From 047eae459d8265d5760e647226bcf91ebfba1c8e Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Fri, 21 Feb 2020 10:14:05 +1100
Subject: [PATCH] static: add releases.openstack.org site
This adds the site to publish from
/afs/openstack.org/project/releases.openstack.org
Change-Id: Ia91deb9a51441ac9974137ed39fc5a185689a11c
Task: #37724
Story: #2006598
---
playbooks/host_vars/static01.opendev.org.yaml | 2 +
.../handlers/main.yaml | 3 ++
.../files/50-releases.openstack.org.conf | 41 +++++++++++++++++++
playbooks/roles/static/tasks/main.yaml | 16 ++++++++
testinfra/test_static.py | 10 ++++-
5 files changed, 70 insertions(+), 2 deletions(-)
create mode 100755 playbooks/roles/static/files/50-releases.openstack.org.conf
diff --git a/playbooks/host_vars/static01.opendev.org.yaml b/playbooks/host_vars/static01.opendev.org.yaml
index 0dfb5392d6..358ee4e39b 100644
--- a/playbooks/host_vars/static01.opendev.org.yaml
+++ b/playbooks/host_vars/static01.opendev.org.yaml
@@ -11,6 +11,8 @@ letsencrypt_certs:
- security.openstack.org
static01-specs-openstack-org:
- specs.openstack.org
+ static01-releases-openstack-org:
+ - releases.openstack.org
static01-tarballs-opendev-org:
- tarballs.opendev.org
static01-tarballs-openstack-org:
diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
index 758b196aa1..32c717b2bc 100644
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@@ -50,6 +50,9 @@
- name: letsencrypt updated static01-security-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+- name: letsencrypt updated static01-releases-openstack-org
+ include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
- name: letsencrypt updated static01-tarballs-opendev-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
diff --git a/playbooks/roles/static/files/50-releases.openstack.org.conf b/playbooks/roles/static/files/50-releases.openstack.org.conf
new file mode 100755
index 0000000000..d55221abc0
--- /dev/null
+++ b/playbooks/roles/static/files/50-releases.openstack.org.conf
@@ -0,0 +1,41 @@
+Define AFS_ROOT /afs/openstack.org/project/releases.openstack.org
+
+<VirtualHost *:80>
+ ServerName releases.openstack.org
+ RewriteEngine On
+ RewriteRule ^/(.*) https://releases.openstack.org/$1 [last,redirect=permanent]
+ LogLevel warn
+ ErrorLog /var/log/apache2/releases.openstack.org_error.log
+ CustomLog /var/log/apache2/releases.openstack.org_access.log combined
+ ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+
+ ServerName releases.openstack.org
+
+ DocumentRoot ${AFS_ROOT}
+
+ SSLCertificateFile /etc/letsencrypt-certs/releases.openstack.org/releases.openstack.org.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/releases.openstack.org/releases.openstack.org.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/releases.openstack.org/ca.cer
+ SSLProtocol All -SSLv2 -SSLv3
+ # Note: this list should ensure ciphers that provide forward secrecy
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+
+ <Directory ${AFS_ROOT}>
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverrideList Redirect RedirectMatch
+ Satisfy Any
+ Require all granted
+ </Directory>
+
+ LogLevel warn
+ ErrorLog /var/log/apache2/releases.openstack.org_error.log
+ CustomLog /var/log/apache2/releases.openstack.org_access.log combined
+ ServerSignature Off
+
+</VirtualHost>
+</IfModule>
diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml
index 7da1063217..ccac282f98 100644
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@@ -167,3 +167,19 @@
creates: /etc/apache2/sites-enabled/50-service-types.openstack.org
notify:
- Reload apache2
+
+# releases.openstack.org
+- name: Install releases.openstack.org
+ copy:
+ src: 50-releases.openstack.org.conf
+ dest: /etc/apache2/sites-available/
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Enable releases.openstack.org
+ command: a2ensite 50-releases.openstack.org
+ args:
+ creates: /etc/apache2/sites-enabled/50-releases.openstack.org
+ notify:
+ - Reload apache2
diff --git a/testinfra/test_static.py b/testinfra/test_static.py
index d60c9432a6..243206c491 100644
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@@ -54,14 +54,20 @@ def test_tarballs_opendev_org(host):
# An old file that should be present
assert 'nova-12.0.0.tar.gz' in cmd.stdout
-def test_specs_opendev_org(host):
+def test_specs_openstack_org(host):
cmd = host.run('curl --insecure '
'--resolve specs.openstack.org:443:127.0.0.1 '
'https://specs.openstack.org/specs.opml')
assert 'OpenStack Specs Feeds' in cmd.stdout
-def test_service_types_opendev_org(host):
+def test_service_types_openstack_org(host):
cmd = host.run('curl --insecure '
'--resolve service-types.openstack.org:443:127.0.0.1 '
'https://service-types.openstack.org')
assert 'OpenStack Service Types Authority Data' in cmd.stdout
+
+def test_releases_openstack_org(host):
+ cmd = host.run('curl --insecure '
+ '--resolve releases.openstack.org:443:127.0.0.1 '
+ 'https://releases.openstack.org')
+ assert 'OpenStack Releases: OpenStack Releases' in cmd.stdout