opendev
/
system-config
Code Issues Proposed changes
system-config/playbooks
History
Jeremy Stanley 49643313d7 Redirect all Mailman sites from HTTP to HTTPS 
For the past six months, all our mailing list sites have supported
HTTPS without incident. The main downside to the current
implementation is that Mailman itself writes some URLs with an
explicit scheme, causing people submitting forms from pages served
over HTTPS to get warnings because the forms are posting to plain
HTTP URLs for the same site. In order to correct this, we need to
tell Mailman to put https:// instead of http:// into these, but
doing so essentially eliminates any reason for us to continue
serving content over plain HTTP anyway.

Configure the default URL scheme of all our Mailman sites to use
HTTPS now, and set up permanent redirects from HTTP to HTTPS, per
the examples in the project's documentation:

https://wiki.list.org/DOC/4.27%20Securing%20Mailman%27s%20web%20GUI%20by%20using%20Secure%20HTTP-SSL%20%28HTTPS%29

Also update our testinfra functions to validate the blanket
redirects and perform all other testing over HTTPS.

Once this merges, the fix_url script will need to be run manually
against all lists for the current sites, as noted in that document.

Change-Id: I366bc915685fb47ef723f29d16211a2550e02e34
 		2022-07-01 19:16:00 +00:00
..
filter_plugins dns_[a|aaaa] filter; use host for lookup 2018-09-13 22:50:40 +10:00
group_vars Stop checking the OpenStackID HTTPS cert 2022-03-17 02:51:39 +00:00
k8s Add resources for deploying rook and xtradb to kuberenets 2019-02-05 18:52:21 +00:00
module_utils/facts/system Ensure apt is used on ubuntu hosts with zypper 2018-08-20 20:45:13 +00:00
periodic Remove old 404 checker job 2020-03-11 15:15:00 -07:00
roles Redirect all Mailman sites from HTTP to HTTPS 2022-07-01 19:16:00 +00:00
templates/clouds Remove airship-kna1 from bridge clouds.yaml 2022-03-01 11:54:53 -08:00
zuul Add Gerrit 3.5 to 3.6 upgrade testing 2022-06-22 10:58:17 -07:00
apply-package-updates.yaml Apply package updates before we reboot in launch-node 2019-02-26 14:17:23 -08:00
base.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
bootstrap-bridge.yaml Rename install-ansible to bootstrap-bridge 2021-12-07 16:24:53 +11:00
bootstrap-k8s-nodes.yaml Stop running k8s-on-openstack nested 2019-02-12 18:17:46 +00:00
gitea-rename-setup-org.yaml Restore setup-org.yaml 2019-09-18 12:40:19 -07:00
gitea-rename-tasks.yaml Use the gitea api in the gitea renaming playbook 2021-08-03 08:47:16 -07:00
install_puppet.yaml Handle moved puppet repos 2019-05-15 16:03:07 -07:00
letsencrypt.yaml Rename service-letsencrypt to just letsencrypt 2020-06-04 07:44:36 -05:00
manage-projects.yaml Add comments to manage-projects about project-config syncing 2021-10-21 11:44:02 -07:00
nodepool_pull.yaml Add pull tasks for nodepool/zuul 2021-02-19 15:42:40 -08:00
nodepool_restart.yaml Add stop and start playbooks for nodepool 2020-06-16 15:48:47 -05:00
nodepool_start.yaml Remove nodepool builder puppetry and nb03.openstack.org 2020-09-09 15:09:43 -07:00
nodepool_stop.yaml Remove nodepool builder puppetry and nb03.openstack.org 2020-09-09 15:09:43 -07:00
remote_puppet_adhoc.yaml Clean up puppet variables and playbooks 2018-08-17 09:41:12 -05:00
remote_puppet_else.yaml Cleanup eavesdrop puppet references 2021-06-10 09:02:23 +10:00
rename_repos.yaml Replace zuul cli command with zuul-admin 2022-06-10 09:14:34 +02:00
run-accessbot.yaml Sync project-config before deploying accessbot 2021-07-09 23:15:52 +00:00
run_cloud_launcher.yaml Use zuul checkouts of ansible roles from other repos 2020-04-30 12:39:12 -05:00
service-afs.yaml Refactor AFS groups 2021-02-11 13:35:16 +11:00
service-borg-backup.yaml service-borg-backup: preload backup server facts 2021-02-23 13:04:20 +11:00
service-bridge.yaml Fix zuul reboot playbook flock location 2022-06-27 09:03:50 -07:00
