From dcc23be55bdd400ebdb93b7d14482da5f88ee825 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Fri, 28 Feb 2020 16:48:10 +1100 Subject: [PATCH] Remove static site puppet Remove the puppet related to the static server Story: #2006598 Task: #36758 Change-Id: I744da83d811e715ff8049eacf3013cd4831e1c49 --- inventory/openstack.yaml | 7 - manifests/site.pp | 19 - modules/openstack_project/manifests/static.pp | 529 ------------------ .../openstack_project/templates/ci.vhost.erb | 22 - .../templates/logs.vhost.erb | 193 ------- .../templates/static-governance.vhost.erb | 68 --- .../templates/static-http-and-https.vhost.erb | 58 -- .../templates/static-https-redirect.vhost.erb | 48 -- .../templates/summit.vhost.erb | 21 - 9 files changed, 965 deletions(-) delete mode 100644 modules/openstack_project/manifests/static.pp delete mode 100644 modules/openstack_project/templates/ci.vhost.erb delete mode 100644 modules/openstack_project/templates/logs.vhost.erb delete mode 100644 modules/openstack_project/templates/static-governance.vhost.erb delete mode 100644 modules/openstack_project/templates/static-http-and-https.vhost.erb delete mode 100644 modules/openstack_project/templates/static-https-redirect.vhost.erb delete mode 100644 modules/openstack_project/templates/summit.vhost.erb diff --git a/inventory/openstack.yaml b/inventory/openstack.yaml index da55f7a20c..671f07e350 100644 --- a/inventory/openstack.yaml +++ b/inventory/openstack.yaml @@ -709,13 +709,6 @@ all: region_name: DFW public_v4: 23.253.245.150 public_v6: 2001:4800:7818:101:be76:4eff:fe04:7c28 - static.openstack.org: - ansible_host: 2001:4800:7817:104:be76:4eff:fe05:dbee - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 23.253.108.137 - public_v6: 2001:4800:7817:104:be76:4eff:fe05:dbee status.openstack.org: ansible_host: 2001:4800:7818:103:be76:4eff:fe06:905 location: diff --git a/manifests/site.pp b/manifests/site.pp index 26399354c9..91d0d31703 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -405,25 +405,6 @@ node /^storyboard-dev\d+\.opendev\.org$/ { } -# A machine to serve static content. -# Node-OS: trusty -# Node-OS: xenial -node /^static\d*\.open.*\.org$/ { - class { 'openstack_project::server': } - class { 'openstack_project::static': - project_config_repo => 'https://opendev.org/openstack/project-config', - swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/', - swift_user => 'infra-files-ro', - swift_key => hiera('infra_files_ro_password'), - swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'), - swift_region_name => 'DFW', - swift_default_container => 'infra-files', - ssl_cert_file_contents => hiera('static_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('static_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('static_ssl_chain_file_contents'), - } -} - # Node-OS: xenial node /^zk\d+\.open.*\.org$/ { # We use IP addresses here so that zk listens on the public facing addresses diff --git a/modules/openstack_project/manifests/static.pp b/modules/openstack_project/manifests/static.pp deleted file mode 100644 index 16a955f411..0000000000 --- a/modules/openstack_project/manifests/static.pp +++ /dev/null @@ -1,529 +0,0 @@ -# == Class: openstack_project::static -# -class openstack_project::static ( - $swift_authurl = '', - $swift_user = '', - $swift_key = '', - $swift_tenant_name = '', - $swift_region_name = '', - $swift_default_container = '', - $project_config_repo = '', - $ssl_cert_file = '', - $ssl_cert_file_contents = '', - $ssl_key_file = '', - $ssl_key_file_contents = '', - $ssl_chain_file = '', - $ssl_chain_file_contents = '', - $jenkins_gitfullname = 'OpenStack Jenkins', - $jenkins_gitemail = 'jenkins@openstack.org', -) { - class { 'project_config': - url => $project_config_repo, - } - - include openstack_project - class { 'jenkins::jenkinsuser': - ssh_key => $openstack_project::jenkins_ssh_key, - gitfullname => $jenkins_gitfullname, - gitemail => $jenkins_gitemail, - } - - # This will try to index our millions of logs and docs by default - # and cause all sorts of IO and disk-usage issues. - package { 'mlocate': - ensure => absent, - } - - include ::httpd - include ::httpd::mod::wsgi - - if ! defined(Httpd::Mod['rewrite']) { - httpd::mod { 'rewrite': - ensure => present, - } - } - - if ! defined(Httpd::Mod['proxy']) { - httpd::mod { 'proxy': - ensure => present, - } - } - - if ! defined(Httpd::Mod['proxy_http']) { - httpd::mod { 'proxy_http': - ensure => present, - } - } - - if ! defined(Httpd::Mod['alias']) { - httpd::mod { 'alias': ensure => present } - } - - if ! defined(Httpd::Mod['headers']) { - httpd::mod { 'headers': ensure => present } - } - - if ! defined(File['/srv/static']) { - file { '/srv/static': - ensure => directory, - } - } - - file { '/etc/ssl/certs': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - } - - file { '/etc/ssl/private': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0700', - } - - # To use the standard ssl-certs package snakeoil certificate, leave both - # $ssl_cert_file and $ssl_cert_file_contents empty. To use an existing - # certificate, specify its path for $ssl_cert_file and leave - # $ssl_cert_file_contents empty. To manage the certificate with puppet, - # provide $ssl_cert_file_contents and optionally specify the path to use for - # it in $ssl_cert_file. - if ($ssl_cert_file == '') and ($ssl_cert_file_contents == '') { - $cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' - } else { - if $ssl_cert_file == '' { - $cert_file = "/etc/ssl/certs/${::fqdn}.pem" - } else { - $cert_file = $ssl_cert_file - } - if $ssl_cert_file_contents != '' { - file { $cert_file: - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => $ssl_cert_file_contents, - require => File['/etc/ssl/certs'], - } - } - } - - # To use the standard ssl-certs package snakeoil key, leave both - # $ssl_key_file and $ssl_key_file_contents empty. To use an existing key, - # specify its path for $ssl_key_file and leave $ssl_key_file_contents empty. - # To manage the key with puppet, provide $ssl_key_file_contents and - # optionally specify the path to use for it in $ssl_key_file. - if ($ssl_key_file == '') and ($ssl_key_file_contents == '') { - $key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' - } else { - if $ssl_key_file == '' { - $key_file = "/etc/ssl/private/${::fqdn}.key" - } else { - $key_file = $ssl_key_file - } - if $ssl_key_file_contents != '' { - file { $key_file: - ensure => present, - owner => 'root', - group => 'root', - mode => '0600', - content => $ssl_key_file_contents, - require => File['/etc/ssl/private'], - } - } - } - - # To avoid using an intermediate certificate chain, leave both - # $ssl_chain_file and $ssl_chain_file_contents empty. To use an existing - # chain, specify its path for $ssl_chain_file and leave - # $ssl_chain_file_contents empty. To manage the chain with puppet, provide - # $ssl_chain_file_contents and optionally specify the path to use for it in - # $ssl_chain_file. - if ($ssl_chain_file == '') and ($ssl_chain_file_contents == '') { - $chain_file = '' - } else { - if $ssl_chain_file == '' { - $chain_file = "/etc/ssl/certs/${::fqdn}_intermediate.pem" - } else { - $chain_file = $ssl_chain_file - } - if $ssl_chain_file_contents != '' { - file { $chain_file: - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => $ssl_chain_file_contents, - require => File['/etc/ssl/certs'], - before => File[$cert_file], - } - } - } - - ########################################################### - # Tarballs - - ::httpd::vhost { 'tarballs.openstack.org': - port => 443, # Is required despite not being used. - docroot => '/srv/static/tarballs', - priority => '50', - ssl => true, - template => 'openstack_project/static-http-and-https.vhost.erb', - vhost_name => 'tarballs.openstack.org', - require => [ - File['/srv/static/tarballs'], - File[$cert_file], - File[$key_file], - ], - } - - file { '/srv/static/tarballs': - ensure => directory, - owner => 'jenkins', - group => 'jenkins', - require => User['jenkins'], - } - - ########################################################### - # legacy ci.openstack.org site redirect - - ::httpd::vhost { 'ci.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/ci.vhost.erb', - } - - ########################################################### - # Logs - class { 'openstackci::logserver': - jenkins_ssh_key => $openstack_project::jenkins_ssh_key, - domain => 'openstack.org', - ara_middleware => true, - wsgi_processes => 16, - swift_authurl => $swift_authurl, - swift_user => $swift_user, - swift_key => $swift_key, - swift_tenant_name => $swift_tenant_name, - swift_region_name => $swift_region_name, - swift_default_container => $swift_default_container, - readmes => { - '/*/*/*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html', - '/periodic*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html', - '/*/*/*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html', - '/periodic*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html', - '/*/*/*/*/*tripleo-ci-*/*/logs/' => '/help/tripleo-quickstart-logs.html' - } - } - - ::httpd::vhost { "logs.opendev.org": - port => 443, - priority => '50', - ssl => true, - docroot => '/srv/static/logs', - require => File['/srv/static/logs'], - vhost_name => 'logs.opendev.org', - template => 'openstack_project/logs.vhost.erb', - } - - vcsrepo { '/opt/devstack-gate': - ensure => latest, - provider => git, - revision => 'master', - source => 'https://opendev.org/openstack/devstack-gate', - } - - file { '/srv/static/logs/help': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - require => File['/srv/static/logs'], - } - file { '/srv/static/logs/help/tempest-logs.html': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'file:///opt/devstack-gate/help/tempest-logs.html', - require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']], - } - file { '/srv/static/logs/help/tempest-overview.html': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'file:///opt/devstack-gate/help/tempest-overview.html', - require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']], - } - - vcsrepo { '/opt/tripleo-ci': - ensure => latest, - provider => git, - revision => 'master', - source => 'https://opendev.org/openstack/tripleo-ci', - } - file { '/srv/static/logs/help/tripleo-quickstart-logs.html': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'file:///opt/tripleo-ci/docs/tripleo-quickstart-logs.html', - require => [File['/srv/static/logs/help'], Vcsrepo['/opt/tripleo-ci']], - } - - ########################################################### - # Security - - ::httpd::vhost { 'security.openstack.org': - port => 443, # Is required despite not being used. - docroot => '/srv/static/security', - priority => '50', - ssl => true, - template => 'openstack_project/static-https-redirect.vhost.erb', - vhost_name => 'security.openstack.org', - require => [ - File['/srv/static/security'], - File[$cert_file], - File[$key_file], - ], - } - - file { '/srv/static/security': - ensure => directory, - owner => 'jenkins', - group => 'jenkins', - require => User['jenkins'], - } - - ########################################################### - # Governance (TC and UC) & Election - - # Extra aliases and directories needed for vhost template: - $governance_aliases = { - '/election/' => '/srv/static/election/', - '/sigs/' => '/srv/static/sigs/', - '/tc/' => '/srv/static/tc/', - '/uc/' => '/srv/static/uc/', - } - # Extra redirects needed for vhost template: - $governance_redirects = { - '/badges/' => '/tc/badges/', - '/goals/' => '/tc/goals/', - '/reference/' => '/tc/reference/', - '/resolutions/' => '/tc/resolutions/', - } - # One of these must also be the docroot - $governance_directories = [ - '/srv/static/election', - '/srv/static/governance', - '/srv/static/sigs', - '/srv/static/tc', - '/srv/static/uc', - ] - - ::httpd::vhost { 'governance.openstack.org': - port => 443, # Is required despite not being used. - docroot => '/srv/static/governance', - priority => '50', - ssl => true, - template => 'openstack_project/static-governance.vhost.erb', - vhost_name => 'governance.openstack.org', - require => [ - File[$governance_directories], - File[$cert_file], - File[$key_file], - ], - } - - file { $governance_directories: - ensure => directory, - owner => 'jenkins', - group => 'jenkins', - require => User['jenkins'], - } - - ########################################################### - # Specs - - ::httpd::vhost { 'specs.openstack.org': - port => 443, # Is required despite not being used. - docroot => '/srv/static/specs', - priority => '50', - ssl => true, - template => 'openstack_project/static-http-and-https.vhost.erb', - vhost_name => 'specs.openstack.org', - require => [ - File['/srv/static/specs'], - File[$cert_file], - File[$key_file], - ], - } - - file { '/srv/static/specs': - ensure => directory, - owner => 'jenkins', - group => 'jenkins', - require => User['jenkins'], - } - - ########################################################### - # legacy summit.openstack.org site redirect - - ::httpd::vhost { 'summit.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/summit.vhost.erb', - } - - ########################################################### - # legacy site redirects - - ::httpd::vhost { 'devstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - serveraliases => ['*.devstack.org'], - template => 'openstack_project/legacy.vhost.erb', - } - - ::httpd::vhost { 'cinder.