From 3981c02322ccfd8e3d1d0f8d07fefa0a3af7e697 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Thu, 9 Jan 2020 11:36:41 -0800
Subject: [PATCH] Provision LE cert for zuul.opendev.org

This provisions the cert but does not use it yet. We will do the
switchover once the cert is confirmed to be in place.

Depends-On: https://review.opendev.org/701819
Change-Id: I04fee48b9a79758527d8f9e8128c0fa915cd133e
---
 inventory/groups.yaml                                       | 1 +
 manifests/site.pp                                           | 4 ++++
 playbooks/host_vars/zuul01.openstack.org                    | 4 ++++
 playbooks/roles/letsencrypt-create-certs/handlers/main.yaml | 3 +++
 4 files changed, 12 insertions(+)
 create mode 100644 playbooks/host_vars/zuul01.openstack.org

diff --git a/inventory/groups.yaml b/inventory/groups.yaml
index a4cdf0e3ca..55c289ab21 100644
--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@@ -69,6 +69,7 @@ groups:
     - files[0-9]*.open*.org
     - static.openstack.org
     - gitea[0-9]*.opendev.org
+    - zuul[0-9]*.open*.org
   logstash:
     - logstash[0-9]*.open*.org
   logstash-worker:
diff --git a/manifests/site.pp b/manifests/site.pp
index ff5e3edfe8..e19b96548a 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -929,18 +929,22 @@ node /^zuul\d+\.open.*\.org$/ {
       'zuul.openstack.org' => {
         tenant_name => 'openstack',
         ssl         => true,
+        use_le      => false,
       },
       'zuul.opendev.org' => {
         tenant_name => '',
         ssl         => true,
+        use_le      => false,
       },
       'zuul.openstack.org-http' => {
         tenant_name => 'openstack',
         ssl         => false,
+        use_le      => false,
       },
       'zuul.opendev.org-http' => {
         tenant_name => '',
         ssl         => false,
+        use_le      => false,
       },
     },
     vhosts_ssl => {
diff --git a/playbooks/host_vars/zuul01.openstack.org b/playbooks/host_vars/zuul01.openstack.org
new file mode 100644
index 0000000000..871cceaeca
--- /dev/null
+++ b/playbooks/host_vars/zuul01.openstack.org
@@ -0,0 +1,4 @@
+letsencrypt_certs:
+  zuul01-opendev-main:
+    - zuul.opendev.org
+    - zuul01.opendev.org
diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
index 3fa3cb5d46..96729d478c 100644
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@@ -25,6 +25,9 @@
 - name: letsencrypt updated zuul-ci-git
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated zuul01-opendev-main
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated logs-main
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml