diff --git a/inventory/groups.yaml b/inventory/groups.yaml
index 7cc06dc986..a1177288c9 100644
--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@@ -6,7 +6,6 @@ groups:
- review-dev[0-9]*.open*.org
- mirror[0-9]*.open*.org
- mirror-update[0-9]*.opendev.org
- - files[0-9]*.open*.org
- ze[0-9]*.open*.org
- afsdb*.open*.org
- afs[0-9]*.open*.org
@@ -45,7 +44,6 @@ groups:
ethercalc: ethercalc*.open*.org
etherpad: etherpad[0-9]*.open*.org
etherpad-dev: etherpad-dev[0-9]*.open*.org
- files: files[0-9]*.open*.org
firehose: firehose[0-9]*.open*.org
gerrit:
- review-dev[0-9]*.open*.org
@@ -124,7 +122,6 @@ groups:
- ethercalc[0-9]*.open*.org
- etherpad-dev[0-9]*.open*.org
- etherpad[0-9]*.open*.org
- - files[0-9]*.open*.org
- firehose[0-9]*.open*.org
- grafana[0-9]*.open*.org
- graphite*.open*.org
@@ -171,7 +168,6 @@ groups:
- ethercalc[0-9]*.open*.org
- etherpad[0-9]*.open*.org
- etherpad-dev[0-9]*.open*.org
- - files[0-9]*.open*.org
- firehose[0-9]*.open*.org
- grafana[0-9]*.open*.org
- graphite[0-9]*.open*.org
@@ -242,7 +238,6 @@ groups:
- ethercalc[0-9]*.open*.org
- etherpad-dev[0-9]*.open*.org
- etherpad[0-9]*.open*.org
- - files[0-9]*.open*.org
- grafana[0-9]*.open*.org
- graphite*.open*.org
- health[0-9]*.openstack.org
diff --git a/inventory/openstack.yaml b/inventory/openstack.yaml
index 05ded3f9dc..da55f7a20c 100644
--- a/inventory/openstack.yaml
+++ b/inventory/openstack.yaml
@@ -154,13 +154,6 @@ all:
region_name: DFW
public_v4: 23.253.238.66
public_v6: 2001:4800:7817:104:be76:4eff:fe04:8f0c
- files02.openstack.org:
- ansible_host: 2001:4800:7817:103:be76:4eff:fe04:e3e3
- location:
- cloud: openstackci-rax
- region_name: DFW
- public_v4: 23.253.125.17
- public_v6: 2001:4800:7817:103:be76:4eff:fe04:e3e3
firehose01.openstack.org:
ansible_host: 2001:4800:7818:103:be76:4eff:fe04:40aa
location:
diff --git a/manifests/site.pp b/manifests/site.pp
index 5c2383cffb..26399354c9 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -336,89 +336,6 @@ node /^mirror\d*\..*\.open.*\.org$/ {
}
}
-# Serve static AFS content for docs and other sites.
-# Node-OS: xenial
-node /^files\d*\.open.*\.org$/ {
- $group = "files"
- class { 'openstack_project::server':
- afs => true,
- afs_cache_size => 10000000, # 10GB
- }
-
- class { 'openstack_project::files':
- vhost_name => 'files.openstack.org',
- developer_cert_file_contents => hiera('developer_cert_file_contents'),
- developer_key_file_contents => hiera('developer_key_file_contents'),
- developer_chain_file_contents => hiera('developer_chain_file_contents'),
- docs_cert_file_contents => hiera('docs_cert_file_contents'),
- docs_key_file_contents => hiera('docs_key_file_contents'),
- docs_chain_file_contents => hiera('docs_chain_file_contents'),
- git_airship_cert_file_contents => hiera('git_airship_cert_file_contents'),
- git_airship_key_file_contents => hiera('git_airship_key_file_contents'),
- git_airship_chain_file_contents => hiera('git_airship_chain_file_contents'),
- git_openstack_cert_file_contents => hiera('git_openstack_cert_file_contents'),
- git_openstack_key_file_contents => hiera('git_openstack_key_file_contents'),
- git_openstack_chain_file_contents => hiera('git_openstack_chain_file_contents'),
- git_starlingx_cert_file_contents => hiera('git_starlingx_cert_file_contents'),
- git_starlingx_key_file_contents => hiera('git_starlingx_key_file_contents'),
- git_starlingx_chain_file_contents => hiera('git_starlingx_chain_file_contents'),
- require => Class['Openstack_project::Server'],
- }
-
- # Temporary for evaluating htaccess rules
- ::httpd::vhost { "git-test.openstack.org":
- port => 80, # Is required despite not being used.