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/legacy.vhost.erb', - } - - ::httpd::vhost { 'glance.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/legacy.vhost.erb', - } - - ::httpd::vhost { 'horizon.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/legacy.vhost.erb', - } - - ::httpd::vhost { 'keystone.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/legacy.vhost.erb', - } - - ::httpd::vhost { 'nova.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/legacy.vhost.erb', - } - - ::httpd::vhost { 'qa.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/legacy.vhost.erb', - } - - ::httpd::vhost { 'swift.openstack.org': - port => 80, - priority => '50', - docroot => 'MEANINGLESS_ARGUMENT', - template => 'openstack_project/legacy.vhost.erb', - } - - ########################################################### - # Trystack - - ::httpd::vhost { 'trystack.openstack.org': - port => 443, # Is required despite not being used. - docroot => '/opt/trystack', - priority => '50', - ssl => true, - template => 'openstack_project/static-http-and-https.vhost.erb', - vhost_name => 'trystack.openstack.org', - serveraliases => ['trystack.org', 'www.trystack.org'], - require => [ - Vcsrepo['/opt/trystack'], - File[$cert_file], - File[$key_file], - ], - } - - vcsrepo { '/opt/trystack': - ensure => latest, - provider => git, - revision => 'master', - source => 'https://opendev.org/x/trystack-site', - } - - ########################################################### - # Releases - - ::httpd::vhost { 'releases.openstack.org': - port => 443, # Is required despite not being used. - docroot => '/srv/static/releases', - priority => '50', - ssl => true, - template => 'openstack_project/static-https-redirect.vhost.erb', - vhost_name => 'releases.openstack.org', - require => [ - File['/srv/static/releases'], - File[$cert_file], - File[$key_file], - ], - } - - file { '/srv/static/releases': - ensure => directory, - owner => 'jenkins', - group => 'jenkins', - require => User['jenkins'], - } - - ########################################################### - # service-types.openstack.org - - ::httpd::vhost { 'service-types.openstack.org': - port => 443, # Is required despite not being used. - docroot => '/srv/static/service-types', - priority => '50', - ssl => true, - template => 'openstack_project/static-https-redirect.vhost.erb', - vhost_name => 'service-types.openstack.org', - require => [ - File['/srv/static/service-types'], - File[$cert_file], - File[$key_file], - ], - } - - file { '/srv/static/service-types': - ensure => directory, - owner => 'jenkins', - group => 'jenkins', - require => User['jenkins'], - } - - - # Until Apache 2.4.24 the event MPM has some issues scalability - # bottlenecks that were seen to drop connections, especially on - # larger files; see - # https://httpd.apache.org/docs/2.4/mod/event.html - # - # The main advantage of event MPM is for keep-alive requests which - # are not really a big issue on this static file server. Therefore - # we switch to the threaded worker MPM as a workaround. This can be - # reconsidered when the apache version running is sufficient to - # avoid these problems. - - httpd::mod { 'mpm_event': ensure => 'absent' } - httpd::mod { 'mpm_worker': ensure => 'present' } - -} diff --git a/modules/openstack_project/templates/ci.vhost.erb b/modules/openstack_project/templates/ci.vhost.erb deleted file mode 100644 index c33675ebce..0000000000 --- a/modules/openstack_project/templates/ci.vhost.erb +++ /dev/null @@ -1,22 +0,0 @@ -# ************************************ -# Managed by Puppet -# ************************************ - -NameVirtualHost <%= @vhost_name %>:<%= @port %> -:<%= @port %>> - ServerName <%= @srvname %> - - RewriteEngine On -RewriteRule ^/jenkins-job-builder(/.*|$) https://docs.openstack.org/infra/jenkins-job-builder$1 [last,redirect=permanent] - RewriteRule ^/nodepool(/.*|$) https://docs.openstack.org/infra/nodepool$1 [last,redirect=permanent] - RewriteRule ^/openstackid(/.*|$) https://docs.openstack.org/infra/openstackid$1 [last,redirect=permanent] - RewriteRule ^/shade(/.*|$) https://docs.openstack.org/infra/shade$1 [last,redirect=permanent] - RewriteRule ^/storyboard(/.*|$) https://docs.openstack.org/infra/storyboard$1 [last,redirect=permanent] - RewriteRule ^/zuul(/.*|$) https://docs.openstack.org/infra/zuul$1 [last,redirect=permanent] - RewriteRule ^/(.