diff --git a/manifests/site.pp b/manifests/site.pp index b955a998db..0773d3a210 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -442,6 +442,9 @@ node /^files\d*\.open.*\.org$/ { git_starlingx_cert_file_contents => hiera('git_starlingx_cert_file_contents'), git_starlingx_key_file_contents => hiera('git_starlingx_key_file_contents'), git_starlingx_chain_file_contents => hiera('git_starlingx_chain_file_contents'), + git_zuul_cert_file_contents => hiera('git_zuul_cert_file_contents'), + git_zuul_key_file_contents => hiera('git_zuul_key_file_contents'), + git_zuul_chain_file_contents => hiera('git_zuul_chain_file_contents'), require => Class['Openstack_project::Server'], } @@ -481,22 +484,12 @@ node /^files\d*\.open.*\.org$/ { } openstack_project::website { 'zuul-ci.org': - aliases => ['www.zuul-ci.org', 'zuulci.org', 'www.zuulci.org'], - ssl_cert => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.cer', - ssl_key => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.key', - ssl_intermediate => '/etc/letsencrypt-certs/zuul-ci.org/ca.cer', - require => Class['openstack_project::files'], + aliases => ['www.zuul-ci.org', 'zuulci.org', 'www.zuulci.org'], + ssl_cert_file => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.cer', + ssl_key_file => '/etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.key', + ssl_chain_file => '/etc/letsencrypt-certs/zuul-ci.org/ca.cer', + require => Class['openstack_project::files'], } - - openstack_project::website { 'git.zuul-ci.org': - docroot => "/var/www/git-redirect", - allow_override_list => "Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule", - ssl_cert => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.cer', - ssl_key => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.key', - ssl_intermediate => '/etc/letsencrypt-certs/git.zuul-ci.org/ca.cer', - require => Class['openstack_project::files'], - } - } # Node-OS: trusty diff --git a/modules/openstack_project/manifests/files.pp b/modules/openstack_project/manifests/files.pp index ae4ac9a1b3..724f53f96a 100644 --- a/modules/openstack_project/manifests/files.pp +++ b/modules/openstack_project/manifests/files.pp @@ -17,6 +17,9 @@ class openstack_project::files ( $git_starlingx_cert_file_contents, $git_starlingx_key_file_contents, $git_starlingx_chain_file_contents, + $git_zuul_cert_file_contents, + $git_zuul_key_file_contents, + $git_zuul_chain_file_contents, ) { $afs_root = '/afs/openstack.org/' @@ -327,4 +330,40 @@ class openstack_project::files ( require => File['/etc/ssl/certs'], before => File['/etc/ssl/certs/git.starlingx.io.pem'], } + + ########################################################### + # git.zuul-ci.org + + ::httpd::vhost { 'git.zuul-ci.org': + port => 443, # Is required despite not being used. + docroot => "${www_base}/git-redirect", + priority => '50', + template => 'openstack_project/git-redirect.vhost.erb', + require => File["${www_base}/git-redirect"], + } + file { '/etc/ssl/certs/git.zuul-ci.org.pem': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => $git_zuul_cert_file_contents, + require => File['/etc/ssl/certs'], + } + file { '/etc/ssl/private/git.zuul-ci.org.key': + ensure => present, + owner => 'root', + group => 'root', + mode => '0600', + content => $git_zuul_key_file_contents, + require => File['/etc/ssl/private'], + } + file { '/etc/ssl/certs/git.zuul-ci.org_intermediate.pem': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => $git_zuul_chain_file_contents, + require => File['/etc/ssl/certs'], + before => File['/etc/ssl/certs/git.zuul-ci.org.pem'], + } }