diff --git a/playbooks/host_vars/static01.opendev.org.yaml b/playbooks/host_vars/static01.opendev.org.yaml
index 358ee4e39b..268e7ca24f 100644
--- a/playbooks/host_vars/static01.opendev.org.yaml
+++ b/playbooks/host_vars/static01.opendev.org.yaml
@@ -3,6 +3,14 @@ letsencrypt_certs:
static01-opendev-org-main:
- static.opendev.org
- static01.opendev.org
+ static01-developer-openstack-org:
+ - developer.openstack.org
+ static01-docs-opendev-org:
+ - docs.opendev.org
+ static01-docs-openstack-org:
+ - docs.openstack.org
+ static01-docs-starlingx-io:
+ - docs.starlingx.io
static01-governance-openstack-org:
- governance.openstack.org
static01-service-types-openstack-org:
@@ -17,3 +25,8 @@ letsencrypt_certs:
- tarballs.opendev.org
static01-tarballs-openstack-org:
- tarballs.openstack.org
+ static01-zuul-ci-org:
+ - zuul-ci.org
+ - www.zuul-ci.org
+ - zuulci.org
+ - www.zuulci.org
diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
index 32c717b2bc..e1a7b8efc6 100644
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@@ -38,6 +38,18 @@
- name: letsencrypt updated static01-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+- name: letsencrypt updated static01-developer-openstack-org
+ include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-docs-opendev-org
+ include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-docs-openstack-org
+ include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
+- name: letsencrypt updated static01-docs-starlingx-io
+ include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
- name: letsencrypt updated static01-governance-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
@@ -59,6 +71,9 @@
- name: letsencrypt updated static01-tarballs-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+- name: letsencrypt updated static01-zuul-ci-org
+ include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
# review-dev
- name: letsencrypt updated review-dev01-opendev-org-main
diff --git a/playbooks/roles/static/files/50-developer.openstack.org.conf b/playbooks/roles/static/files/50-developer.openstack.org.conf
new file mode 100755
index 0000000000..502f430505
--- /dev/null
+++ b/playbooks/roles/static/files/50-developer.openstack.org.conf
@@ -0,0 +1,42 @@
+
+ ServerName developer.openstack.org
+
+ RewriteEngine on
+ RewriteRule ^/(.*) https://developer.openstack.org/$1 [last,redirect=permanent]
+
+ ErrorLog /var/log/apache2/developer.openstack.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/developer.openstack.org_access.log combined
+ ServerSignature Off
+
+
+
+
+ ServerName developer.openstack.org
+
+ RewriteEngine on
+
+ SSLCertificateFile /etc/letsencrypt-certs/developer.openstack.org/developer.openstack.org.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/developer.openstack.org/developer.openstack.org.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/developer.openstack.org/ca.cer
+ SSLProtocol All -SSLv2 -SSLv3
+ # Note: this list should ensure ciphers that provide forward secrecy
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+
+ DocumentRoot /afs/openstack.org/developer-docs
+
+ Options Indexes FollowSymLinks MultiViews
+ Satisfy any
+ Require all granted
+ # Allow mod_rewrite rules
+ AllowOverride FileInfo
+ ErrorDocument 404 /errorpage.html
+
+
+ ErrorLog /var/log/apache2/developer.openstack.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/developer.openstack.org_access.log combined
+ ServerSignature Off
+
+
diff --git a/playbooks/roles/static/files/50-docs.opendev.org.conf b/playbooks/roles/static/files/50-docs.opendev.org.conf
new file mode 100755
index 0000000000..288a43208f
--- /dev/null
+++ b/playbooks/roles/static/files/50-docs.opendev.org.conf
@@ -0,0 +1,44 @@
+
+ ServerName docs.opendev.org
+
+ RewriteEngine on
+ RewriteRule ^/(.*) https://docs.opendev.org/$1 [last,redirect=permanent]
+
+ ErrorLog /var/log/apache2/docs.opendev.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/docs.opendev.org_access.log combined
+ ServerSignature Off
+
+
+
+
+ ServerName docs.opendev.org
+
+ RewriteEngine on
+
+ SSLCertificateFile /etc/letsencrypt-certs/docs.opendev.org/docs.opendev.org.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/docs.opendev.org/docs.opendev.org.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/docs.opendev.org/ca.cer
+ SSLProtocol All -SSLv2 -SSLv3
+ # Note: this list should ensure ciphers that provide forward secrecy