- docroot => "/afs/openstack.org/project/git-test/www",
- priority => '50',
- template => 'openstack_project/git-test.vhost.erb',
- }
-
- openstack_project::website { 'docs.starlingx.io':
- volume_name => 'starlingx.io',
- aliases => [],
- ssl_cert => hiera('docs_starlingx_io_ssl_cert'),
- ssl_key => hiera('docs_starlingx_io_ssl_key'),
- ssl_intermediate => hiera('docs_starlingx_io_ssl_intermediate'),
- require => Class['openstack_project::files'],
- }
-
- openstack_project::website { 'docs.opendev.org':
- aliases => [],
- docroot => "/afs/openstack.org/project/opendev.org/docs",
- ssl_cert => hiera('docs_opendev_ssl_cert'),
- ssl_key => hiera('docs_opendev_ssl_key'),
- ssl_intermediate => hiera('docs_opendev_ssl_intermediate'),
- require => Class['openstack_project::files'],
- }
-
- openstack_project::website { 'tarballs.opendev.org':
- aliases => [],
- docroot => "/afs/openstack.org/project/opendev.org/tarballs",
- ssl_cert_file => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.cer',
- ssl_key_file => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.key',
- ssl_chain_file => '/etc/letsencrypt-certs/tarballs.opendev.org/ca.cer',
- require => Class['openstack_project::files'],
- }
-
- openstack_project::website { 'zuul-ci.org':
- aliases => ['www.zuul-ci.org', 'zuulci.org', 'www.zuulci.org'],
- ssl_cert_file => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.cer',
- ssl_key_file => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.key',
- ssl_chain_file => '/etc/letsencrypt-certs/zuul-ci.org/ca.cer',
- require => Class['openstack_project::files'],
- }
-
- openstack_project::website { 'git.zuul-ci.org':
- docroot => "/var/www/git-redirect",
- allow_override_list => "Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule",
- ssl_cert_file => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.cer',
- ssl_key_file => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.key',
- ssl_chain_file => '/etc/letsencrypt-certs/git.zuul-ci.org/ca.cer',
- require => Class['openstack_project::files'],
- }
-
-}
-
# Node-OS: trusty
# Node-OS: xenial
node /^refstack\d*\.open.*\.org$/ {
diff --git a/modules/openstack_project/files/files/mpm_worker.conf b/modules/openstack_project/files/files/mpm_worker.conf
deleted file mode 100644
index a4fb1b3b8d..0000000000
--- a/modules/openstack_project/files/files/mpm_worker.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# Managed by puppet
-# worker MPM
-# StartServers: initial number of server processes to start
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
-# graceful restart. ThreadLimit can only be changed by stopping
-# and starting Apache.
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestWorkers: maximum number of threads
-# MaxConnectionsPerChild: maximum number of requests a server process serves
-
-
- StartServers 2
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadLimit 64
- ThreadsPerChild 25
- MaxRequestWorkers 400
- MaxConnectionsPerChild 0
-
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/modules/openstack_project/files/git-redirect.htaccess b/modules/openstack_project/files/git-redirect.htaccess
deleted file mode 100644
index 9758adc891..0000000000
--- a/modules/openstack_project/files/git-redirect.htaccess
+++ /dev/null
@@ -1,186 +0,0 @@
-# Unescape any slashes in the branch portion of the query string so
-# that we don't have to worry about whether or not they are encoded
-# later. This is a recursive rule to handle multiple slashes.
