain_file_contents'),
|
||||
git_starlingx_cert_file_contents => hiera('git_starlingx_cert_file_contents'),
|
||||
git_starlingx_key_file_contents => hiera('git_starlingx_key_file_contents'),
|
||||
git_starlingx_chain_file_contents => hiera('git_starlingx_chain_file_contents'),
|
||||
require => Class['Openstack_project::Server'],
|
||||
}
|
||||
|
||||
# Temporary for evaluating htaccess rules
|
||||
::httpd::vhost { "git-test.openstack.org":
|
||||
port => 80, # Is required despite not being used.
|
||||
docroot => "/afs/openstack.org/project/git-test/www",
|
||||
priority => '50',
|
||||
template => 'openstack_project/git-test.vhost.erb',
|
||||
}
|
||||
|
||||
openstack_project::website { 'docs.starlingx.io':
|
||||
volume_name => 'starlingx.io',
|
||||
aliases => [],
|
||||
ssl_cert => hiera('docs_starlingx_io_ssl_cert'),
|
||||
ssl_key => hiera('docs_starlingx_io_ssl_key'),
|
||||
ssl_intermediate => hiera('docs_starlingx_io_ssl_intermediate'),
|
||||
require => Class['openstack_project::files'],
|
||||
}
|
||||
|
||||
openstack_project::website { 'docs.opendev.org':
|
||||
aliases => [],
|
||||
docroot => "/afs/openstack.org/project/opendev.org/docs",
|
||||
ssl_cert => hiera('docs_opendev_ssl_cert'),
|
||||
ssl_key => hiera('docs_opendev_ssl_key'),
|
||||
ssl_intermediate => hiera('docs_opendev_ssl_intermediate'),
|
||||
require => Class['openstack_project::files'],
|
||||
}
|
||||
|
||||
openstack_project::website { 'tarballs.opendev.org':
|
||||
aliases => [],
|
||||
docroot => "/afs/openstack.org/project/opendev.org/tarballs",
|
||||
ssl_cert_file => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.cer',
|
||||
ssl_key_file => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.key',
|
||||
ssl_chain_file => '/etc/letsencrypt-certs/tarballs.opendev.org/ca.cer',
|
||||
require => Class['openstack_project::files'],
|
||||
}
|
||||
|
||||
openstack_project::website { 'zuul-ci.org':
|
||||
aliases => ['www.zuul-ci.org', 'zuulci.org', 'www.zuulci.org'],
|
||||
ssl_cert_file => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.cer',
|
||||
ssl_key_file => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.key',
|
||||
ssl_chain_file => '/etc/letsencrypt-certs/zuul-ci.org/ca.cer',
|
||||
require => Class['openstack_project::files'],
|
||||
}
|
||||
|
||||
openstack_project::website { 'git.zuul-ci.org':
|
||||
docroot => "/var/www/git-redirect",
|
||||
allow_override_list => "Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule",
