Remove static site puppet
Remove the puppet related to the static server Story: #2006598 Task: #36758 Change-Id: I744da83d811e715ff8049eacf3013cd4831e1c49
This commit is contained in:
parent
f55580fbf0
commit
dcc23be55b
@ -709,13 +709,6 @@ all:
|
|||||||
region_name: DFW
|
region_name: DFW
|
||||||
public_v4: 23.253.245.150
|
public_v4: 23.253.245.150
|
||||||
public_v6: 2001:4800:7818:101:be76:4eff:fe04:7c28
|
public_v6: 2001:4800:7818:101:be76:4eff:fe04:7c28
|
||||||
static.openstack.org:
|
|
||||||
ansible_host: 2001:4800:7817:104:be76:4eff:fe05:dbee
|
|
||||||
location:
|
|
||||||
cloud: openstackci-rax
|
|
||||||
region_name: DFW
|
|
||||||
public_v4: 23.253.108.137
|
|
||||||
public_v6: 2001:4800:7817:104:be76:4eff:fe05:dbee
|
|
||||||
status.openstack.org:
|
status.openstack.org:
|
||||||
ansible_host: 2001:4800:7818:103:be76:4eff:fe06:905
|
ansible_host: 2001:4800:7818:103:be76:4eff:fe06:905
|
||||||
location:
|
location:
|
||||||
|
@ -405,25 +405,6 @@ node /^storyboard-dev\d+\.opendev\.org$/ {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# A machine to serve static content.
|
|
||||||
# Node-OS: trusty
|
|
||||||
# Node-OS: xenial
|
|
||||||
node /^static\d*\.open.*\.org$/ {
|
|
||||||
class { 'openstack_project::server': }
|
|
||||||
class { 'openstack_project::static':
|
|
||||||
project_config_repo => 'https://opendev.org/openstack/project-config',
|
|
||||||
swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/',
|
|
||||||
swift_user => 'infra-files-ro',
|
|
||||||
swift_key => hiera('infra_files_ro_password'),
|
|
||||||
swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'),
|
|
||||||
swift_region_name => 'DFW',
|
|
||||||
swift_default_container => 'infra-files',
|
|
||||||
ssl_cert_file_contents => hiera('static_ssl_cert_file_contents'),
|
|
||||||
ssl_key_file_contents => hiera('static_ssl_key_file_contents'),
|
|
||||||
ssl_chain_file_contents => hiera('static_ssl_chain_file_contents'),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Node-OS: xenial
|
# Node-OS: xenial
|
||||||
node /^zk\d+\.open.*\.org$/ {
|
node /^zk\d+\.open.*\.org$/ {
|
||||||
# We use IP addresses here so that zk listens on the public facing addresses
|
# We use IP addresses here so that zk listens on the public facing addresses
|
||||||
|
@ -1,529 +0,0 @@
|
|||||||
# == Class: openstack_project::static
|
|
||||||
#
|
|
||||||
class openstack_project::static (
|
|
||||||
$swift_authurl = '',
|
|
||||||
$swift_user = '',
|
|
||||||
$swift_key = '',
|
|
||||||
$swift_tenant_name = '',
|
|
||||||
$swift_region_name = '',
|
|
||||||
$swift_default_container = '',
|
|
||||||
$project_config_repo = '',
|
|
||||||
$ssl_cert_file = '',
|
|
||||||
$ssl_cert_file_contents = '',
|
|
||||||
$ssl_key_file = '',
|
|
||||||
$ssl_key_file_contents = '',
|
|
||||||
$ssl_chain_file = '',
|
|
||||||
$ssl_chain_file_contents = '',
|
|
||||||
$jenkins_gitfullname = 'OpenStack Jenkins',
|
|
||||||
$jenkins_gitemail = 'jenkins@openstack.org',
|
|
||||||
) {
|
|
||||||
class { 'project_config':
|
|
||||||
url => $project_config_repo,
|
|
||||||
}
|
|
||||||
|
|
||||||
include openstack_project
|
|
||||||
class { 'jenkins::jenkinsuser':