-RewriteCond %{QUERY_STRING} "^(.*)h=([^&]+)%2F([^&]+)(.*)$"
-RewriteRule "^(.*)$" "/$1?%1h=%2/%3%4" [N]
-
-# Map whitelabeled project git sites with repository prefixes
-RewriteCond %{HTTP_HOST} ^git\.airshipit\.org$ [NC]
-RewriteRule "^(cgit/|)airship-(.*)$" "$1airship/$2" [L]
-RewriteCond %{HTTP_HOST} ^git\.starlingx\.io$ [NC]
-RewriteRule "^(cgit/|)stx-(.*)$" "$1starlingx/$2" [L]
-RewriteCond %{HTTP_HOST} ^git\.zuul-ci\.org$ [NC]
-RewriteRule "^(cgit/|)((nodepool|zuul).*)$" "$1zuul/$2" [L]
-
-###################################
-# summary
-# ignore all args
-
-RewriteRule "^cgit/([^/]+)/([^/]+)/?$" "https://opendev.org/$1/$2/" [L,QSD]
-
-###################################
-# refs tab -> branches tab
-# ignore all args
-# The cgit refs tab shows tags+branches, the branches tab in gitea is
-# the closest linkable url
-
-RewriteRule "^cgit/([^/]+)/([^/]+)/refs/?" "https://opendev.org/$1/$2/branches" [L,QSD]
-
-###################################
-# log tab (with file) -> commits tab
-# h=
-
-RewriteCond %{QUERY_STRING} h=([\w/]+)
-RewriteRule "^cgit/([^/]+)/([^/]+)/log/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
-
-# no args
-
-RewriteRule "^cgit/([^/]+)/([^/]+)/log/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
-
-#####################################################
-# tree tab (with file) -> tree tab
-# id=
-# h=&id= (id)
-# if there's a commit, it takes precedence
-RewriteCond %{QUERY_STRING} id=([\w]+)
-RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
-
-# h=
-# we have a commit pointed for a head
-RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
-RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
-
-# h=
-# if there's no commit, but a branch:
-RewriteCond %{QUERY_STRING} h=([\w/]+)
-RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/branch/%1/$3" [L,QSD]
-
-# if there's no args:
-RewriteRule "^cgit/(.*?)/(.*?)/tree/?(.*)" "https://opendev.org/$1/$2/src/branch/master/$3" [L,QSD]
-
-#####################################################
-# plain link without file -> tree tab
-# id=
-# h=&id= (id)
-# if there's a commit, it takes precedence
-RewriteCond %{QUERY_STRING} id=([\w]+)
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
-
-# h=
-# we have a commit pointed for a head
-RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/commit/%1/$3" [L,QSD]
-
-# h=
-# if there's no commit, but a branch:
-RewriteCond %{QUERY_STRING} h=([\w/]+)
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/branch/%1/$3" [L,QSD]
-
-# if there's no args:
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?$" "https://opendev.org/$1/$2/src/branch/master/$3" [L,QSD]
-
-#####################################################
-# plain link (with file) -> raw
-# same as tree
-# id=
-# h=&id= (id)
-# if there's a commit, it takes precedence
-RewriteCond %{QUERY_STRING} id=([\w]+)
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)" "https://opendev.org/$1/$2/raw/commit/%1/$3" [L,QSD]
-
-# h=
-# we have a commit pointed for a head
-RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)$" "https://opendev.org/$1/$2/raw/commit/%1/$3" [L,QSD]
-
-# h=
-# if there's no commit, but a branch:
-RewriteCond %{QUERY_STRING} h=([\w/]+)
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)" "https://opendev.org/$1/$2/raw/branch/%1/$3" [L,QSD]
-
-# if there's no args:
-RewriteRule "^cgit/(.*?)/(.*?)/plain/?(.*)" "https://opendev.org/$1/$2/raw/branch/master/$3" [L,QSD]
-
-######################
-# commit tab (with file) -> commit screen (without file)
-# id=
-# id=&h=
-RewriteCond %{QUERY_STRING} id=([\w]+)
-RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
-
-# h=
-# we have a commit pointed for a head
-RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
-RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
-
-# h=
-# The commit tab in cgit will show the branch-tip commit in this case.
-# There is not a comprable page in gitea, so we redirect to the branch
-# log (which has the branch-tip commit at the top of the list). We
-# include the file if it's there to further restrict the list of
-# commits
-RewriteCond %{QUERY_STRING} h=([\w/]+)
-RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
-
-# no args
-# Same, but with master branch
-RewriteRule "^cgit/(.*?)/(.*?)/commit/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
-
-######################
-# diff (with file) -> commit screen (without file)
-# Gitea doesn't handle arbitrary diffs, so just show the commit page for id.