|
||||
ssl_cert_file => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.cer',
|
||||
ssl_key_file => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.key',
|
||||
ssl_chain_file => '/etc/letsencrypt-certs/git.zuul-ci.org/ca.cer',
|
||||
require => Class['openstack_project::files'],
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Node-OS: trusty
|
||||
# Node-OS: xenial
|
||||
node /^refstack\d*\.open.*\.org$/ {
|
||||
|
@ -1,23 +0,0 @@
|
||||
# Managed by puppet
|
||||
# worker MPM
|
||||
# StartServers: initial number of server processes to start
|
||||
# MinSpareThreads: minimum number of worker threads which are kept spare
|
||||
# MaxSpareThreads: maximum number of worker threads which are kept spare
|
||||
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
|
||||
# graceful restart. ThreadLimit can only be changed by stopping
|
||||
# and starting Apache.
|
||||
# ThreadsPerChild: constant number of worker threads in each server process
|
||||
# MaxRequestWorkers: maximum number of threads
|
||||
# MaxConnectionsPerChild: maximum number of requests a server process serves
|
||||
|
||||
<IfModule mpm_worker_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 400
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
@ -1,186 +0,0 @@
|
||||
# Unescape any slashes in the branch portion of the query string so
|
||||
# that we don't have to worry about whether or not they are encoded
|
||||
# later. This is a recursive rule to handle multiple slashes.
|
||||
RewriteCond %{QUERY_STRING} "^(.*)h=([^&]+)%2F([^&]+)(.*)$"
|
||||
RewriteRule "^(.*)$" "/$1?%1h=%2/%3%4" [N]
|
||||
|
||||
# Map whitelabeled project git sites with repository prefixes
|
||||
RewriteCond %{HTTP_HOST} ^git\.airshipit\.org$ [NC]
|
||||
RewriteRule "^(cgit/|)airship-(.*)$" "$1airship/$2" [L]
|
||||
RewriteCond %{HTTP_HOST} ^git\.starlingx\.io$ [NC]
|
||||
RewriteRule "^(cgit/|)stx-(.*)$" "$1starlingx/$2" [L]
|
||||
RewriteCond %{HTTP_HOST} ^git\.zuul-ci\.org$ [NC]
|
||||
RewriteRule "^(cgit/|)((nodepool|zuul).*)$" "$1zuul/$2" [L]
|
||||
|
||||
###################################
|
||||
# summary
|
||||
# ignore all args
|
||||
|
||||
RewriteRule "^cgit/([^/]+)/([^/]+)/?$" "https://opendev.org/$1/$2/" [L,QSD]
|
||||
|
||||
###################################
|
||||
# refs tab -> branches tab
|
||||
# ignore all args
|
||||
# The cgit refs tab shows tags+branches, the branches tab in gitea is
|
||||
# the closest linkable url
|
||||
|
||||
RewriteRule "^cgit/([^/]+)/([^/]+)/refs/?" "https://opendev.org/$1/$2/branches" [L,QSD]
|
||||
|
||||
###################################
|
||||
# log tab (with file) -> commits tab
|
||||
# h=
|
||||
|
||||
RewriteCond %{QUERY_STRING} h=([\w/]+)
|
||||
RewriteRule "^cgit/([^/]+)/([^/]+)/log/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
|
||||
|
||||
# no args
|
||||
|
||||
RewriteRule "^cgit/([^/]+)/([^/]+)/log/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
|
||||
|
||||
#####################################################
|
||||
# tree tab (with file) -> tree tab
|
||||
# id=
|
||||
# h=&id= (id)
|
||||
# if there's a commit, it takes precedence
|
||||
RewriteCond %{QUERY_STRING} id=([\w]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
|
||||
|
||||
# h=
|
||||
# we have a commit pointed for a head
|
||||
RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
|
||||
|
||||
# h=
|
||||
# if there's no commit, but a branch:
|
||||
RewriteCond %{QUERY_STRING} h=([\w/]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/branch/%1/$3" [L,QSD]
|
||||
|
||||
# if there's no args:
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/branch/master/$3" [L,QSD]
|
||||
|
||||
#####################################################
