From d961b6d0d4545e253d44455e3d061146f4bb34e9 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 27 Feb 2020 11:27:30 +1100 Subject: [PATCH] static: implement legacy redirect sites This is a slight divergence from the accepted spec, where we were going to implement these redirects via a new haproxy instance (I961456d44a56f2334d3c94ef27e408f27409cd65). We've decided it's easier to keep them on static.opendev.org The following sites are configured to redirect to whatever they are redirecting to now on static.opendev.org: * devstack.org * www.devstack.org * ci.openstack.org * cinder.openstack.org * glance.openstack.org * horizon.openstack.org * keystone.openstack.org * nova.openstack.org * qa.openstack.org * summit.openstack.org * swift.openstack.org As a bonus, they all get a https instance too, which they didn't have before. testinfra coverage should be total for this change. I have created the _acme-challange CNAME records for all the above. Story: #2006598 Task: #38881 Change-Id: I3f1fc108e7bb1c9500ad4d1a51df13bb4ae00cb9 --- playbooks/host_vars/static01.opendev.org.yaml | 21 +++++++ .../handlers/main.yaml | 30 ++++++++++ .../static/files/00-static.opendev.org.conf | 0 .../static/files/50-ci.openstack.org.conf | 43 ++++++++++++++ .../static/files/50-cinder.openstack.org.conf | 31 ++++++++++ .../files/50-developer.openstack.org.conf | 0 .../roles/static/files/50-devstack.org.conf | 33 +++++++++++ .../static/files/50-docs.opendev.org.conf | 0 .../static/files/50-docs.openstack.org.conf | 0 .../static/files/50-docs.starlingx.io.conf | 0 .../static/files/50-glance.openstack.org.conf | 31 ++++++++++ .../files/50-governance.openstack.org.conf | 0 .../files/50-horizon.openstack.org.conf | 31 ++++++++++ .../files/50-keystone.openstack.org.conf | 31 ++++++++++ .../static/files/50-nova.openstack.org.conf | 31 ++++++++++ .../static/files/50-qa.openstack.org.conf | 31 ++++++++++ .../files/50-releases.openstack.org.conf | 0 .../files/50-security.openstack.org.conf | 0 .../files/50-service-types.openstack.org.conf | 0 .../static/files/50-specs.openstack.org.conf | 0 .../static/files/50-summit.openstack.org.conf | 31 ++++++++++ .../static/files/50-swift.openstack.org.conf | 31 ++++++++++ .../static/files/50-tarballs.opendev.org.conf | 0 .../files/50-tarballs.openstack.org.conf | 0 .../roles/static/files/50-zuul-ci.org.conf | 0 playbooks/roles/static/tasks/enable_site.yaml | 2 +- playbooks/roles/static/tasks/main.yaml | 10 ++++ testinfra/test_static.py | 59 +++++++++++++++++++ 28 files changed, 445 insertions(+), 1 deletion(-) mode change 100755 => 100644 playbooks/roles/static/files/00-static.opendev.org.conf create mode 100644 playbooks/roles/static/files/50-ci.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-cinder.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-developer.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-devstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-docs.opendev.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-docs.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-docs.starlingx.io.conf create mode 100644 playbooks/roles/static/files/50-glance.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-governance.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-horizon.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-keystone.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-nova.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-qa.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-releases.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-security.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-service-types.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-specs.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-summit.openstack.org.conf create mode 100644 playbooks/roles/static/files/50-swift.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-tarballs.opendev.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-tarballs.openstack.org.conf mode change 100755 => 100644 playbooks/roles/static/files/50-zuul-ci.org.conf diff --git a/playbooks/host_vars/static01.opendev.org.yaml b/playbooks/host_vars/static01.opendev.org.yaml index af09a50b53..23bbe0996b 100644 --- a/playbooks/host_vars/static01.opendev.org.yaml +++ b/playbooks/host_vars/static01.opendev.org.yaml @@ -5,14 +5,23 @@ letsencrypt_certs: - static01.opendev.org - files.openstack.org - static.openstack.org + static01-ci-openstack-org: + - ci.openstack.org + static01-cinder-openstack-org: + - cinder.openstack.org static01-developer-openstack-org: - developer.openstack.org + static01-devstack-org: + - devstack.org + - www.devstack.org static01-docs-opendev-org: - docs.opendev.org static01-docs-openstack-org: - docs.openstack.org static01-docs-starlingx-io: - docs.starlingx.io + static01-glance-openstack-org: + - glance.openstack.org static01-git-airshipit-org: - git.airshipit.org static01-git-openstack-org: @@ -23,12 +32,24 @@ letsencrypt_certs: - git.zuul-ci.org static01-governance-openstack-org: - governance.openstack.org + static01-horizon-openstack-org: + - horizon.openstack.org + static01-keystone-openstack-org: + - keystone.openstack.org + static01-nova-openstack-org: + - nova.openstack.org + static01-qa-openstack-org: + - qa.openstack.org static01-service-types-openstack-org: - service-types.openstack.org static01-security-openstack-org: - security.openstack.org static01-specs-openstack-org: - specs.openstack.org + static01-summit-openstack-org: + - summit.openstack.org + static01-swift-openstack-org: + - swift.openstack.org static01-releases-openstack-org: - releases.openstack.org static01-tarballs-opendev-org: diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index 6197422e53..ce67b9f2b3 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -38,9 +38,18 @@ - name: letsencrypt updated static01-opendev-org-main include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-ci-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + +- name: letsencrypt updated static01-cinder-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + - name: letsencrypt updated static01-developer-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-devstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + - name: letsencrypt updated static01-docs-opendev-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml @@ -50,6 +59,9 @@ - name: letsencrypt updated static01-docs-starlingx-io include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-glance-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + - name: letsencrypt updated static01-git-airshipit-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml @@ -65,6 +77,18 @@ - name: letsencrypt updated static01-governance-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-horizon-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + +- name: letsencrypt updated static01-keystone-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + +- name: letsencrypt updated static01-nova-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + +- name: letsencrypt updated static01-qa-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + - name: letsencrypt updated static01-service-types-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml @@ -74,6 +98,12 @@ - name: letsencrypt updated static01-security-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-summit-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + +- name: letsencrypt updated static01-swift-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + - name: letsencrypt updated static01-releases-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml diff --git a/playbooks/roles/static/files/00-static.opendev.org.conf b/playbooks/roles/static/files/00-static.opendev.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-ci.openstack.org.conf b/playbooks/roles/static/files/50-ci.openstack.org.conf new file mode 100644 index 0000000000..93e08bae86 --- /dev/null +++ b/playbooks/roles/static/files/50-ci.openstack.org.conf @@ -0,0 +1,43 @@ + + RewriteEngine On + + RewriteRule ^/jenkins-job-builder(/.*|$) https://docs.openstack.org/infra/jenkins-job-builder$1 [last,redirect=permanent] + RewriteRule ^/nodepool(/.*|$) https://docs.openstack.org/infra/nodepool$1 [last,redirect=permanent] + RewriteRule ^/openstackid(/.*|$) https://docs.openstack.org/infra/openstackid$1 [last,redirect=permanent] + RewriteRule ^/shade(/.*|$) https://docs.openstack.org/infra/shade$1 [last,redirect=permanent] + RewriteRule ^/storyboard(/.*|$) https://docs.openstack.org/infra/storyboard$1 [last,redirect=permanent] + RewriteRule ^/zuul(/.*|$) https://docs.openstack.org/infra/zuul$1 [last,redirect=permanent] + RewriteRule ^/(.*) https://docs.openstack.org/infra/system-config/$1 [last,redirect=permanent] + + + + ServerName ci.openstack.org + + Use CiRedirects + + LogLevel warn + ErrorLog /var/log/apache2/ci.openstack.org_error.log + CustomLog /var/log/apache2/ci.openstack.org_access.log combined + ServerSignature Off + + + + ServerName ci.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/ci.openstack.org/ci.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/ci.openstack.org/ci.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/ci.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + Use CiRedirects + + LogLevel warn + ErrorLog /var/log/apache2/ci.openstack.org_error.log + CustomLog /var/log/apache2/ci.openstack.org_access.log combined + ServerSignature Off + + +UndefMacro CiRedirects \ No newline at end of file diff --git a/playbooks/roles/static/files/50-cinder.openstack.org.conf b/playbooks/roles/static/files/50-cinder.openstack.org.conf new file mode 100644 index 0000000000..e5a31f8e0e --- /dev/null +++ b/playbooks/roles/static/files/50-cinder.