-# We do the same thing as for the commit tab.
-# id=&id2=
-# id=
-# id=&h=
-RewriteCond %{QUERY_STRING} id=([\w]+)
-RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
-
-# h=
-# we have a commit pointed for a head
-RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
-RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
-
-# h=
-RewriteCond %{QUERY_STRING} h=([\w/]+)
-RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
-
-# no args
-RewriteRule "^cgit/(.*?)/(.*?)/diff/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
-
-######################
-# patch (with file)
-# Gitea doesn't handle generating patch files, so just show the commit page.
-# We do the same thing as for the commit tab.
-# id=
-# id=&h=
-RewriteCond %{QUERY_STRING} id=([\w]+)
-RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
-
-# h=
-# we have a commit pointed for a head
-RewriteCond %{QUERY_STRING} h=([0-9a-f]{40})
-RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commit/%1" [L,QSD]
-
-# h=
-RewriteCond %{QUERY_STRING} h=([\w/]+)
-RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commits/branch/%1/$3" [L,QSD]
-
-# no args
-RewriteRule "^cgit/(.*?)/(.*?)/patch/?(.*)" "https://opendev.org/$1/$2/commits/branch/master/$3" [L,QSD]
-
-#####################
-# tag
-# Gitea doesn't have a dedicated tag page, but if you click a tag in
-# gitea, it takes you to the source tree view for that tag, which has
-# the tagged commit at the top of the table.
-RewriteCond %{QUERY_STRING} h=([\w/\.]+)
-RewriteRule "^cgit/(.*?)/(.*?)/tag/?" "https://opendev.org/$1/$2/src/tag/%1" [L,QSD]
-
-#####################
-# Any other unknown cgit url, redirect to /
-RewriteRule "^cgit" "https://opendev.org/" [L,QSD]
-
-#####################
-# Non cgit URLs
-RewriteRule "^(.*)$" "https://opendev.org/$1" [L]
diff --git a/modules/openstack_project/manifests/files.pp b/modules/openstack_project/manifests/files.pp
deleted file mode 100644
index d511ddd58f..0000000000
--- a/modules/openstack_project/manifests/files.pp
+++ /dev/null
@@ -1,307 +0,0 @@
-# == Class: openstack_project::files
-#
-class openstack_project::files (
- $vhost_name = $::fqdn,
- $developer_cert_file_contents,
- $developer_key_file_contents,
- $developer_chain_file_contents,
- $docs_cert_file_contents,
- $docs_key_file_contents,
- $docs_chain_file_contents,
- $git_airship_cert_file_contents,
- $git_airship_key_file_contents,
- $git_airship_chain_file_contents,
- $git_openstack_cert_file_contents,
- $git_openstack_key_file_contents,
- $git_openstack_chain_file_contents,
- $git_starlingx_cert_file_contents,
- $git_starlingx_key_file_contents,
- $git_starlingx_chain_file_contents,
-) {
-
- $afs_root = '/afs/openstack.org/'
- $www_base = '/var/www'
-
- #####################################################
- # Build Apache Webroot
- file { "${www_base}":
- ensure => directory,
- owner => root,
- group => root,
- }
-
- file { "${www_base}/robots.txt":
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/openstack_project/disallow_robots.txt',
- require => File["${www_base}"],
- }
-
- #####################################################
- # Git Redirects Webroot
- file { "${www_base}/git-redirect":
- ensure => directory,
- owner => root,
- group => root,
- require => File["${www_base}"],
- }
-
- file { "${www_base}/git-redirect/.htaccess":
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/openstack_project/git-redirect.htaccess',
- require => File["${www_base}/git-redirect"],
- }
-
- #####################################################
- # Set up directories needed by HTTPS certs/keys
- file { '/etc/ssl/certs':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- }
-
- file { '/etc/ssl/private':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0700',
- }
-
- #####################################################
- # Build VHost
- include ::httpd
-
- ::httpd::vhost { $vhost_name:
- port => 80,
- priority => '50',
- docroot => "${afs_root}",
- template => 'openstack_project/files.vhost.erb',
- require => [
- File["${www_base}"],
- ]
- }
-
- httpd_mod { 'rewrite':
- ensure => present,
- before => Service['httpd'],
- }
-
- class { '::httpd::logrotate':
- options => [
- 'daily',
- 'missingok',
- 'rotate 7',
- 'compress',
- 'delaycompress',
- 'notifempty',
- 'create 640 root adm',
- ],
- }
-
- # Until Apache 2.4.24 the event MPM has some issues scalability
- # bottlenecks that were seen to drop connections, especially on
- # larger files; see
- # https://httpd.apache.org/docs/2.4/mod/event.html
- #
- # The main advantage of event MPM is for keep-alive requests which
- # are not really a big issue on this static file server. Therefore
- # we switch to the threaded worker MPM as a workaround. This can be
- # reconsidered when the apache version running is sufficient to
- # avoid these problems.