|
||||
# plain link without file -> tree tab
|
||||
# id=
|
||||
# h=&id= (id)
|
||||
# if there's a commit, it takes precedence
|
||||
RewriteCond %{QUERY_STRING} id=([\w]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
|
||||
|
||||
# h=
|
||||
# we have a commit pointed for a head
|
||||
RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
|
||||
|
||||
# h=
|
||||
# if there's no commit, but a branch:
|
||||
RewriteCond %{QUERY_STRING} h=([\w/]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/branch/%1/$3" [L,QSD]
|
||||
|
||||
# if there's no args:
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/branch/master/$3" [L,QSD]
|
||||
|
||||
#####################################################
|
||||
# plain link (with file) -> raw
|
||||
# same as tree
|
||||
# id=
|
||||
# h=&id= (id)
|
||||
# if there's a commit, it takes precedence
|
||||
RewriteCond %{QUERY_STRING} id=([\w]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)" "https://opendev.org/$1/$2/raw/commit/%1/$3" [L,QSD]
|
||||
|
||||
# h=
|
||||
# we have a commit pointed for a head
|
||||
RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)$" "https://opendev.org/$1/$2/raw/commit/%1/$3" [L,QSD]
|
||||
|
||||
# h=
|
||||
# if there's no commit, but a branch:
|
||||
RewriteCond %{QUERY_STRING} h=([\w/]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)" "https://opendev.org/$1/$2/raw/branch/%1/$3" [L,QSD]
|
||||
|
||||
# if there's no args:
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)" "https://opendev.org/$1/$2/raw/branch/master/$3" [L,QSD]
|
||||
|
||||
######################
|
||||
# commit tab (with file) -> commit screen (without file)
|
||||
# id=
|
||||
# id=&h=
|
||||
RewriteCond %{QUERY_STRING} id=([\w]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
|
||||
|
||||
# h=
|
||||
# we have a commit pointed for a head
|
||||
RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
|
||||
|
||||
# h=
|
||||
# The commit tab in cgit will show the branch-tip commit in this case.
|
||||
# There is not a comprable page in gitea, so we redirect to the branch
|
||||
# log (which has the branch-tip commit at the top of the list). We
|
||||
# include the file if it's there to further restrict the list of
|
||||
# commits
|
||||
RewriteCond %{QUERY_STRING} h=([\w/]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
|
||||
|
||||
# no args
|
||||
# Same, but with master branch
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
|
||||
|
||||
######################
|
||||
# diff (with file) -> commit screen (without file)
|
||||
# Gitea doesn't handle arbitrary diffs, so just show the commit page for id.
|
||||
# We do the same thing as for the commit tab.
|
||||
# id=&id2=
|
||||
# id=
|
||||
# id=&h=
|
||||
RewriteCond %{QUERY_STRING} id=([\w]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
|
||||
|
||||
# h=
|
||||
# we have a commit pointed for a head
|
||||
RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
|
||||
|
||||
# h=
|
||||
RewriteCond %{QUERY_STRING} h=([\w/]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
|
||||
|
||||
# no args
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
|
||||
|
||||
######################
|
||||
# patch (with file)
|
||||
# Gitea doesn't handle generating patch files, so just show the commit page.
|
||||
# We do the same thing as for the commit tab.
|
||||
# id=
|
||||
# id=&h=
|
||||
RewriteCond %{QUERY_STRING} id=([\w]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
|
||||
|
||||
# h=
|
||||
# we have a commit pointed for a head
|
||||
RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
|
||||
|
||||
# h=
|
||||
RewriteCond %{QUERY_STRING} h=([\w/]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