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName cinder.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/cinder/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/cinder.openstack.org_error.log + CustomLog /var/log/apache2/cinder.openstack.org_access.log combined + ServerSignature Off + + + + ServerName cinder.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/cinder.openstack.org/cinder.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/cinder.openstack.org/cinder.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/cinder.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/cinder/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/cinder.openstack.org_error.log + CustomLog /var/log/apache2/cinder.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-developer.openstack.org.conf b/playbooks/roles/static/files/50-developer.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-devstack.org.conf b/playbooks/roles/static/files/50-devstack.org.conf new file mode 100644 index 0000000000..337c417937 --- /dev/null +++ b/playbooks/roles/static/files/50-devstack.org.conf @@ -0,0 +1,33 @@ + + ServerName devstack.org + ServerAlias *.devstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/devstack/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/devstack.org_error.log + CustomLog /var/log/apache2/devstack.org_access.log combined + ServerSignature Off + + + + ServerName devstack.org + ServerAlias www.devstack.org + + SSLCertificateFile /etc/letsencrypt-certs/devstack.org/devstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/devstack.org/devstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/devstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/devstack/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/devstack.org_error.log + CustomLog /var/log/apache2/devstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-docs.opendev.org.conf b/playbooks/roles/static/files/50-docs.opendev.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-docs.openstack.org.conf b/playbooks/roles/static/files/50-docs.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-docs.starlingx.io.conf b/playbooks/roles/static/files/50-docs.starlingx.io.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-glance.openstack.org.conf b/playbooks/roles/static/files/50-glance.openstack.org.conf new file mode 100644 index 0000000000..45817ecdd9 --- /dev/null +++ b/playbooks/roles/static/files/50-glance.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName glance.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/glance/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/glance.openstack.org_error.log + CustomLog /var/log/apache2/glance.openstack.org_access.log combined + ServerSignature Off + + + + ServerName glance.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/glance.openstack.org/glance.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/glance.openstack.org/glance.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/glance.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/glance/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/glance.openstack.org_error.log + CustomLog /var/log/apache2/glance.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-governance.openstack.org.conf b/playbooks/roles/static/files/50-governance.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-horizon.openstack.org.conf b/playbooks/roles/static/files/50-horizon.openstack.org.conf new file mode 100644 index 0000000000..c86ec4d5e7 --- /dev/null +++ b/playbooks/roles/static/files/50-horizon.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName horizon.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/horizon/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/horizon.openstack.org_error.log + CustomLog /var/log/apache2/horizon.openstack.org_access.log combined + ServerSignature Off + + + + ServerName horizon.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/horizon.openstack.org/horizon.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/horizon.openstack.org/horizon.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/horizon.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/horizon/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/horizon.openstack.org_error.log + CustomLog /var/log/apache2/horizon.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-keystone.openstack.org.conf b/playbooks/roles/static/files/50-keystone.openstack.org.conf new file mode 100644 index 0000000000..c7c833fc32 --- /dev/null +++ b/playbooks/roles/static/files/50-keystone.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName keystone.