-
- httpd::mod { 'mpm_event': ensure => 'absent' }
- httpd::mod { 'mpm_worker': ensure => 'present' }
-
- file { '/etc/apache2/mods-available/mpm_worker.conf':
- ensure => file,
- source => 'puppet:///modules/openstack_project/files/mpm_worker.conf',
- notify => Service['httpd'],
- }
-
- ###########################################################
- # docs.openstack.org
-
- ::httpd::vhost { 'docs.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => "${afs_root}docs",
- priority => '50',
- template => 'openstack_project/docs.vhost.erb',
- }
- file { '/etc/ssl/certs/docs.openstack.org.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $docs_cert_file_contents,
- require => File['/etc/ssl/certs'],
- }
- file { '/etc/ssl/private/docs.openstack.org.key':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0600',
- content => $docs_key_file_contents,
- require => File['/etc/ssl/private'],
- }
- file { '/etc/ssl/certs/docs.openstack.org_intermediate.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $docs_chain_file_contents,
- require => File['/etc/ssl/certs'],
- before => File['/etc/ssl/certs/docs.openstack.org.pem'],
- }
-
- ###########################################################
- # developer.openstack.org
-
- ::httpd::vhost { 'developer.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => "${afs_root}developer-docs",
- priority => '50',
- template => 'openstack_project/developer.vhost.erb',
- }
- file { '/etc/ssl/certs/developer.openstack.org.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $developer_cert_file_contents,
- require => File['/etc/ssl/certs'],
- }
- file { '/etc/ssl/private/developer.openstack.org.key':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0600',
- content => $developer_key_file_contents,
- require => File['/etc/ssl/private'],
- }
- file { '/etc/ssl/certs/developer.openstack.org_intermediate.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $developer_chain_file_contents,
- require => File['/etc/ssl/certs'],
- before => File['/etc/ssl/certs/developer.openstack.org.pem'],
- }
-
-
- ###########################################################
- # git.airshipit.org
-
- ::httpd::vhost { 'git.airshipit.org':
- port => 443, # Is required despite not being used.
- docroot => "${www_base}/git-redirect",
- priority => '50',
- template => 'openstack_project/git-redirect.vhost.erb',
- require => File["${www_base}/git-redirect"],
- }
- file { '/etc/ssl/certs/git.airshipit.org.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $git_airship_cert_file_contents,
- require => File['/etc/ssl/certs'],
- }
- file { '/etc/ssl/private/git.airshipit.org.key':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0600',
- content => $git_airship_key_file_contents,
- require => File['/etc/ssl/private'],
- }
- file { '/etc/ssl/certs/git.airshipit.org_intermediate.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $git_airship_chain_file_contents,
- require => File['/etc/ssl/certs'],
- before => File['/etc/ssl/certs/git.airshipit.org.pem'],
- }
-
-
- ###########################################################
- # git.openstack.org
-
- ::httpd::vhost { 'git.openstack.org':
- port => 443, # Is required despite not being used.