|
||||
|
||||
# no args
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
|
||||
|
||||
#####################
|
||||
# tag
|
||||
# Gitea doesn't have a dedicated tag page, but if you click a tag in
|
||||
# gitea, it takes you to the source tree view for that tag, which has
|
||||
# the tagged commit at the top of the table.
|
||||
RewriteCond %{QUERY_STRING} h=([\w/\.]+)
|
||||
RewriteRule "^cgit/(.*?)/(.*?)/tag/?" "https://opendev.org/$1/$2/src/tag/%1" [L,QSD]
|
||||
|
||||
#####################
|
||||
# Any other unknown cgit url, redirect to /
|
||||
RewriteRule "^cgit" "https://opendev.org/" [L,QSD]
|
||||
|
||||
#####################
|
||||
# Non cgit URLs
|
||||
RewriteRule "^(.*)$" "https://opendev.org/$1" [L]
|
@ -1,307 +0,0 @@
|
||||
# == Class: openstack_project::files
|
||||
#
|
||||
class openstack_project::files (
|
||||
$vhost_name = $::fqdn,
|
||||
$developer_cert_file_contents,
|
||||
$developer_key_file_contents,
|
||||
$developer_chain_file_contents,
|
||||
$docs_cert_file_contents,
|
||||
$docs_key_file_contents,
|
||||
$docs_chain_file_contents,
|
||||
$git_airship_cert_file_contents,
|
||||
$git_airship_key_file_contents,
|
||||
$git_airship_chain_file_contents,
|
||||
$git_openstack_cert_file_contents,
|
||||
$git_openstack_key_file_contents,
|
||||
$git_openstack_chain_file_contents,
|
||||
$git_starlingx_cert_file_contents,
|
||||
$git_starlingx_key_file_contents,
|
||||
$git_starlingx_chain_file_contents,
|
||||
) {
|
||||
|
||||
$afs_root = '/afs/openstack.org/'
|
||||
$www_base = '/var/www'
|
||||
|
||||
#####################################################
|
||||
# Build Apache Webroot
|
||||
file { "${www_base}":
|
||||
ensure => directory,
|
||||
owner => root,
|
||||
group => root,
|
||||
}
|
||||
|
||||
file { "${www_base}/robots.txt":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/disallow_robots.txt',
|
||||
require => File["${www_base}"],
|
||||
}
|
||||
|
||||
#####################################################
|
||||
# Git Redirects Webroot
|
||||
file { "${www_base}/git-redirect":
|
||||
ensure => directory,
|
||||
owner => root,
|
||||
group => root,
|
||||
require => File["${www_base}"],
|
||||
}
|
||||
|
||||
file { "${www_base}/git-redirect/.htaccess":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/git-redirect.htaccess',
|
||||
require => File["${www_base}/git-redirect"],
|
||||
}
|
||||
|
||||
#####################################################
|
||||
# Set up directories needed by HTTPS certs/keys
|
||||
file { '/etc/ssl/certs':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
file { '/etc/ssl/private':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0700',
|
||||
}
|
||||
|
||||
#####################################################
|
||||
# Build VHost
|
||||
include ::httpd
|
||||
|
||||
::httpd::vhost { $vhost_name:
|
||||
port => 80,
|
||||
priority => '50',
|
||||
docroot => "${afs_root}",
|
||||
template => 'openstack_project/files.vhost.erb',
|
||||
require => [
|
||||
File["${www_base}"],
|
||||
]
|
||||
}
|
||||
|
||||
httpd_mod { 'rewrite':
|
||||
ensure => present,
|
||||
before => Service['httpd'],
|
||||
}
|
||||
|
||||
class { '::httpd::logrotate':
|
||||
options => [
|
||||
'daily',
|
||||
'missingok',
|
||||
'rotate 7',
|
||||
'compress',
|
||||
'delaycompress',
|
||||
'notifempty',
|
||||
'create 640 root adm',
|
||||
],
|
||||
}
|
||||
|
||||
# Until Apache 2.4.24 the event MPM has some issues scalability
|
||||
# bottlenecks that were seen to drop connections, especially on
|
||||
# larger files; see
|
||||
# https://httpd.apache.org/docs/2.4/mod/event.html
|
||||
#
|
||||
# The main advantage of event MPM is for keep-alive requests which
|
||||
# are not really a big issue on this static file server. Therefore
|
||||
# we switch to the threaded worker MPM as a workaround. This can be
|
||||
# reconsidered when the apache version running is sufficient to
|
||||
# avoid these problems.
|
||||
|
||||
httpd::mod { 'mpm_event': ensure => 'absent' }
|
||||
httpd::mod { 'mpm_worker': ensure => 'present' }
|
||||
|
||||
file { '/etc/apache2/mods-available/mpm_worker.conf':
|
||||
ensure => file,
|
||||
source => 'puppet:///modules/openstack_project/files/mpm_worker.conf',
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# docs.openstack.org
|
||||
|
||||
::httpd::vhost { 'docs.openstack.org':
|
||||
port => 443, # Is required despite not being used.