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/keystone/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/keystone.openstack.org_error.log + CustomLog /var/log/apache2/keystone.openstack.org_access.log combined + ServerSignature Off + + + + ServerName keystone.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/keystone.openstack.org/keystone.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/keystone.openstack.org/keystone.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/keystone.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/keystone/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/keystone.openstack.org_error.log + CustomLog /var/log/apache2/keystone.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-nova.openstack.org.conf b/playbooks/roles/static/files/50-nova.openstack.org.conf new file mode 100644 index 0000000000..e5aac7120a --- /dev/null +++ b/playbooks/roles/static/files/50-nova.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName nova.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/nova/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/nova.openstack.org_error.log + CustomLog /var/log/apache2/nova.openstack.org_access.log combined + ServerSignature Off + + + + ServerName nova.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/nova.openstack.org/nova.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/nova.openstack.org/nova.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/nova.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/nova/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/nova.openstack.org_error.log + CustomLog /var/log/apache2/nova.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-qa.openstack.org.conf b/playbooks/roles/static/files/50-qa.openstack.org.conf new file mode 100644 index 0000000000..18c6fe63e9 --- /dev/null +++ b/playbooks/roles/static/files/50-qa.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName qa.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/qa/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/qa.openstack.org_error.log + CustomLog /var/log/apache2/qa.openstack.org_access.log combined + ServerSignature Off + + + + ServerName qa.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/qa.openstack.org/qa.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/qa.openstack.org/qa.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/qa.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/qa/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/qa.openstack.org_error.log + CustomLog /var/log/apache2/qa.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-releases.openstack.org.conf b/playbooks/roles/static/files/50-releases.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-security.openstack.org.conf b/playbooks/roles/static/files/50-security.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-service-types.openstack.org.conf b/playbooks/roles/static/files/50-service-types.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-specs.openstack.org.conf b/playbooks/roles/static/files/50-specs.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-summit.openstack.org.conf b/playbooks/roles/static/files/50-summit.openstack.org.conf new file mode 100644 index 0000000000..1255f71596 --- /dev/null +++ b/playbooks/roles/static/files/50-summit.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName summit.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://openstack.org/summit/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/summit.openstack.org_error.log + CustomLog /var/log/apache2/summit.openstack.org_access.log combined + ServerSignature Off + + + + ServerName summit.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/summit.openstack.org/summit.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/summit.openstack.org/summit.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/summit.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://openstack.org/summit/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/summit.openstack.org_error.log + CustomLog /var/log/apache2/summit.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-swift.openstack.org.conf b/playbooks/roles/static/files/50-swift.openstack.org.conf new file mode 100644 index 0000000000..80fa790f08 --- /dev/null +++ b/playbooks/roles/static/files/50-swift.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName swift.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/swift/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/swift.openstack.org_error.log + CustomLog /var/log/apache2/swift.openstack.org_access.log combined + ServerSignature Off + + + + ServerName swift.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/swift.openstack.org/swift.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/swift.openstack.org/swift.