- docroot => "${www_base}/git-redirect",
- priority => '50',
- template => 'openstack_project/git-redirect.vhost.erb',
- require => File["${www_base}/git-redirect"],
- }
- file { '/etc/ssl/certs/git.openstack.org.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $git_openstack_cert_file_contents,
- require => File['/etc/ssl/certs'],
- }
- file { '/etc/ssl/private/git.openstack.org.key':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0600',
- content => $git_openstack_key_file_contents,
- require => File['/etc/ssl/private'],
- }
- file { '/etc/ssl/certs/git.openstack.org_intermediate.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $git_openstack_chain_file_contents,
- require => File['/etc/ssl/certs'],
- before => File['/etc/ssl/certs/git.openstack.org.pem'],
- }
-
-
- ###########################################################
- # git.starlingx.io
-
- ::httpd::vhost { 'git.starlingx.io':
- port => 443, # Is required despite not being used.
- docroot => "${www_base}/git-redirect",
- priority => '50',
- template => 'openstack_project/git-redirect.vhost.erb',
- require => File["${www_base}/git-redirect"],
- }
- file { '/etc/ssl/certs/git.starlingx.io.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $git_starlingx_cert_file_contents,
- require => File['/etc/ssl/certs'],
- }
- file { '/etc/ssl/private/git.starlingx.io.key':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0600',
- content => $git_starlingx_key_file_contents,
- require => File['/etc/ssl/private'],
- }
- file { '/etc/ssl/certs/git.starlingx.io_intermediate.pem':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => $git_starlingx_chain_file_contents,
- require => File['/etc/ssl/certs'],
- before => File['/etc/ssl/certs/git.starlingx.io.pem'],
- }
-}
diff --git a/modules/openstack_project/templates/developer.vhost.erb b/modules/openstack_project/templates/developer.vhost.erb
deleted file mode 100644
index b545ce5292..0000000000
--- a/modules/openstack_project/templates/developer.vhost.erb
+++ /dev/null
@@ -1,59 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @srvname %>
- <% if @serveraliases.is_a? Array -%>
- <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
- <% elsif @serveraliases != nil -%>
- <%= " ServerAlias #{@serveraliases}" -%>
- <% end -%>
-
- RewriteEngine on
- RewriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @srvname %>
- <% if @serveraliases.is_a? Array -%>
- <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
- <% elsif @serveraliases != nil -%>
- <%= " ServerAlias #{@serveraliases}" -%>
- <% end -%>
-
- RewriteEngine on
-
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile /etc/ssl/certs/developer.openstack.org.pem
- SSLCertificateKeyFile /etc/ssl/private/developer.openstack.org.key
- SSLCertificateChainFile /etc/ssl/certs/developer.openstack.org_intermediate.pem
-
- DocumentRoot <%= @docroot %>
- >
- Options Indexes FollowSymLinks MultiViews
- Satisfy any
- Require all granted
- # Allow mod_rewrite rules
- AllowOverride FileInfo
- ErrorDocument 404 /errorpage.html
-
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
-
diff --git a/modules/openstack_project/templates/docs.vhost.erb b/modules/openstack_project/templates/docs.vhost.erb
deleted file mode 100644
index a7096f6ba9..0000000000
--- a/modules/openstack_project/templates/docs.vhost.erb
+++ /dev/null
@@ -1,60 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @srvname %>
- <% if @serveraliases.is_a? Array -%>
- <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
- <% elsif @serveraliases != nil -%>
- <%= " ServerAlias #{@serveraliases}" -%>
- <% end -%>
-
- RewriteEngine on
- RewriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @srvname %>
- <% if @serveraliases.is_a? Array -%>
- <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
- <% elsif @serveraliases != nil -%>
- <%= " ServerAlias #{@serveraliases}" -%>
- <% end -%>
-
- RewriteEngine on
-
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile /etc/ssl/certs/docs.openstack.org.pem
- SSLCertificateKeyFile /etc/ssl/private/docs.openstack.org.key
- SSLCertificateChainFile /etc/ssl/certs/docs.openstack.org_intermediate.pem
-
- DocumentRoot <%= @docroot %>
- >
- Options Indexes FollowSymLinks MultiViews
- Satisfy any
- Require all granted
- AllowOverride None
- # Allow mod_rewrite rules
- AllowOverrideList Redirect RedirectMatch
- ErrorDocument 404 /errorpage.html
-
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
-
diff --git a/modules/openstack_project/templates/files.vhost.erb b/modules/openstack_project/templates/files.vhost.erb
