5392f8a27c
This is the first step in managing the opendev.org cert with LE. We modify gitea01.opendev.org only to request the cert so that if this breaks the other 7 giteas can continue to serve opendev.org. When we are happy with the results we can merge the followup change to update the other 7 giteas. Depends-On: https://review.opendev.org/694182 Change-Id: I9587b8c2896975aa0148cc3d9b37f325a0be8970
270 lines
7.3 KiB
YAML
270 lines
7.3 KiB
YAML
plugin: yamlgroup
|
|
groups:
|
|
adns: adns*.open*.org
|
|
afs: afs[0-9]*.open*.org
|
|
afs-client:
|
|
- review-dev[0-9]*.open*.org
|
|
- mirror[0-9]*.open*.org
|
|
- mirror-update[0-9]*.opendev.org
|
|
- files[0-9]*.open*.org
|
|
- ze[0-9]*.open*.org
|
|
- afsdb*.open*.org
|
|
- afs[0-9]*.open*.org
|
|
afsadmin: mirror-update[0-9]*.openstack.org
|
|
afsdb: afsdb[0-9]*.open*.org
|
|
ask: ask*.open*.org
|
|
# NOTE: By default we keep the backup-server group empty as an
|
|
# emergency escape hatch if a problem were to propage through
|
|
# production servers. However, this also means if you add a server to
|
|
# the "backup" group to be backed up, you should uncomment the
|
|
# "backup-server" group for an Ansible pulse so the users & keys are
|
|
# setup on the server(s). You can submit a follow-on change to revert
|
|
# this at the same time.
|
|
backup:
|
|
- review-dev[0-9]*.open*.org
|
|
# backup-server:
|
|
# - backup[0-9]*.opendev.org
|
|
cacti: cacti[0-9]*.open*.org
|
|
control-plane-clouds:
|
|
- bridge.openstack.org
|
|
disabled:
|
|
- backup01.ord.rax.ci.openstack.org
|
|
- corvustest
|
|
- ethercalc01.openstack.org
|
|
- idp.openstackid.org
|
|
- lists-dev01.openstack.org
|
|
- mirror01.sto2.citycloud.openstack.org
|
|
- wiki-dev01.openstack.org
|
|
- wiki-upgrade-test.openstack.org
|
|
dns:
|
|
- adns*.opendev.org
|
|
- ns*.opendev.org
|
|
eavesdrop: eavesdrop[0-9]*.open*.org
|
|
elasticsearch: elasticsearch[0-9]*.open*.org
|
|
ethercalc: ethercalc*.open*.org
|
|
etherpad: etherpad[0-9]*.open*.org
|
|
etherpad-dev: etherpad-dev[0-9]*.open*.org
|
|
files: files[0-9]*.open*.org
|
|
firehose: firehose[0-9]*.open*.org
|
|
gerrit:
|
|
- review-dev[0-9]*.open*.org
|
|
- review[0-9]*.open*.org
|
|
gitea:
|
|
- gitea[0-9]*.opendev.org
|
|
gitea-lb:
|
|
- gitea-lb[0-9]*.opendev.org
|
|
grafana:
|
|
- grafana[0-9]*.open*.org
|
|
graphite:
|
|
- graphite*.open*.org
|
|
health:
|
|
- health[0-9]*.openstack.org
|
|
kdc:
|
|
- kdc[0-9]*.open*.org
|
|
kubernetes:
|
|
- opendev-k8s*.opendev.org
|
|
letsencrypt:
|
|
- graphite01.opendev.org
|
|
- mirror[0-9]*.opendev.org
|
|
- files[0-9]*.open*.org
|
|
- static.openstack.org
|
|
- gitea01.opendev.org
|
|
- gitea99.opendev.org
|
|
logstash:
|
|
- logstash[0-9]*.open*.org
|
|
logstash-worker:
