From 1fbd1566975e28d58a360aa9ed0eeb4cc1d15e3e Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Mon, 24 May 2021 18:24:56 +1000 Subject: [PATCH] ask.openstack.org static site We have decided to decommision the ask.openstack.org server as it is running EOL Xenial, and its manually purchased certiface is about to expire. Although it has been deprecated for some time, we feel like it has been around long-enough as a resource that it is best if we replace it with a place-holder. The links included here are the same as the currently shown header explaining the site is read-only. There's nowhere particularly relevant to redirect the site, so we add a static file here, and some minimal Ansible to put it in the right place in a generic way in-case we want to do the same for another service. Change-Id: I8a31f8fcf9b3064c0ae58e463a6014dc14b518a7 --- .../host_vars/static01.opendev.org.yaml | 2 + .../handlers/main.yaml | 3 ++ .../static/files/50-ask.openstack.org.conf | 40 +++++++++++++++++++ .../static/files/ask.openstack.org/index.html | 30 ++++++++++++++ .../static/tasks/50-ask.openstack.org.yaml | 15 +++++++ playbooks/roles/static/tasks/enable_site.yaml | 16 +++++--- playbooks/roles/static/tasks/main.yaml | 3 ++ testinfra/test_static.py | 6 +++ 8 files changed, 110 insertions(+), 5 deletions(-) create mode 100644 playbooks/roles/static/files/50-ask.openstack.org.conf create mode 100644 playbooks/roles/static/files/ask.openstack.org/index.html create mode 100644 playbooks/roles/static/tasks/50-ask.openstack.org.yaml diff --git a/inventory/service/host_vars/static01.opendev.org.yaml b/inventory/service/host_vars/static01.opendev.org.yaml index 086f3a8127..a200108c80 100644 --- a/inventory/service/host_vars/static01.opendev.org.yaml +++ b/inventory/service/host_vars/static01.opendev.org.yaml @@ -4,6 +4,8 @@ letsencrypt_certs: - static01.opendev.org - files.openstack.org - static.openstack.org + static01-ask-openstack-org: + - ask.openstack.org static01-docs-airshipit-org: - docs.airshipit.org static01-ci-openstack-org: diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index 7a276cd8f7..02d2add388 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -39,6 +39,9 @@ - name: letsencrypt updated static01-opendev-org-main include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-ask-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + - name: letsencrypt updated static01-docs-airshipit-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml diff --git a/playbooks/roles/static/files/50-ask.openstack.org.conf b/playbooks/roles/static/files/50-ask.openstack.org.conf new file mode 100644 index 0000000000..dba603e3b3 --- /dev/null +++ b/playbooks/roles/static/files/50-ask.openstack.org.conf @@ -0,0 +1,40 @@ + + ServerName ask.openstack.org + RewriteEngine On + RewriteRule ^/(.*) https://ask.openstack.org/$1 [last,redirect=permanent] + LogLevel warn + ErrorLog /var/log/apache2/ask.openstack.org_error.log + CustomLog /var/log/apache2/ask.openstack.org_access.log combined + ServerSignature Off + + + + + + ServerName ask.openstack.org + + DocumentRoot /var/www/ask.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/ask.openstack.org/ask.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/ask.openstack.org/ask.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/ask.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + Use UserAgentFilter + + + Options Indexes FollowSymLinks MultiViews + AllowOverrideList Redirect RedirectMatch + Require all granted + + + LogLevel warn + ErrorLog /var/log/apache2/ask.openstack.org_error.log + CustomLog /var/log/apache2/ask.openstack.org_access.log combined + ServerSignature Off + + + diff --git a/playbooks/roles/static/files/ask.openstack.org/index.html b/playbooks/roles/static/files/ask.openstack.org/index.html new file mode 100644 index 0000000000..d1caa7b67a --- /dev/null +++ b/playbooks/roles/static/files/ask.openstack.org/index.html @@ -0,0 +1,30 @@ + + + + + + + ask.openstack.org + + + + + + +

ask.openstack.org

+ +

The ask.openstack.org site was shutdown in May 2021.

+ +

The following options are available for community-based support.

+ + + + + + diff --git a/playbooks/roles/static/tasks/50-ask.openstack.org.yaml b/playbooks/roles/static/tasks/50-ask.openstack.org.yaml new file mode 100644 index 0000000000..8d1f25cdad --- /dev/null +++ b/playbooks/roles/static/tasks/50-ask.openstack.org.yaml @@ -0,0 +1,15 @@ +- name: Create ask directory + file: + path: /var/www/ask.openstack.org + state: directory + owner: www-data + group: www-data + mode: 0755 + +- name: Copy ask index.html + copy: + src: 'ask.openstack.org/index.html' + dest: '/var/www/ask.openstack.org/index.html' + owner: www-data + group: www-data + mode: 0644 diff --git a/playbooks/roles/static/tasks/enable_site.yaml b/playbooks/roles/static/tasks/enable_site.yaml index 273ef93069..ebdd926bf5 100644 --- a/playbooks/roles/static/tasks/enable_site.yaml +++ b/playbooks/roles/static/tasks/enable_site.yaml @@ -1,14 +1,20 @@ -- name: Add {{ item }} configuration +- name: Check for deployment tasks + include_tasks: "{{ _dt }}" + when: _dt != "" + vars: + _dt: "{{ lookup('first_found', dict(files=[config+'.yaml']), errors='ignore') }}" + +- name: Add {{ config }} configuration copy: - src: '{{ item }}.conf' + src: '{{ config }}.conf' dest: /etc/apache2/sites-available/ owner: root group: root mode: 0644 -- name: 'Enable {{ item }}' - command: 'a2ensite {{ item }}' +- name: 'Enable {{ config }}' + command: 'a2ensite {{ config }}' args: - creates: '/etc/apache2/sites-enabled/{{ item }}' + creates: '/etc/apache2/sites-enabled/{{ config }}' notify: - Reload apache2 diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml index a3f10c6bc8..5dbde6c35e 100644 --- a/playbooks/roles/static/tasks/main.yaml +++ b/playbooks/roles/static/tasks/main.yaml @@ -79,6 +79,7 @@ include_tasks: enable_site.yaml loop: - 00-static.opendev.org + - 50-ask.openstack.org - 50-ci.openstack.org - 50-cinder.openstack.org - 50-developer.openstack.org @@ -102,6 +103,8 @@ - 50-tarballs.opendev.org - 50-tarballs.openstack.org - 50-zuul-ci.org + loop_control: + loop_var: config - name: Enable git sites include_tasks: enable_git_site.yaml diff --git a/testinfra/test_static.py b/testinfra/test_static.py index 67f5f79c74..ddf118f9fa 100644 --- a/testinfra/test_static.py +++ b/testinfra/test_static.py @@ -42,6 +42,12 @@ def test_static_opendev_org(host, name): (name, name)) assert 'Index of /' in cmd.stdout +def test_ask_openstack_org(host): + cmd = host.run('curl --insecure ' + '--resolve ask.openstack.org:443:127.0.0.1 ' + 'https://ask.openstack.org/') + assert 'ask.openstack.org' in cmd.stdout + def test_docs_airshipit_org(host): cmd = host.run('curl --insecure ' '--resolve docs.airshipit.org:443:127.0.0.1 '