*) https://docs.openstack.org/infra/system-config/$1 [last,redirect=permanent] - - ErrorLog /var/log/apache2/<%= @name %>_error.log - LogLevel warn - CustomLog /var/log/apache2/<%= @name %>_access.log combined - ServerSignature Off - diff --git a/modules/openstack_project/templates/logs.vhost.erb b/modules/openstack_project/templates/logs.vhost.erb deleted file mode 100644 index 7328d4b056..0000000000 --- a/modules/openstack_project/templates/logs.vhost.erb +++ /dev/null @@ -1,193 +0,0 @@ -# -*- apache -*- -# ************************************ -# Managed by Puppet -# ************************************ - -NameVirtualHost <%= @vhost_name %>:80 -NameVirtualHost <%= @vhost_name %>:443 - - - ServerName <%= @vhost_name %> -<% if @serveraliases.is_a? Array -%> -<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> -<% elsif ! ['', nil].include?(@serveraliases) -%> -<%= " ServerAlias #{@serveraliases}" %> -<% end -%> - RewriteEngine On - RewriteRule ^/(.*)$ https://<%= @vhost_name %>/$1 [L,R=301] - DocumentRoot <%= @docroot %> - > - Options Indexes FollowSymLinks MultiViews - AllowOverride None - AllowOverrideList Redirect RedirectMatch - Satisfy Any - Require all granted - - LogLevel warn - ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log - CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined - ServerSignature Off - - - - ServerName <%= @vhost_name %> -<% if @serveraliases.is_a? Array -%> -<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> -<% elsif ! ['', nil, :undef].include?(@serveraliases) -%> -<%= " ServerAlias #{@serveraliases}" %> -<% end -%> - - SSLEngine on - SSLProtocol All -SSLv2 -SSLv3 - # Once the machine is using something to terminate TLS that supports ECDHE - # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS - # only is guarenteed. - SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP - SSLHonorCipherOrder on - SSLCertificateFile /etc/letsencrypt-certs/logs.opendev.org/logs.opendev.org.cer - SSLCertificateKeyFile /etc/letsencrypt-certs/logs.opendev.org/logs.opendev.org.key - SSLCertificateChainFile /etc/letsencrypt-certs/logs.opendev.org/ca.cer - - DocumentRoot <%= @docroot %> - - # Authorize cross request, e.g. fetch job-output from the zuul builds page - Header set Access-Control-Allow-Origin "*" - - WSGIDaemonProcess logs2 user=www-data group=www-data processes=16 threads=1 - WSGIProcessGroup logs2 - WSGIApplicationGroup %{GLOBAL} - - AddType text/plain .log - AddType text/plain .sh - AddType text/plain .yaml - AddType text/plain .yml - - # use Apache to compress the results afterwards, to save on the wire - # it's approx 18x savings of wire traffic to compress. We need to - # compress by content types that htmlify can produce - AddOutputFilterByType DEFLATE text/plain text/html application/x-font-ttf image/svg+xml - - - ForceType text/html - AddDefaultCharset UTF-8 - AddEncoding x-gzip gz - - - ForceType text/css - AddDefaultCharset UTF-8 - AddEncoding x-gzip gz - - - ForceType text/javascript - AddDefaultCharset UTF-8 - AddEncoding x-gzip gz - - - ForceType application/x-font-ttf - AddEncoding x-gzip gz - - - ForceType image/svg+xml - AddEncoding x-gzip gz - - - ForceType application/json - AddEncoding x-gzip gz - - - # mod_mime_magic is sometimes passing css files as asm sources - # e.g css files generated by coverage reports - ForceType text/css - - > - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - Satisfy Any - ExpiresActive On - # Data in the logs server is static once generated by a job - ExpiresDefault "access plus 2 weeks" - - - Allow from all - Satisfy Any - - - - ReadmeName /help/tempest-overview.html - - - ReadmeName /help/tempest-overview.html - - - ReadmeName /help/tempest-logs.html - - - ReadmeName /help/tempest-logs.html - - - ReadmeName /help/tripleo-quickstart-logs.html - - - /periodic*/*> - IndexOrderDefault Descending Date - - - RewriteEngine On - - - Allow from all - Satisfy Any - - - # ARA sqlite middleware configuration - # See docs for details: https://ara.readthedocs.io/en/latest/advanced.html - SetEnv ARA_WSGI_TMPDIR_MAX_AGE 3600 - SetEnv ARA_WSGI_LOG_ROOT /srv/static/logs - SetEnv ARA_WSGI_DATABASE_DIRECTORY ara-report - - # Redirect .*/ara-report to the ARA sqlite wsgi middleware - # This middleware automatically loads the ARA web application with the - # database located at .*/ara-report/ansible.sqlite. - # If we get a request directly to the database file, don't load the middleware - # so that users can download the raw database if they wish. - WSGIScriptAliasMatch ^.