|
|
- logstash-worker[0-9]*.open*.org
|
|
mailman:
|
|
- lists*.katacontainers.io
|
|
- lists*.open*.org
|
|
mirror:
|
|
- mirror[0-9]*.openstack.org
|
|
mirror_opendev:
|
|
- mirror[0-9]*.opendev.org
|
|
mirror-update:
|
|
- mirror-update[0-9]*.opendev.org
|
|
nodepool:
|
|
- nb[0-9]*.open*.org
|
|
- nl[0-9]*.open*.org
|
|
nodepool-builder:
|
|
- nb[0-9]*.open*.org
|
|
nodepool-launcher:
|
|
- nl[0-9]*.open*.org
|
|
ns:
|
|
- ns[0-9]*.open*.org
|
|
openstackid-dev:
|
|
- openstackid-dev*.openstack.org
|
|
openstackid:
|
|
- openstackid.org
|
|
- openstackid[0-9]*.openstack.org
|
|
paste:
|
|
- paste[0-9]*.open*.org
|
|
pbx:
|
|
- pbx[0-9]*.opendev.org
|
|
puppet:
|
|
- afs[0-9]*.open*.org
|
|
- afsdb[0-9]*.open*.org
|
|
- ask*.open*.org
|
|
- backup[0-9]*.openstack.org
|
|
- cacti[0-9]*.open*.org
|
|
- codesearch[0-9]*.open*.org
|
|
- corvustest
|
|
- eavesdrop[0-9]*.open*.org
|
|
- elasticsearch[0-9]*.open*.org
|
|
- ethercalc[0-9]*.open*.org
|
|
- etherpad-dev[0-9]*.open*.org
|
|
- etherpad[0-9]*.open*.org
|
|
- files[0-9]*.open*.org
|
|
- firehose[0-9]*.open*.org
|
|
- grafana[0-9]*.open*.org
|
|
- graphite*.open*.org
|
|
- health[0-9]*.openstack.org
|
|
- kdc[0-9]*.open*.org
|
|
- lists*.katacontainers.io
|
|
- lists*.open*.org
|
|
- logstash-worker[0-9]*.open*.org
|
|
- logstash[0-9]*.open*.org
|
|
- mirror-update[0-9]*.openstack.org
|
|
- mirror[0-9]*.openstack.org
|
|
- nb[0-9]*.open*.org
|
|
- nl[0-9]*.open*.org
|
|
- openstackid-dev*.openstack.org
|
|
- openstackid.org
|
|
- openstackid[0-9]*.openstack.org
|
|
- paste[0-9]*.open*.org
|
|
- pbx[0-9]*.opendev.org
|
|
- planet[0-9]*.open*.org
|
|
- refstack*.open*.org
|
|
- review-dev[0-9]*.open*.org
|
|
- review[0-9]*.open*.org
|
|
- static*.open*.org
|
|
- status*.open*.org
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
- storyboard[0-9]*.opendev.org
|
|
- subunit-worker[0-9]*.open*.org
|
|
- survey[0-9]*.open*.org
|
|
- translate-dev[0-9]*.open*.org
|
|
- translate[0-9]*.open*.org
|
|
- wiki-dev[0-9]*.openstack.org
|
|
- wiki[0-9]*.openstack.org
|
|
- ze[0-9]*.open*.org
|
|
- zm[0-9]*.open*.org
|
|
- zuul[0-9]*.open*.org
|
|
- zk[0-9]*.open*.org
|
|
puppet4:
|
|
- afs[0-9]*.open*.org
|
|
- afsdb[0-9]*.open*.org
|
|
- ask*.open*.org
|
|
- ask-staging[0-9]*.open*.org
|
|
- cacti[0-9]*.open*.org
|
|
- codesearch[0-9]*.open*.org
|
|
- eavesdrop[0-9]*.open*.org
|
|
- elasticsearch[0-9]*.open*.org
|
|
- ethercalc[0-9]*.open*.org
|
|
- etherpad[0-9]*.open*.org
|
|
- etherpad-dev[0-9]*.open*.org
|
|
- files[0-9]*.open*.org
|
|
- firehose[0-9]*.open*.org
|
|
- grafana[0-9]*.open*.org
|
|
- graphite[0-9]*.open*.org
|
|
- health[0-9]*.openstack.org
|
|
- kdc[0-9]*.open*.org
|
|
- lists*.katacontainers.io
|
|