|
|
||||||
ssh_key => $openstack_project::jenkins_ssh_key,
|
|
||||||
gitfullname => $jenkins_gitfullname,
|
|
||||||
gitemail => $jenkins_gitemail,
|
|
||||||
}
|
|
||||||
|
|
||||||
# This will try to index our millions of logs and docs by default
|
|
||||||
# and cause all sorts of IO and disk-usage issues.
|
|
||||||
package { 'mlocate':
|
|
||||||
ensure => absent,
|
|
||||||
}
|
|
||||||
|
|
||||||
include ::httpd
|
|
||||||
include ::httpd::mod::wsgi
|
|
||||||
|
|
||||||
if ! defined(Httpd::Mod['rewrite']) {
|
|
||||||
httpd::mod { 'rewrite':
|
|
||||||
ensure => present,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! defined(Httpd::Mod['proxy']) {
|
|
||||||
httpd::mod { 'proxy':
|
|
||||||
ensure => present,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! defined(Httpd::Mod['proxy_http']) {
|
|
||||||
httpd::mod { 'proxy_http':
|
|
||||||
ensure => present,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! defined(Httpd::Mod['alias']) {
|
|
||||||
httpd::mod { 'alias': ensure => present }
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! defined(Httpd::Mod['headers']) {
|
|
||||||
httpd::mod { 'headers': ensure => present }
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! defined(File['/srv/static']) {
|
|
||||||
file { '/srv/static':
|
|
||||||
ensure => directory,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/ssl/certs':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0755',
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/ssl/private':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0700',
|
|
||||||
}
|
|
||||||
|
|
||||||
# To use the standard ssl-certs package snakeoil certificate, leave both
|
|
||||||
# $ssl_cert_file and $ssl_cert_file_contents empty. To use an existing
|
|
||||||
# certificate, specify its path for $ssl_cert_file and leave
|
|
||||||
# $ssl_cert_file_contents empty. To manage the certificate with puppet,
|
|
||||||
# provide $ssl_cert_file_contents and optionally specify the path to use for
|
|
||||||
# it in $ssl_cert_file.
|
|
||||||
if ($ssl_cert_file == '') and ($ssl_cert_file_contents == '') {
|
|
||||||
$cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
|
|
||||||
} else {
|
|
||||||
if $ssl_cert_file == '' {
|
|
||||||
$cert_file = "/etc/ssl/certs/${::fqdn}.pem"
|
|
||||||
} else {
|
|
||||||
$cert_file = $ssl_cert_file
|
|
||||||
}
|
|
||||||
if $ssl_cert_file_contents != '' {
|
|
||||||
file { $cert_file:
|
|
||||||
ensure => present,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0644',
|
|
||||||
content => $ssl_cert_file_contents,
|
|
||||||
require => File['/etc/ssl/certs'],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# To use the standard ssl-certs package snakeoil key, leave both
|
|
||||||
# $ssl_key_file and $ssl_key_file_contents empty. To use an existing key,
|
|
||||||
# specify its path for $ssl_key_file and leave $ssl_key_file_contents empty.
|
|
||||||
# To manage the key with puppet, provide $ssl_key_file_contents and
|
|
||||||
# optionally specify the path to use for it in $ssl_key_file.
|
|
||||||
if ($ssl_key_file == '') and ($ssl_key_file_contents == '') {
|
|
||||||
$key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
|
|
||||||
} else {
|
|
||||||
if $ssl_key_file == '' {
|
|
||||||
$key_file = "/etc/ssl/private/${::fqdn}.key"
|
|
||||||
} else {
|
|
||||||
$key_file = $ssl_key_file
|
|
||||||
}
|
|
||||||
if $ssl_key_file_contents != '' {
|
|
||||||
file { $key_file:
|
|
||||||
ensure => present,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0600',
|
|
||||||
content => $ssl_key_file_contents,
|
|
||||||
require => File['/etc/ssl/private'],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# To avoid using an intermediate certificate chain, leave both
|
|
||||||
# $ssl_chain_file and $ssl_chain_file_contents empty. To use an existing
|
|
||||||
# chain, specify its path for $ssl_chain_file and leave
|
|
||||||
# $ssl_chain_file_contents empty. To manage the chain with puppet, provide
|
|
||||||
# $ssl_chain_file_contents and optionally specify the path to use for it in
|
|
||||||
# $ssl_chain_file.
|
|
||||||
if ($ssl_chain_file == '') and ($ssl_chain_file_contents == '') {
|
|
||||||
$chain_file = ''
|
|
||||||
} else {
|
|
||||||
if $ssl_chain_file == '' {
|
|
||||||
$chain_file = "/etc/ssl/certs/${::fqdn}_intermediate.pem"
|
|
||||||
} else {
|
|
||||||
$chain_file = $ssl_chain_file
|
|
||||||
}
|
|
||||||
if $ssl_chain_file_contents != '' {
|
|
||||||
file { $chain_file:
|
|
||||||
ensure => present,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0644',
|
|
||||||
content => $ssl_chain_file_contents,
|
|
||||||
require => File['/etc/ssl/certs'],
|
|
||||||
before => File[$cert_file],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Tarballs
|
|
||||||
|
|
||||||
::httpd::vhost { 'tarballs.openstack.org':
|
|
||||||
port => 443, # Is required despite not being used.