*/ara-report(?!/ansible.sqlite) /usr/local/bin/ara-wsgi-sqlite - - # Everything beyond this point is rewritten to htmlify. - # Make sure we don't do that for dynamic ARA reports. - RewriteCond %{REQUEST_URI} ^.*/ara-report [NC] - RewriteRule .* - [L] - - # If the specified file does not exist, look if there is a gzipped version - # If there is, serve that one instead - RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f - RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME}.gz -f - RewriteRule ^/(.*)$ %{REQUEST_URI}.gz - - # rewrite (txt|log).gz & console.html[.gz] files to map to our - # internal htmlify wsgi app - # PT, Pass-through: to come back around and get picked up by the - # WSGIScriptAlias - # NS, No-subrequest: on coming back through, mod-autoindex may have added - # index.html which would match the !-f condition. We - # therefore ensure the rewrite doesn't trigger by - # disallowing subrequests. - RewriteRule ^/(.*\.(txt|log)\.gz)$ /htmlify/$1 [QSA,L,PT,NS] - RewriteRule ^/(.*console\.html(\.gz)?)$ /htmlify/$1 [QSA,L,PT,NS] - - # Check if the request exists as a file, directory or symbolic link - # If not, write the request to htmlify to see if we can fetch from swift - RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f - RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d - RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-l - RewriteCond %{REQUEST_FILENAME} !^/icon - RewriteRule ^/(.*)$ /htmlify/$1 [QSA,L,PT,NS] - - WSGIScriptAlias /htmlify /usr/local/lib/python2.7/dist-packages/os_loganalyze/wsgi.py - - ErrorLog /var/log/apache2/<%= @vhost_name %>_ssl_error.log - LogLevel warn - CustomLog /var/log/apache2/<%= @vhost_name %>_ssl_access.log combined - ServerSignature Off - diff --git a/modules/openstack_project/templates/static-governance.vhost.erb b/modules/openstack_project/templates/static-governance.vhost.erb deleted file mode 100644 index 3b6a57c6a2..0000000000 --- a/modules/openstack_project/templates/static-governance.vhost.erb +++ /dev/null @@ -1,68 +0,0 @@ -# ************************************ -# Managed by Puppet -# ************************************ - - - ServerName <%= @vhost_name %> -<% if @serveraliases.is_a? Array -%> -<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> -<% elsif ! ['', nil].include?(@serveraliases) -%> -<%= " ServerAlias #{@serveraliases}" %> -<% end -%> - RewriteEngine On - RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent] - LogLevel warn - ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log - CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined - ServerSignature Off - - - - - ServerName <%= @vhost_name %> - DocumentRoot <%= @docroot %> - SSLEngine on - SSLProtocol All -SSLv2 -SSLv3 - # Once the machine is using something to terminate TLS that supports ECDHE - # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS - # only is guarenteed. - SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP - SSLHonorCipherOrder on - SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %> - SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %> -<% if scope['openstack_project::static::chain_file'] != '' %> - SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %> -<% end %> - # Alias other folders - <% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%> - Alias "<%= a %>" "<%= d %>" - <% end -%> - # Set up redirects - <% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%> - Redirect "<%= a %>" "<%= d %>" - <% end -%> - <% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%> - > - Options Indexes FollowSymLinks MultiViews - AllowOverrideList Redirect RedirectMatch - Satisfy Any - Require all granted - - <% end -%> - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Satisfy Any - Require all granted - - Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform" - Header set Pragma "no-cache" - - ErrorDocument 404 /badges/project-unofficial.svg - - LogLevel warn - ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log - CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined - ServerSignature Off - - diff --git a/modules/openstack_project/templates/static-http-and-https.vhost.erb b/modules/openstack_project/templates/static-http-and-https.vhost.erb deleted file mode 100644 index e29fbabe0c..0000000000 --- a/modules/openstack_project/templates/static-http-and-https.vhost.erb +++ /dev/null @@ -1,58 +0,0 @@ -# ************************************ -# Managed by Puppet -# ************************************ - - - ServerName <%= @vhost_name %> -<% if @serveraliases.is_a? Array -%> - # Permanently redirect these ServerAlias entries to ServerName -<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> -<% elsif ! ['', nil].include?