|
||||
docroot => "${afs_root}docs",
|
||||
priority => '50',
|
||||
template => 'openstack_project/docs.vhost.erb',
|
||||
}
|
||||
file { '/etc/ssl/certs/docs.openstack.org.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $docs_cert_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
}
|
||||
file { '/etc/ssl/private/docs.openstack.org.key':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $docs_key_file_contents,
|
||||
require => File['/etc/ssl/private'],
|
||||
}
|
||||
file { '/etc/ssl/certs/docs.openstack.org_intermediate.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $docs_chain_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
before => File['/etc/ssl/certs/docs.openstack.org.pem'],
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# developer.openstack.org
|
||||
|
||||
::httpd::vhost { 'developer.openstack.org':
|
||||
port => 443, # Is required despite not being used.
|
||||
docroot => "${afs_root}developer-docs",
|
||||
priority => '50',
|
||||
template => 'openstack_project/developer.vhost.erb',
|
||||
}
|
||||
file { '/etc/ssl/certs/developer.openstack.org.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $developer_cert_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
}
|
||||
file { '/etc/ssl/private/developer.openstack.org.key':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $developer_key_file_contents,
|
||||
require => File['/etc/ssl/private'],
|
||||
}
|
||||
file { '/etc/ssl/certs/developer.openstack.org_intermediate.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $developer_chain_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
before => File['/etc/ssl/certs/developer.openstack.org.pem'],
|
||||
}
|
||||
|
||||
|
||||
###########################################################
|
||||
# git.airshipit.org
|
||||
|
||||
::httpd::vhost { 'git.airshipit.org':
|
||||
port => 443, # Is required despite not being used.
|
||||
docroot => "${www_base}/git-redirect",
|
||||
priority => '50',
|
||||
template => 'openstack_project/git-redirect.vhost.erb',
|
||||
require => File["${www_base}/git-redirect"],
|
||||
}
|
||||
file { '/etc/ssl/certs/git.airshipit.org.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $git_airship_cert_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
}
|
||||
file { '/etc/ssl/private/git.airshipit.org.key':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $git_airship_key_file_contents,
|
||||
require => File['/etc/ssl/private'],
|
||||
}
|
||||
file { '/etc/ssl/certs/git.airshipit.org_intermediate.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $git_airship_chain_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
before => File['/etc/ssl/certs/git.airshipit.org.pem'],
|
||||
}
|
||||
|
||||
|
||||
###########################################################
|
||||
# git.openstack.org
|
||||
|
||||
::httpd::vhost { 'git.openstack.org':
|
||||
port => 443, # Is required despite not being used.
|
||||
docroot => "${www_base}/git-redirect",
|
||||
priority => '50',
|
||||
template => 'openstack_project/git-redirect.vhost.erb',
|
||||
require => File["${www_base}/git-redirect"],
|
||||
}
|
||||
file { '/etc/ssl/certs/git.openstack.org.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $git_openstack_cert_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
}
|
||||
file { '/etc/ssl/private/git.openstack.org.key':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $git_openstack_key_file_contents,
|
||||
require => File['/etc/ssl/private'],
|
||||
}
|
||||
file { '/etc/ssl/certs/git.openstack.org_intermediate.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $git_openstack_chain_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
before => File['/etc/ssl/certs/git.openstack.org.pem'],
|
||||
}
|
||||
|
||||
|
||||
###########################################################
|
||||
# git.starlingx.io
|
||||
|
||||
::httpd::vhost { 'git.starlingx.io':
|
||||
port => 443, # Is required despite not being used.