deleted file mode 100644
index 2c870a1b47..0000000000
--- a/modules/openstack_project/templates/files.vhost.erb
+++ /dev/null
@@ -1,32 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-NameVirtualHost <%= @vhost_name %>:<%= @port %>
-:<%= @port %>>
- ServerName <%= @srvname %>
- <% if @serveraliases.is_a? Array -%>
- <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
- <% elsif @serveraliases != nil -%>
- <%= " ServerAlias #{@serveraliases}" -%>
- <% end -%>
-
- DocumentRoot <%= @docroot %>
- >
- Options Indexes FollowSymLinks MultiViews
- Satisfy any
- Require all granted
-
-
- Alias /robots.txt /var/www/robots.txt
-
- Require all granted
-
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
- AddType text/plain .log .log.1
-
diff --git a/modules/openstack_project/templates/git-redirect.vhost.erb b/modules/openstack_project/templates/git-redirect.vhost.erb
deleted file mode 100644
index d9b66a4010..0000000000
--- a/modules/openstack_project/templates/git-redirect.vhost.erb
+++ /dev/null
@@ -1,49 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @srvname %>
- RewriteEngine On
- DocumentRoot <%= @docroot %>
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- AllowOverrideList Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule
- Satisfy Any
- Require all granted
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @srvname %>_error.log
- CustomLog /var/log/apache2/<%= @srvname %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @srvname %>
- RewriteEngine On
- DocumentRoot <%= @docroot %>
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile /etc/ssl/certs/<%= @srvname %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @srvname %>.key
- SSLCertificateChainFile /etc/ssl/certs/<%= @srvname %>_intermediate.pem
- >
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- AllowOverrideList Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule
- Satisfy Any
- Require all granted
-
- LogLevel warn
- ErrorLog /var/log/apache2/<%= @srvname %>_error.log
- CustomLog /var/log/apache2/<%= @srvname %>_access.log combined
- ServerSignature Off
-
-
diff --git a/modules/openstack_project/templates/git-test.vhost.erb b/modules/openstack_project/templates/git-test.vhost.erb
deleted file mode 100644
index c33bb598a6..0000000000
--- a/modules/openstack_project/templates/git-test.vhost.erb
+++ /dev/null
@@ -1,24 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @srvname %>
-
- RewriteEngine on
- DocumentRoot <%= @docroot %>
- >
- Options Indexes FollowSymLinks MultiViews
- Satisfy any
- Require all granted
- AllowOverride None
- # Allow mod_rewrite rules
- AllowOverrideList Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule
- ErrorDocument 404 /errorpage.html
-
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
diff --git a/modules/openstack_project/templates/website.vhost.erb b/modules/openstack_project/templates/website.vhost.erb
deleted file mode 100644
index 7eb898dc79..0000000000
--- a/modules/openstack_project/templates/website.vhost.erb
+++ /dev/null
@@ -1,60 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-
- ServerName <%= @name %>
- <% if @aliases.is_a? Array -%>
- <% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
- <% elsif @aliases != nil -%>
- <%= " ServerAlias #{@aliases}" -%>
- <% end -%>
-
- RewriteEngine on
- RewriteRule ^/(.*) https://<%= @name %>/$1 [last,redirect=permanent]
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
-
-
-
- ServerName <%= @name %>
- <% if @aliases.is_a? Array -%>
- <% @aliases.each do |alias_name| -%><%= " ServerAlias #{alias_name}\n" %><% end -%>
- <% elsif @aliases != nil -%>
- <%= " ServerAlias #{@aliases}" -%>
- <% end -%>
-
- RewriteEngine on
-
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
- # Once the machine is using something to terminate TLS that supports ECDHE
- # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
- # only is guarenteed.
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
- SSLHonorCipherOrder on
- SSLCertificateFile <%= @ssl_cert_file_ %>
- SSLCertificateKeyFile <%= @ssl_key_file_ %>
- SSLCertificateChainFile <%= @ssl_chain_file_ %>
-
- DocumentRoot <%= @docroot_ %>
- >
- Options Indexes FollowSymLinks MultiViews
- Satisfy any
- Require all granted
- AllowOverride None
- # Allow mod_rewrite rules
- AllowOverrideList <%= @allow_override_list_ %>
- ErrorDocument 404 /errorpage.html
-
-
- ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
- LogLevel warn
- CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
- ServerSignature Off
-
-