service-codesearch.yaml encrypt-logs: turn on for all prod playbooks 2022-02-24 09:57:55 +11:00
service-dstatlogger.yaml Use dstat to record performance of system-config-run hosts 2021-02-16 14:31:30 -08:00
service-eavesdrop.yaml ptgbot: setup web interface 2021-10-06 15:39:25 +11:00
service-etherpad.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-gitea-lb.yaml Make haproxy role more generic 2021-12-01 09:55:45 +11:00
service-gitea.yaml Use the apache-ua-filter role on Gitea servers 2020-10-16 17:45:19 +00:00
service-grafana.yaml Cleanup grafana.openstack.org 2020-10-29 07:59:42 +11:00
service-graphite.yaml Cleanup graphite01 2020-09-30 11:55:24 +10:00
service-kerberos.yaml kerberos-kdc: role to manage Kerberos KDC servers 2021-03-17 08:30:52 +11:00
service-keycloak.yaml Add a keycloak server 2021-12-03 14:17:23 -08:00
service-lists.yaml Ansible mailman configs 2021-05-11 08:40:01 -07:00
service-meetpad.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-mirror-update.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-mirror.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-nameserver.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-nodepool.yaml Auto update nodepool launchers 2022-06-16 08:23:17 -07:00
service-paste.yaml Remove paste01.openstack.org 2021-07-15 23:25:10 +00:00
service-refstack.yaml refstack: cleanup old puppet 2021-03-17 07:06:53 +11:00
service-registry.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-review.yaml Switch router addresses for review02 to global 2021-12-17 16:32:59 +01:00
service-static.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-zookeeper.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-zuul-lb.yaml Add Zuul load balancer 2022-02-10 13:24:42 -08:00
service-zuul-preview.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-zuul.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
set-hostnames.yaml Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00
start-mergers-executors.yaml Update zuul-executor stop/start playbook 2020-07-17 16:18:26 -07:00
stop-mergers-executors.yaml Update zuul-executor stop/start playbook 2020-07-17 16:18:26 -07:00
sync-gitea-projects.yaml Revert "Allow gitea_create_repos always_update to be list" 2021-10-15 13:03:59 -07:00
test-borg-backup.yaml borg-backup: implement saving a stream, use for database backups 2021-02-03 11:43:12 +11:00
test-codesearch.yaml hound: enable detect-ref 2022-02-25 17:27:35 +11:00
test-gitea.yaml Update our gitea test to handle new git behavior 2022-04-13 13:07:13 -07:00
test-grafana.yaml grafana: take some screenshots during testing 2021-02-17 10:43:26 +11:00
test-kerberos.yaml kerberos-kdc: role to manage Kerberos KDC servers 2021-03-17 08:30:52 +11:00
test-lists.yaml Restart mailman services when testing 2021-12-15 17:42:55 +00:00
test-manage-projects.yaml Don't always update gitea project descriptions 2021-03-16 13:06:16 -07:00
test-paste.yaml Remove paste01.openstack.org 2021-07-15 23:25:10 +00:00
test-update-zuul-description.yaml Update gitea project descriptions 2020-09-23 14:33:26 -07:00
unattended_upgrades.yml Rename attended_upgrades playbook to unattended_upgrades 2016-07-19 10:41:09 +02:00
update_puppet_version.yaml Fix URLs after OpenDev rename 2020-03-18 18:23:17 +01:00
zuul_pull.yaml Add pull tasks for nodepool/zuul 2021-02-19 15:42:40 -08:00
zuul_reboot.yaml Fix zuul reboot playbook flock location 2022-06-27 09:03:50 -07:00
zuul_reconfigure.yaml Stub out zuul_reconfigure playbook 2018-09-14 09:17:36 -06:00
zuul_restart.yaml Rework zuul start/stop/restart playbooks for docker 2020-04-27 09:34:50 -05:00
zuul_rolling_restart.yaml Add the start of a Zuul rolling restart playbook 2022-05-25 09:48:28 -07:00
zuul_start.yaml Run zuul-web on zuul01 and add to load balancer 2022-03-04 13:11:09 -08:00
zuul_stop.yaml Run zuul-web on zuul01 and add to load balancer 2022-03-04 13:11:09 -08:00