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+
+
+ DocumentRoot /afs/openstack.org/project/opendev.org/docs
+
+ Options Indexes FollowSymLinks MultiViews
+ Satisfy any
+ Require all granted
+ AllowOverride None
+ # Allow mod_rewrite rules
+ AllowOverrideList Redirect RedirectMatch
+ ErrorDocument 404 /errorpage.html
+
+
+ ErrorLog /var/log/apache2/docs.opendev.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/docs.opendev.org_access.log combined
+ ServerSignature Off
+
+
diff --git a/playbooks/roles/static/files/50-docs.openstack.org.conf b/playbooks/roles/static/files/50-docs.openstack.org.conf
new file mode 100755
index 0000000000..d9812d5d09
--- /dev/null
+++ b/playbooks/roles/static/files/50-docs.openstack.org.conf
@@ -0,0 +1,43 @@
+
+ ServerName docs.openstack.org
+
+ RewriteEngine on
+ RewriteRule ^/(.*) https://docs.openstack.org/$1 [last,redirect=permanent]
+
+ ErrorLog /var/log/apache2/docs.openstack.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/docs.openstack.org_access.log combined
+ ServerSignature Off
+
+
+
+
+ ServerName docs.openstack.org
+
+ RewriteEngine on
+
+ SSLCertificateFile /etc/letsencrypt-certs/docs.openstack.org/docs.openstack.org.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/docs.openstack.org/docs.openstack.org.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/docs.openstack.org/ca.cer
+ SSLProtocol All -SSLv2 -SSLv3
+ # Note: this list should ensure ciphers that provide forward secrecy
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+
+ DocumentRoot /afs/openstack.org/docs
+
+ Options Indexes FollowSymLinks MultiViews
+ Satisfy any
+ Require all granted
+ AllowOverride None
+ # Allow mod_rewrite rules
+ AllowOverrideList Redirect RedirectMatch
+ ErrorDocument 404 /errorpage.html
+
+
+ ErrorLog /var/log/apache2/docs.openstack.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/docs.openstack.org_access.log combined
+ ServerSignature Off
+
+
diff --git a/playbooks/roles/static/files/50-docs.starlingx.io.conf b/playbooks/roles/static/files/50-docs.starlingx.io.conf
new file mode 100755
index 0000000000..ba666dfe6c
--- /dev/null
+++ b/playbooks/roles/static/files/50-docs.starlingx.io.conf
@@ -0,0 +1,43 @@
+
+ ServerName docs.starlingx.io
+
+ RewriteEngine on
+ RewriteRule ^/(.*) https://docs.starlingx.io/$1 [last,redirect=permanent]
+
+ ErrorLog /var/log/apache2/docs.starlingx.io_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/docs.starlingx.io_access.log combined
+ ServerSignature Off
+
+
+
+
+ ServerName docs.starlingx.io
+
+ RewriteEngine on
+
+ SSLCertificateFile /etc/letsencrypt-certs/docs.starlingx.io/docs.starlingx.io.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/docs.starlingx.io/docs.starlingx.io.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/docs.starlingx.io/ca.cer
+ SSLProtocol All -SSLv2 -SSLv3
+ # Note: this list should ensure ciphers that provide forward secrecy
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+
+ DocumentRoot /afs/openstack.org/project/starlingx.io/www
+
+ Options Indexes FollowSymLinks MultiViews
+ Satisfy any
+ Require all granted
+ AllowOverride None
+ # Allow mod_rewrite rules
+ AllowOverrideList Redirect RedirectMatch
+ ErrorDocument 404 /errorpage.html
+
+
+ ErrorLog /var/log/apache2/docs.starlingx.io_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/docs.starlingx.io_access.log combined
+ ServerSignature Off
+
+
diff --git a/playbooks/roles/static/files/50-zuul-ci.org.conf b/playbooks/roles/static/files/50-zuul-ci.org.conf
new file mode 100755
index 0000000000..de195f3dcb
--- /dev/null
+++ b/playbooks/roles/static/files/50-zuul-ci.org.conf
@@ -0,0 +1,52 @@
+
+ ServerName zuul-ci.org
+ ServerAlias www.zuul-ci.org
+ ServerAlias zuulci.org
+ ServerAlias www.zuulci.org
+
+ RewriteEngine on
+ RewriteRule ^/(.*) https://zuul-ci.org/$1 [last,redirect=permanent]
+
+ ErrorLog /var/log/apache2/zuul-ci.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/zuul-ci.org_access.log combined
+ ServerSignature Off
+
+
+
+
+ ServerName zuul-ci.org
+ ServerAlias www.zuul-ci.org
+ ServerAlias zuulci.org
+ ServerAlias www.zuulci.org
+
+ RewriteEngine on
+
+ SSLEngine on
+ SSLProtocol All -SSLv2 -SSLv3
+ # Once the machine is using something to terminate TLS that supports ECDHE
+ # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
+ # only is guarenteed.