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/swift.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://docs.openstack.org/developer/swift/$1 [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/swift.openstack.org_error.log + CustomLog /var/log/apache2/swift.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/files/50-tarballs.opendev.org.conf b/playbooks/roles/static/files/50-tarballs.opendev.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-tarballs.openstack.org.conf b/playbooks/roles/static/files/50-tarballs.openstack.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/files/50-zuul-ci.org.conf b/playbooks/roles/static/files/50-zuul-ci.org.conf old mode 100755 new mode 100644 diff --git a/playbooks/roles/static/tasks/enable_site.yaml b/playbooks/roles/static/tasks/enable_site.yaml index e2c47aa9de..273ef93069 100644 --- a/playbooks/roles/static/tasks/enable_site.yaml +++ b/playbooks/roles/static/tasks/enable_site.yaml @@ -1,4 +1,4 @@ -- name: Add custom default site +- name: Add {{ item }} configuration copy: src: '{{ item }}.conf' dest: /etc/apache2/sites-available/ diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml index f8ac22b346..63fdac4719 100644 --- a/playbooks/roles/static/tasks/main.yaml +++ b/playbooks/roles/static/tasks/main.yaml @@ -65,15 +65,25 @@ include_tasks: enable_site.yaml loop: - 00-static.opendev.org + - 50-ci.openstack.org + - 50-cinder.openstack.org - 50-developer.openstack.org + - 50-devstack.org - 50-docs.opendev.org - 50-docs.openstack.org - 50-docs.starlingx.io - 50-governance.openstack.org + - 50-glance.openstack.org + - 50-horizon.openstack.org + - 50-keystone.openstack.org + - 50-nova.openstack.org + - 50-qa.openstack.org - 50-security.openstack.org - 50-service-types.openstack.org - 50-specs.openstack.org - 50-releases.openstack.org + - 50-summit.openstack.org + - 50-swift.openstack.org - 50-tarballs.opendev.org - 50-tarballs.openstack.org - 50-zuul-ci.org diff --git a/testinfra/test_static.py b/testinfra/test_static.py index aa0bb9b1aa..9cad8a2b1e 100644 --- a/testinfra/test_static.py +++ b/testinfra/test_static.py @@ -156,3 +156,62 @@ def test_git_redirects(host, url, target): (hostname, url)) assert '302 Found' in cmd.stdout assert target in cmd.stdout + +doc_redirects = ( + ('devstack.org', 'https://docs.openstack.org/developer/devstack'), + ('www.devstack.org', 'https://docs.openstack.org/developer/devstack'), + ('cinder.openstack.org', 'https://docs.openstack.org/developer/cinder'), + ('glance.openstack.org', 'https://docs.openstack.org/developer/glance'), + ('horizon.openstack.org', 'https://docs.openstack.org/developer/horizon'), + ('keystone.openstack.org', 'https://docs.openstack.org/developer/keystone'), + ('nova.openstack.org', 'https://docs.openstack.org/developer/nova'), + ('qa.openstack.org', 'https://docs.openstack.org/developer/qa'), + ('swift.openstack.org', 'https://docs.openstack.org/developer/swift'), +) + +@pytest.mark.parametrize("hostname,target", doc_redirects) +def test_doc_redirects(host, hostname, target): + cmd = host.run('curl --resolve %s:80:127.0.0.1 http://%s' % + (hostname, hostname)) + assert '301 Moved Permanently' in cmd.stdout + assert target in cmd.stdout + + cmd = host.run('curl --insecure --resolve %s:443:127.0.0.1 https://%s' % + (hostname, hostname)) + assert '301 Moved Permanently' in cmd.stdout + assert target in cmd.stdout + +def test_summit_openstack_org(host): + cmd = host.run('curl --resolve summit.openstack.org:80:127.0.0.1' + ' http://summit.openstack.org') + assert '301 Moved Permanently' in cmd.stdout + assert 'https://openstack.org/summit/' in cmd.stdout + + cmd = host.run('curl --insecure ' + ' --resolve summit.openstack.org:443:127.0.0.1' + ' https://summit.openstack.org') + assert '301 Moved Permanently' in cmd.stdout + assert 'https://openstack.org/summit/' in cmd.stdout + +ci_redirects = ( + ('/jenkins-job-builder', 'https://docs.openstack.org/infra/jenkins-job-builder'), + ('/nodepool', 'https://docs.openstack.org/infra/nodepool'), + ('/openstackid', 'https://docs.openstack.org/infra/openstackid'), + ('/shade', 'https://docs.openstack.org/infra/shade'), + ('/storyboard', 'https://docs.openstack.org/infra/storyboard'), + ('/zuul', 'https://docs.openstack.org/infra/zuul'), + ('/', 'https://docs.openstack.org/infra/system-config/'), +) + +@pytest.mark.parametrize("path,target", ci_redirects) +def test_ci_openstack_org(host, path, target): + cmd = host.run('curl --resolve ci.openstack.org:80:127.0.0.1' + ' http://ci.openstack.org%s' % path) + assert '301 Moved Permanently' in cmd.stdout + assert target in cmd.stdout + + cmd = host.run('curl --insecure ' + ' --resolve ci.openstack.org:443:127.0.0.1' + ' https://ci.openstack.org%s' % path) + assert '301 Moved Permanently' in cmd.stdout + assert target in cmd.stdout