Generate HTTPS certs for Mailman sites
We're going to want Mailman 3 served over HTTPS for security reasons, so start by generating certificates for each of the sites we have in v2. Also collect the acme.sh logs for verification. Change-Id: I261ae55c6bc0a414beb473abcb30f9a86c63db85
This commit is contained in:
parent
6324944318
commit
fa0c1b495c
|
@ -95,6 +95,8 @@ groups:
|
||||||
- graphite[0-9]*.opendev.org
|
- graphite[0-9]*.opendev.org
|
||||||
- insecure-ci-registry[0-9]*.opendev.org
|
- insecure-ci-registry[0-9]*.opendev.org
|
||||||
- keycloak[0-9]*.opendev.org
|
- keycloak[0-9]*.opendev.org
|
||||||
|
- lists.katacontainers.io
|
||||||
|
- lists.openstack.org
|
||||||
- meetpad[0-9]*.opendev.org
|
- meetpad[0-9]*.opendev.org
|
||||||
- mirror[0-9]*.opendev.org
|
- mirror[0-9]*.opendev.org
|
||||||
- nb[0-9]*.opendev.org
|
- nb[0-9]*.opendev.org
|
||||||
|
|
|
@ -58,6 +58,9 @@ exim_transports:
|
||||||
headers_add = Errors-To: ${return_path}
|
headers_add = Errors-To: ${return_path}
|
||||||
extra_users:
|
extra_users:
|
||||||
- jbryce
|
- jbryce
|
||||||
|
letsencrypt_certs:
|
||||||
|
lists-katacontainers-io-main:
|
||||||
|
- lists.katacontainers.io
|
||||||
mailman_multihost: false
|
mailman_multihost: false
|
||||||
mailman_listdomain: 'lists.katacontainers.io'
|
mailman_listdomain: 'lists.katacontainers.io'
|
||||||
mailman_lists:
|
mailman_lists:
|
||||||
|
|
|
@ -102,6 +102,15 @@ exim_transports:
|
||||||
headers_remove = Errors-To
|
headers_remove = Errors-To
|
||||||
max_rcpt = 1
|
max_rcpt = 1
|
||||||
return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
|
return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
|
||||||
|
# We put lists.openstack.org first as it's the current servername
|
||||||
|
letsencrypt_certs:
|
||||||
|
lists-openstack-org-main:
|
||||||
|
- lists.openstack.org
|
||||||
|
- lists.airshipit.org
|
||||||
|
- lists.opendev.org
|
||||||
|
- lists.openinfra.dev
|
||||||
|
- lists.starlingx.io
|
||||||
|
- lists.zuul-ci.org
|
||||||
mailman_multihost: true
|
mailman_multihost: true
|
||||||
mailman_sites:
|
mailman_sites:
|
||||||
- name: airship
|
- name: airship
|
||||||
|
|
|
@ -19,6 +19,7 @@ results:
|
||||||
- webservers
|
- webservers
|
||||||
|
|
||||||
lists.katacontainers.io:
|
lists.katacontainers.io:
|
||||||
|
- letsencrypt
|
||||||
- mailman
|
- mailman
|
||||||
|
|
||||||
logstash-worker02.openstack.org:
|
logstash-worker02.openstack.org:
|
||||||
|
|
|
@ -41,6 +41,13 @@
|
||||||
- name: letsencrypt updated meetpad01-main
|
- name: letsencrypt updated meetpad01-main
|
||||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
|
||||||
|
|
||||||
|
# mailman
|
||||||
|
- name: letsencrypt updated lists-katacontainers-io-main
|
||||||
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||||
|
|
||||||
|
- name: letsencrypt updated lists-openstack-org-main
|
||||||
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||||
|
|
||||||
# Static
|
# Static
|
||||||
- name: letsencrypt updated static01-opendev-org-main
|
- name: letsencrypt updated static01-opendev-org-main
|
||||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||||
|
|
|
@ -260,6 +260,7 @@
|
||||||
- playbooks/zuul/run-lists-post.yaml
|
- playbooks/zuul/run-lists-post.yaml
|
||||||
vars:
|
vars:
|
||||||
run_playbooks:
|
run_playbooks:
|
||||||
|
- playbooks/letsencrypt.yaml
|
||||||
- playbooks/service-lists.yaml
|
- playbooks/service-lists.yaml
|
||||||
# Run this twice to check idempotency
|
# Run this twice to check idempotency
|
||||||
- playbooks/service-lists.yaml
|
- playbooks/service-lists.yaml
|
||||||
|
@ -267,10 +268,12 @@
|
||||||
host-vars:
|
host-vars:
|
||||||
lists.katacontainers.io:
|
lists.katacontainers.io:
|
||||||
host_copy_output:
|
host_copy_output:
|
||||||
|
'/var/log/acme.sh': logs
|
||||||
'/var/log/mailman': logs
|
'/var/log/mailman': logs
|
||||||
lists.openstack.org:
|
lists.openstack.org:
|
||||||
host_copy_output:
|
host_copy_output:
|
||||||
'/etc/aliases.domain': logs_txt
|
'/etc/aliases.domain': logs_txt
|
||||||
|
'/var/log/acme.sh': logs
|
||||||
'/var/log/mailman': logs
|
'/var/log/mailman': logs
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
|
|
Loading…
Reference in New Issue