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+ SSLCertificateFile /etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/zuul-ci.org/ca.cer
+
+ DocumentRoot /afs/openstack.org/project/zuul-ci.org/www
+
+ Options Indexes FollowSymLinks MultiViews
+ Satisfy any
+ Require all granted
+ AllowOverride None
+ # Allow mod_rewrite rules
+ AllowOverrideList Redirect RedirectMatch
+ ErrorDocument 404 /errorpage.html
+
+
+ ErrorLog /var/log/apache2/zuul-ci.org_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/zuul-ci.org_access.log combined
+ ServerSignature Off
+
+
diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml
index 15d9d8023e..5263d312b9 100644
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@@ -59,6 +59,10 @@
include_tasks: enable_site.yaml
loop:
- 00-static.opendev.org
+ - 50-developer.openstack.org
+ - 50-docs.opendev.org
+ - 50-docs.openstack.org
+ - 50-docs.starlingx.io
- 50-governance.openstack.org
- 50-security.openstack.org
- 50-service-types.openstack.org
@@ -66,3 +70,4 @@
- 50-releases.openstack.org
- 50-tarballs.opendev.org
- 50-tarballs.openstack.org
+ - 50-zuul-ci.org
diff --git a/testinfra/test_static.py b/testinfra/test_static.py
index 243206c491..b3029bf59c 100644
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
+import pytest
testinfra_hosts = ['static01.opendev.org']
@@ -71,3 +72,45 @@ def test_releases_openstack_org(host):
'--resolve releases.openstack.org:443:127.0.0.1 '
'https://releases.openstack.org')
assert 'OpenStack Releases: OpenStack Releases' in cmd.stdout
+
+def test_developer_openstack_org(host):
+ cmd = host.run('curl --insecure '
+ '--resolve developer.openstack.org:443:127.0.0.1 '
+ 'https://developer.openstack.org')
+ assert 'OpenStack Docs: Application Development' in cmd.stdout
+
+def test_docs_openstack_org(host):
+ cmd = host.run('curl --insecure '
+ '--resolve docs.openstack.org:443:127.0.0.1 '
+ 'https://docs.openstack.org')
+ # links to the latest, make sure it redirected us
+ assert '301 Moved Permanently' in cmd.stdout
+
+def test_docs_opendev_org(host):
+ cmd = host.run('curl --insecure '
+ '--resolve docs.opendev.org:443:127.0.0.1 '
+ 'https://docs.opendev.org')
+ assert 'Index of /' in cmd.stdout
+
+def test_docs_starlingx_io(host):
+ cmd = host.run('curl --insecure '
+ '--resolve docs.starlingx.io:443:127.0.0.1 '
+ 'https://docs.starlingx.io')
+ # links to the latest, make sure it redirected us
+ assert 'StarlingX Docs: Welcome to the StarlingX Documentation' \
+ in cmd.stdout
+
+zuul_names = (
+ 'zuul-ci.org',
+ 'www.zuul-ci.org',
+ 'zuulci.org',
+ 'www.zuulci.org',
+)
+
+@pytest.mark.parametrize("name", zuul_names)
+def test_docs_openstack_org(host, name):
+
+ cmd = host.run('curl --insecure '
+ '--resolve %s:443:127.0.0.1 https://%s/ ' %
+ (name, name))
+ assert 'Zuul is an open source CI tool' in cmd.stdout