(@serveraliases) -%> -<%= " ServerAlias #{@serveraliases}" %> - RewriteEngine On - RewriteCond %{HTTP_HOST} !<%= @vhost_name %>$ [NC] - RewriteRule ^/(.*)$ http://<%= @vhost_name %>/$1 [L,R=301] -<% end -%> - DocumentRoot <%= @docroot %> - > - Options Indexes FollowSymLinks MultiViews - AllowOverride None - AllowOverrideList Redirect RedirectMatch - Satisfy Any - Require all granted - - LogLevel warn - ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log - CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined - ServerSignature Off - - - - - ServerName <%= @vhost_name %> - DocumentRoot <%= @docroot %> - SSLEngine on - SSLProtocol All -SSLv2 -SSLv3 - # Once the machine is using something to terminate TLS that supports ECDHE - # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS - # only is guarenteed. - SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP - SSLHonorCipherOrder on - SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %> - SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %> -<% if scope['openstack_project::static::chain_file'] != '' %> - SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %> -<% end %> - > - Options Indexes FollowSymLinks MultiViews - AllowOverride None - AllowOverrideList Redirect RedirectMatch - Satisfy Any - Require all granted - - LogLevel warn - ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log - CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined - ServerSignature Off - - diff --git a/modules/openstack_project/templates/static-https-redirect.vhost.erb b/modules/openstack_project/templates/static-https-redirect.vhost.erb deleted file mode 100644 index 839d044757..0000000000 --- a/modules/openstack_project/templates/static-https-redirect.vhost.erb +++ /dev/null @@ -1,48 +0,0 @@ -# ************************************ -# Managed by Puppet -# ************************************ - - - ServerName <%= @vhost_name %> -<% if @serveraliases.is_a? Array -%> -<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> -<% elsif ! ['', nil].include?(@serveraliases) -%> -<%= " ServerAlias #{@serveraliases}" %> -<% end -%> - RewriteEngine On - RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent] - LogLevel warn - ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log - CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined - ServerSignature Off - - - - - ServerName <%= @vhost_name %> - DocumentRoot <%= @docroot %> - SSLEngine on - SSLProtocol All -SSLv2 -SSLv3 - # Once the machine is using something to terminate TLS that supports ECDHE - # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS - # only is guarenteed. - SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP - SSLHonorCipherOrder on - SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %> - SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %> -<% if scope['openstack_project::static::chain_file'] != '' %> - SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %> -<% end %> - > - Options Indexes FollowSymLinks MultiViews - AllowOverride None - AllowOverrideList Redirect RedirectMatch - Satisfy Any - Require all granted - - LogLevel warn - ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log - CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined - ServerSignature Off - - diff --git a/modules/openstack_project/templates/summit.vhost.erb b/modules/openstack_project/templates/summit.vhost.erb deleted file mode 100644 index 29963ac5e3..0000000000 --- a/modules/openstack_project/templates/summit.vhost.erb +++ /dev/null @@ -1,21 +0,0 @@ -# ************************************ -# Managed by Puppet -# ************************************ - -NameVirtualHost <%= @vhost_name %>:<%= @port %> -:<%= @port %>> - ServerName <%= @srvname %> -<% if @serveraliases.is_a? Array -%> -<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> -<% elsif ! ['', nil].include?(@serveraliases) -%> -<%= " ServerAlias #{@serveraliases}" %> -<% end -%> - - RewriteEngine On - RewriteRule ^/(.*) http://openstack.org/summit/$1 [last,redirect=permanent] - - ErrorLog /var/log/apache2/<%= @name %>_error.log - LogLevel warn - CustomLog /var/log/apache2/<%= @name %>_access.log combined - ServerSignature Off -