- lists*.open*.org
|
|
- lists-dev[0-9]*.open*.org
|
|
- logstash-worker[0-9]*.open*.org
|
|
- logstash[0-9]*.open*.org
|
|
- mirror-update[0-9]*.openstack.org
|
|
- ^mirror[0-9].*\..*\.(?!linaro|linaro-london).*\.openstack\.org
|
|
- ^nb(?!03)[0-9]*\.open.*\.org
|
|
- nl[0-9]*.open*.org
|
|
- openstackid[0-9]*.openstack.org
|
|
- openstackid-dev[0-9]*.openstack.org
|
|
- paste[0-9]*.open*.org
|
|
- pbx[0-9]*.opendev.org
|
|
- planet[0-9]*.open*.org
|
|
- refstack*.open*.org
|
|
- review[0-9]*.open*.org
|
|
- review-dev[0-9]*.open*.org
|
|
- static*.open*.org
|
|
- status*.open*.org
|
|
- storyboard[0-9]*.opendev.org
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
- subunit-worker[0-9]*.open*.org
|
|
- survey[0-9]*.open*.org
|
|
- translate[0-9]*.open*.org
|
|
- translate-dev[0-9]*.open*.org
|
|
- wiki[0-9]*.openstack.org
|
|
- wiki-dev[0-9]*.openstack.org
|
|
- ze[0-9]*.open*.org
|
|
- zk[0-9]*.open*.org
|
|
- zm[0-9]*.open*.org
|
|
- zuul01.open*.org
|
|
refstack:
|
|
- refstack*.open*.org
|
|
registry:
|
|
- insecure-ci-registry[0-9]*.opendev.org
|
|
review-dev:
|
|
- review-dev[0-9]*.open*.org
|
|
review:
|
|
- review[0-9]*.open*.org
|
|
static:
|
|
- static*.open*.org
|
|
status:
|
|
- status*.open*.org
|
|
storyboard:
|
|
- storyboard[0-9]*.opendev.org
|
|
storyboard-dev:
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
subunit-worker:
|
|
- subunit-worker[0-9]*.open*.org
|
|
survey:
|
|
- survey[0-9]*.open*.org
|
|
translate-dev:
|
|
- translate-dev[0-9]*.open*.org
|
|
translate:
|
|
- translate[0-9]*.open*.org
|
|
webservers:
|
|
- ask*.open*.org
|
|
- cacti[0-9]*.open*.org
|
|
- codesearch[0-9]*.open*.org
|
|
- eavesdrop[0-9]*.open*.org
|
|
- ethercalc[0-9]*.open*.org
|
|
- etherpad-dev[0-9]*.open*.org
|
|
- etherpad[0-9]*.open*.org
|
|
- files[0-9]*.open*.org
|
|
- grafana[0-9]*.open*.org
|
|
- graphite*.open*.org
|
|
- health[0-9]*.openstack.org
|
|
- nb[0-9]*.open*.org
|
|
- nl[0-9]*.open*.org
|
|
- openstackid-dev*.openstack.org
|
|
- openstackid.org
|
|
- openstackid[0-9]*.openstack.org
|
|
- paste[0-9]*.open*.org
|
|
- planet[0-9]*.open*.org
|
|
- refstack*.open*.org
|
|
- static*.open*.org
|
|
- status*.open*.org
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
- storyboard[0-9]*.opendev.org
|
|
- survey[0-9]*.open*.org
|
|
- translate-dev[0-9]*.open*.org
|
|
- translate[0-9]*.open*.org
|
|
- wiki-dev[0-9]*.openstack.org
|
|
- wiki[0-9]*.openstack.org
|
|
wiki:
|
|
- wiki[0-9]*.openstack.org
|
|
wiki-dev:
|
|
- wiki-dev[0-9]*.openstack.org
|
|
zookeeper:
|
|
- zk[0-9]*.open*.org
|
|
zuul-executor:
|
|
- ze[0-9]*.open*.org
|
|
zuul-merger:
|
|
- zm[0-9]*.open*.org
|
|
zuul-preview:
|
|
- zp[0-9]*.open*.org
|
|
zuul-scheduler:
|
|
- zuul[0-9]*.open*.org
|