|
||||
docroot => "${www_base}/git-redirect",
|
||||
priority => '50',
|
||||
template => 'openstack_project/git-redirect.vhost.erb',
|
||||
require => File["${www_base}/git-redirect"],
|
||||
}
|
||||
file { '/etc/ssl/certs/git.starlingx.io.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $git_starlingx_cert_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
}
|
||||
file { '/etc/ssl/private/git.starlingx.io.key':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $git_starlingx_key_file_contents,
|
||||
require => File['/etc/ssl/private'],
|
||||
}
|
||||
file { '/etc/ssl/certs/git.starlingx.io_intermediate.pem':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $git_starlingx_chain_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
before => File['/etc/ssl/certs/git.starlingx.io.pem'],
|
||||
}
|
||||
}
|
@ -1,59 +0,0 @@
|
||||
# ************************************
|
||||
# Managed by Puppet
|
||||
# ************************************
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName <%= @srvname %>
|
||||
<% if @serveraliases.is_a? Array -%>
|
||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
||||
<% elsif @serveraliases != nil -%>
|
||||
<%= " ServerAlias #{@serveraliases}" -%>
|
||||
<% end -%>
|
||||
|
||||
RewriteEngine on
|
||||
RewriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
ServerName <%= @srvname %>
|
||||
<% if @serveraliases.is_a? Array -%>
|
||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
||||
<% elsif @serveraliases != nil -%>
|
||||
<%= " ServerAlias #{@serveraliases}" -%>
|
||||
<% end -%>
|
||||
|
||||
RewriteEngine on
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
||||
# only is guarenteed.
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||
SSLHonorCipherOrder on
|
||||
SSLCertificateFile /etc/ssl/certs/developer.openstack.org.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/developer.openstack.org.key
|
||||
SSLCertificateChainFile /etc/ssl/certs/developer.openstack.org_intermediate.pem
|
||||
|
||||
DocumentRoot <%= @docroot %>
|
||||
<Directory <%= @docroot %>>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
Satisfy any
|
||||
Require all granted
|
||||
# Allow mod_rewrite rules
|
||||
AllowOverride FileInfo
|
||||
ErrorDocument 404 /errorpage.html
|
||||
</Directory>
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
</IfModule>
|
@ -1,60 +0,0 @@
|
||||
# ************************************
|
||||
# Managed by Puppet
|
||||
# ************************************
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName <%= @srvname %>
|
||||
<% if @serveraliases.is_a? Array -%>
|
||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
||||
<% elsif @serveraliases != nil -%>
|
||||
<%= " ServerAlias #{@serveraliases}" -%>
|
||||
<% end -%>
|
||||
|
||||
RewriteEngine on
|
||||
RewriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
ServerName <%= @srvname %>
|
||||
<% if @serveraliases.is_a? Array -%>
|
||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
||||
<% elsif @serveraliases != nil -%>
|
||||
<%= " ServerAlias #{@serveraliases}" -%>
|
||||
<% end -%>
|
||||
|
||||
RewriteEngine on
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
||||
# only is guarenteed.
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||
SSLHonorCipherOrder on
|
||||
SSLCertificateFile /etc/ssl/certs/docs.openstack.org.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/docs.openstack.org.key
|
||||
SSLCertificateChainFile /etc/ssl/certs/docs.openstack.org_intermediate.pem
|
||||
|
||||
DocumentRoot <%= @docroot %>
|
||||
<Directory <%= @docroot %>>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
Satisfy any
|
||||
Require all granted
|
||||
AllowOverride None
|
||||
# Allow mod_rewrite rules
|
||||
AllowOverrideList Redirect RedirectMatch
|
||||
ErrorDocument 404 /errorpage.html
|
||||
</Directory>
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
</IfModule>
|
@ -1,32 +0,0 @@
|
||||
# ************************************
|
||||
# Managed by Puppet
|
||||
# ************************************
|
||||
|
||||
NameVirtualHost <%= @vhost_name %>:<%= @port %>
|
||||
<VirtualHost <%= @vhost_name %>:<%= @port %>>
|
||||
ServerName <%= @srvname %>
|
||||
<% if @serveraliases.is_a? Array -%>
|
||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
||||
<% elsif @serveraliases != nil -%>
|
||||
<%= " ServerAlias #{@serveraliases}" -%>
|
||||
<% end -%>
|
||||
|
||||
DocumentRoot <%= @docroot %>
|
||||
<Directory <%= @docroot %>>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
Satisfy any
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
Alias /robots.txt /var/www/robots.txt
|
||||
<Directory "/var/www/robots.txt">
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
|
||||
AddType text/plain .log .log.1
|
||||
</VirtualHost>
|
@ -1,49 +0,0 @@
|
||||
# ************************************
|
||||
# Managed by Puppet
|
||||
# ************************************
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName <%= @srvname %>
|
||||
RewriteEngine On
|
||||
DocumentRoot <%= @docroot %>
|
||||
<Directory <%= @docroot %>>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
AllowOverride None
|
||||
AllowOverrideList Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule
|
||||
Satisfy Any
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/<%= @srvname %>_error.log
|
||||
CustomLog /var/log/apache2/<%= @srvname %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
