From f80688f0ef1121ab3953035bf977cca43c57009e Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Thu, 22 Oct 2015 17:38:33 +0000
Subject: [PATCH] Add HTTPS for trystack.openstack.org

Add HTTPS for trystack.openstack.org and incorporate ServerAlias
support into the static-http-and-https and static-https-redirect
vhost templates.

Change-Id: I7c3ab22485689bf22dfe706fa7b0f6777604db25
---
 modules/openstack_project/manifests/static.pp | 14 +++++---
 .../templates/static-http-and-https.vhost.erb |  9 ++++++
 .../templates/static-https-redirect.vhost.erb |  5 +++
 .../templates/trystack.vhost.erb              | 32 -------------------
 4 files changed, 24 insertions(+), 36 deletions(-)
 delete mode 100644 modules/openstack_project/templates/trystack.vhost.erb

diff --git a/modules/openstack_project/manifests/static.pp b/modules/openstack_project/manifests/static.pp
index 0f6081e7bf..4133e21aff 100644
--- a/modules/openstack_project/manifests/static.pp
+++ b/modules/openstack_project/manifests/static.pp
@@ -316,12 +316,18 @@ class openstack_project::static (
   # Trystack
 
   ::httpd::vhost { 'trystack.openstack.org':
-    port          => 80,
-    priority      => '50',
+    port          => 443, # Is required despite not being used.
     docroot       => '/opt/trystack',
-    template      => 'openstack_project/trystack.vhost.erb',
+    priority      => '50',
+    ssl           => true,
+    template      => 'openstack_project/static-http-and-https.vhost.erb',
+    vhost_name    => 'trystack.openstack.org',
     serveraliases => ['trystack.org', 'www.trystack.org'],
-    require       => Vcsrepo['/opt/trystack'],
+    require       => [
+      Vcsrepo['/opt/trystack'],
+      File[$cert_file],
+      File[$key_file],
+    ],
   }
 
   vcsrepo { '/opt/trystack':
diff --git a/modules/openstack_project/templates/static-http-and-https.vhost.erb b/modules/openstack_project/templates/static-http-and-https.vhost.erb
index 360c627d7e..83a7403cb1 100644
--- a/modules/openstack_project/templates/static-http-and-https.vhost.erb
+++ b/modules/openstack_project/templates/static-http-and-https.vhost.erb
@@ -4,6 +4,15 @@
 
 <VirtualHost *:80>
   ServerName <%= @vhost_name %>
+<% if @serveraliases.is_a? Array -%>
+  # Permanently redirect these ServerAlias entries to ServerName
+<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
+<% elsif @serveraliases != '' -%>
+<%= " ServerAlias #{@serveraliases}" %>
+  RewriteEngine On
+  RewriteCond %{HTTP_HOST} !<%= @vhost_name %>$ [NC]
+  RewriteRule ^/(.*)$ http://<%= @vhost_name %>/$1 [L,R=301]
+<% end -%>
   DocumentRoot <%= @docroot %>
   <Directory <%= @docroot %>>
     Options Indexes FollowSymLinks MultiViews
diff --git a/modules/openstack_project/templates/static-https-redirect.vhost.erb b/modules/openstack_project/templates/static-https-redirect.vhost.erb
index f90d351fcc..c7fe1f4d31 100644
--- a/modules/openstack_project/templates/static-https-redirect.vhost.erb
+++ b/modules/openstack_project/templates/static-https-redirect.vhost.erb
@@ -4,6 +4,11 @@
 
 <VirtualHost *:80>
   ServerName <%= @vhost_name %>
+<% if @serveraliases.is_a? Array -%>
+<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
+<% elsif @serveraliases != '' -%>
+<%= " ServerAlias #{@serveraliases}" %>
+<% end -%>
   RewriteEngine On
   RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
   LogLevel warn
diff --git a/modules/openstack_project/templates/trystack.vhost.erb b/modules/openstack_project/templates/trystack.vhost.erb
deleted file mode 100644
index 3af5caaa89..0000000000
--- a/modules/openstack_project/templates/trystack.vhost.erb
+++ /dev/null
@@ -1,32 +0,0 @@
-# ************************************
-# Managed by Puppet
-# ************************************
-
-NameVirtualHost <%= @vhost_name %>:<%= @port %>
-<VirtualHost <%= @vhost_name %>:<%= @port %>>
-  ServerName <%= @srvname %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif @serveraliases != '' -%>
-<%= " ServerAlias #{@serveraliases}" %>
-<% end -%>
-
-  # NOTE(pabelanger): Rewrite any valid serveraliases to srvname.
-  RewriteEngine On
-  RewriteCond %{HTTP_HOST} !<%= @srvname %>$ [NC]
-  RewriteRule ^/(.*)$ http://<%= @srvname %>/$1 [L,R=301]
-
-  DocumentRoot <%= @docroot %>
-  <Directory <%= @docroot %>>
-    Options <%= @options %>
-    AllowOverride None
-    Order allow,deny
-    allow from all
-    Satisfy Any
-  </Directory>
-
-  ErrorLog /var/log/apache2/<%= @name %>_error.log
-  LogLevel warn
-  CustomLog /var/log/apache2/<%= @name %>_access.log combined
-  ServerSignature Off
-</VirtualHost>