Merge "static: Add service-types.openstack.org"

playbooks/host_vars/static01.opendev.org.yaml

@@ -5,6 +5,8 @@ letsencrypt_certs:
     - static01.opendev.org
   static01-governance-openstack-org:
     - governance.openstack.org
+  static01-service-types-openstack-org:
+    - service-types.openstack.org
   static01-security-openstack-org:
     - security.openstack.org
   static01-specs-openstack-org:

playbooks/roles/letsencrypt-create-certs/handlers/main.yaml

@@ -41,6 +41,9 @@
 - name: letsencrypt updated static01-governance-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
+- name: letsencrypt updated static01-service-types-openstack-org
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 - name: letsencrypt updated static01-specs-openstack-org
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 

playbooks/roles/static/files/50-service-types.openstack.org.conf

@@ -0,0 +1,41 @@
+Define AFS_ROOT /afs/openstack.org/project/service-types.openstack.org
+
+<VirtualHost *:80>
+  ServerName service-types.openstack.org
+  RewriteEngine On
+  RewriteRule ^/(.*) https://service-types.openstack.org/$1 [last,redirect=permanent]
+  LogLevel warn
+  ErrorLog /var/log/apache2/service-types.openstack.org_error.log
+  CustomLog /var/log/apache2/service-types.openstack.org_access.log combined
+  ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+
+  ServerName service-types.openstack.org
+
+  DocumentRoot ${AFS_ROOT}
+
+  SSLCertificateFile      /etc/letsencrypt-certs/service-types.openstack.org/service-types.openstack.org.cer
+  SSLCertificateKeyFile   /etc/letsencrypt-certs/service-types.openstack.org/service-types.openstack.org.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/service-types.openstack.org/ca.cer
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  <Directory ${AFS_ROOT}>
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverrideList Redirect RedirectMatch
+    Satisfy Any
+    Require all granted
+  </Directory>
+
+  LogLevel warn
+  ErrorLog /var/log/apache2/service-types.openstack.org_error.log
+  CustomLog /var/log/apache2/service-types.openstack.org_access.log combined
+  ServerSignature Off
+
+</VirtualHost>
+</IfModule>

playbooks/roles/static/tasks/main.yaml

@@ -134,3 +134,19 @@
     creates: /etc/apache2/sites-enabled/50-specs.openstack.org
   notify:
     - Reload apache2
+
+# service-types.openstack.org
+- name: Install service-types.openstack.org
+  copy:
+    src: 50-service-types.openstack.org.conf
+    dest: /etc/apache2/sites-available/
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Enable service-types.openstack.org
+  command: a2ensite 50-service-types.openstack.org
+  args:
+    creates: /etc/apache2/sites-enabled/50-service-types.openstack.org
+  notify:
+    - Reload apache2

testinfra/test_static.py

@@ -53,3 +53,9 @@ def test_specs_opendev_org(host):
                    '--resolve specs.openstack.org:443:127.0.0.1 '
                    'https://specs.openstack.org/specs.opml')
     assert 'OpenStack Specs Feeds' in cmd.stdout
+
+def test_service_types_opendev_org(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve service-types.openstack.org:443:127.0.0.1 '
+                   'https://service-types.openstack.org')
+    assert 'OpenStack Service Types Authority Data' in cmd.stdout