ServerName <%= @srvname %>
|
||||
RewriteEngine On
|
||||
DocumentRoot <%= @docroot %>
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
||||
# only is guarenteed.
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||
SSLHonorCipherOrder on
|
||||
SSLCertificateFile /etc/ssl/certs/<%= @srvname %>.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/<%= @srvname %>.key
|
||||
SSLCertificateChainFile /etc/ssl/certs/<%= @srvname %>_intermediate.pem
|
||||
<Directory <%= @docroot %>>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
AllowOverride None
|
||||
AllowOverrideList Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule
|
||||
Satisfy Any
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/<%= @srvname %>_error.log
|
||||
CustomLog /var/log/apache2/<%= @srvname %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
</IfModule>
|
@ -1,24 +0,0 @@
|
||||
# ************************************
|
||||
# Managed by Puppet
|
||||
# ************************************
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName <%= @srvname %>
|
||||
|
||||
RewriteEngine on
|
||||
DocumentRoot <%= @docroot %>
|
||||
<Directory <%= @docroot %>>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
Satisfy any
|
||||
Require all granted
|
||||
AllowOverride None
|
||||
# Allow mod_rewrite rules
|
||||
AllowOverrideList Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule
|
||||
ErrorDocument 404 /errorpage.html
|
||||
</Directory>
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
@ -1,60 +0,0 @@
|
||||
# ************************************
|
||||
# Managed by Puppet
|
||||
# ************************************
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName <%= @name %>
|
||||
<% if @aliases.is_a? Array -%>
|
||||
<% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
|
||||
<% elsif @aliases != nil -%>
|
||||
<%= " ServerAlias #{@aliases}" -%>
|
||||
<% end -%>
|
||||
|
||||
RewriteEngine on
|
||||
RewriteRule ^/(.*) https://<%= @name %>/$1 [last,redirect=permanent]
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
ServerName <%= @name %>
|
||||
<% if @aliases.is_a? Array -%>
|
||||
<% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
|
||||
<% elsif @aliases != nil -%>
|
||||
<%= " ServerAlias #{@aliases}" -%>
|
||||
<% end -%>
|
||||
|
||||
RewriteEngine on
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
||||
# only is guarenteed.
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||
SSLHonorCipherOrder on
|
||||
SSLCertificateFile <%= @ssl_cert_file_ %>
|
||||
SSLCertificateKeyFile <%= @ssl_key_file_ %>
|
||||
SSLCertificateChainFile <%= @ssl_chain_file_ %>
|
||||
|
||||
DocumentRoot <%= @docroot_ %>
|
||||
<Directory <%= @docroot_ %>>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
Satisfy any
|
||||
Require all granted
|
||||
AllowOverride None
|
||||
# Allow mod_rewrite rules
|
||||
AllowOverrideList <%= @allow_override_list_ %>
|
||||
ErrorDocument 404 /errorpage.html
|
||||
</Directory>
|
||||
|
||||
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
</IfModule>
|
Loading…
Reference in New Issue
Block a user