7ce0d0fb32
Add this host for serving content from AFS. The _acme-challenge.governance.openstack.org _acme-challenge.security.openstack.org CNAMES should be in place for creating the certificates (added with Ie1b92f06b71aa6069fe831b26ba1cc272ce4562c). Also add a cert for the base server (static.opendev.org) since we added the DNS entries for it. Change-Id: I55e0ac7487b02f9a816ac486ed01b73f82b391a5 Story: #2006598 Task: #37757 Depends-On: https://review.opendev.org/704469
117 lines
4.7 KiB
YAML
117 lines
4.7 KiB
YAML
# Handlers for "letsencrypt update {{ key }}" events
|
|
#
|
|
# Note that because Ansible requires every called handler to have a
|
|
# listener, every host will need to provide a handler somehow.
|
|
#
|
|
# NOTE(ianw): as at 04/2019 it seems that something like
|
|
# listen: letsencrypt updated letsencrypt01-main-service
|
|
# doesn't actually register the handler.
|
|
#
|
|
# NOTE: import_tasks or include can not be used in handlers
|
|
# ("include_tasks" is okay).
|
|
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#imports-as-handlers
|
|
|
|
- name: letsencrypt updated graphite01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt-graphite01-main.stamp'
|
|
|
|
- name: letsencrypt updated tarballs-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul-ci-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul-ci-git
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul-opendev-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated logs-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated insecure-ci-registry01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
|
|
|
|
# Static
|
|
- name: letsencrypt updated static01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-governance-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-security-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Mirrors
|
|
|
|
- name: letsencrypt updated mirror01-dfw-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-iad-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-ord-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-gra1-ovh-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-regionone-fortnebula-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-regionone-linaro-us-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-mtl01-inap-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Gate testing hosts:
|
|
- name: letsencrypt updated letsencrypt01-main-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt01-main-service.stamp'
|
|
|
|
- name: letsencrypt updated letsencrypt01-other-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt01-other-service.stamp'
|
|
|
|
- name: letsencrypt updated letsencrypt02-main-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt02-main-service.stamp'
|
|
|
|
- name: letsencrypt updated mirror01-openafs-provider-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated gitea99-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
# We split out handlers for each gitea host as handlers should be run in order
|
|
# This allows us to do a rolling restart of the gitea backends.
|
|
- name: letsencrypt updated gitea01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea02-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea03-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea04-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea05-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea06-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea07-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea08-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|