|
|
||||||
docroot => '/srv/static/tarballs',
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
template => 'openstack_project/static-http-and-https.vhost.erb',
|
|
||||||
vhost_name => 'tarballs.openstack.org',
|
|
||||||
require => [
|
|
||||||
File['/srv/static/tarballs'],
|
|
||||||
File[$cert_file],
|
|
||||||
File[$key_file],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/srv/static/tarballs':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'jenkins',
|
|
||||||
group => 'jenkins',
|
|
||||||
require => User['jenkins'],
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# legacy ci.openstack.org site redirect
|
|
||||||
|
|
||||||
::httpd::vhost { 'ci.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/ci.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Logs
|
|
||||||
class { 'openstackci::logserver':
|
|
||||||
jenkins_ssh_key => $openstack_project::jenkins_ssh_key,
|
|
||||||
domain => 'openstack.org',
|
|
||||||
ara_middleware => true,
|
|
||||||
wsgi_processes => 16,
|
|
||||||
swift_authurl => $swift_authurl,
|
|
||||||
swift_user => $swift_user,
|
|
||||||
swift_key => $swift_key,
|
|
||||||
swift_tenant_name => $swift_tenant_name,
|
|
||||||
swift_region_name => $swift_region_name,
|
|
||||||
swift_default_container => $swift_default_container,
|
|
||||||
readmes => {
|
|
||||||
'/*/*/*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html',
|
|
||||||
'/periodic*/*/*-tempest-dsvm*/*' => '/help/tempest-overview.html',
|
|
||||||
'/*/*/*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html',
|
|
||||||
'/periodic*/*/*-tempest-dsvm*/*/logs/' => '/help/tempest-logs.html',
|
|
||||||
'/*/*/*/*/*tripleo-ci-*/*/logs/' => '/help/tripleo-quickstart-logs.html'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { "logs.opendev.org":
|
|
||||||
port => 443,
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
docroot => '/srv/static/logs',
|
|
||||||
require => File['/srv/static/logs'],
|
|
||||||
vhost_name => 'logs.opendev.org',
|
|
||||||
template => 'openstack_project/logs.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
vcsrepo { '/opt/devstack-gate':
|
|
||||||
ensure => latest,
|
|
||||||
provider => git,
|
|
||||||
revision => 'master',
|
|
||||||
source => 'https://opendev.org/openstack/devstack-gate',
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/srv/static/logs/help':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0755',
|
|
||||||
require => File['/srv/static/logs'],
|
|
||||||
}
|
|
||||||
file { '/srv/static/logs/help/tempest-logs.html':
|
|
||||||
ensure => present,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0444',
|
|
||||||
source => 'file:///opt/devstack-gate/help/tempest-logs.html',
|
|
||||||
require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']],
|
|
||||||
}
|
|
||||||
file { '/srv/static/logs/help/tempest-overview.html':
|
|
||||||
ensure => present,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0444',
|
|
||||||
source => 'file:///opt/devstack-gate/help/tempest-overview.html',
|
|
||||||
require => [File['/srv/static/logs/help'], Vcsrepo['/opt/devstack-gate']],
|
|
||||||
}
|
|
||||||
|
|
||||||
vcsrepo { '/opt/tripleo-ci':
|
|
||||||
ensure => latest,
|
|
||||||
provider => git,
|
|
||||||
revision => 'master',
|
|
||||||
source => 'https://opendev.org/openstack/tripleo-ci',
|
|
||||||
}
|
|
||||||
file { '/srv/static/logs/help/tripleo-quickstart-logs.html':
|
|
||||||
ensure => present,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0444',
|
|
||||||
source => 'file:///opt/tripleo-ci/docs/tripleo-quickstart-logs.html',
|
|
||||||
require => [File['/srv/static/logs/help'], Vcsrepo['/opt/tripleo-ci']],
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Security
|
|
||||||
|
|
||||||
::httpd::vhost { 'security.openstack.org':
|
|
||||||
port => 443, # Is required despite not being used.
|
|
||||||
docroot => '/srv/static/security',
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
template => 'openstack_project/static-https-redirect.vhost.erb',
|
|
||||||
vhost_name => 'security.openstack.org',
|
|
||||||
require => [
|
|
||||||
File['/srv/static/security'],
|
|
||||||
File[$cert_file],
|
|
||||||
File[$key_file],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/srv/static/security':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'jenkins',
|
|
||||||
group => 'jenkins',
|
|
||||||
require => User['jenkins'],
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Governance (TC and UC) & Election
|
|
||||||
|
|
||||||
# Extra aliases and directories needed for vhost template:
|
|
||||||
$governance_aliases = {
|
|
||||||
'/election/' => '/srv/static/election/',
|
|
||||||
'/sigs/' => '/srv/static/sigs/',
|
|
||||||
'/tc/' => '/srv/static/tc/',
|
|
||||||
'/uc/' => '/srv/static/uc/',
|
|
||||||
}
|
|
||||||
# Extra redirects needed for vhost template:
|
|
||||||
$governance_redirects = {
|
|
||||||
'/badges/' => '/tc/badges/',
|
|
||||||
'/goals/' => '/tc/goals/',
|
|
||||||
'/reference/' => '/tc/reference/',
|
|
||||||
'/resolutions/' => '/tc/resolutions/',
|
|
||||||
}
|
|
||||||
# One of these must also be the docroot
|
|
||||||
$governance_directories = [
|
|
||||||
'/srv/static/election',
|
|
||||||
'/srv/static/governance',
|
|
||||||
'/srv/static/sigs',
|
|
||||||
'/srv/static/tc',
|
|
||||||
'/srv/static/uc',
|
|
||||||
]
|
|
||||||
|
|
||||||
::httpd::vhost { 'governance.openstack.org':
|
|
||||||
port => 443, # Is required despite not being used.
|
|
||||||
docroot => '/srv/static/governance',
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
template => 'openstack_project/static-governance.vhost.erb',
|
|
||||||
vhost_name => 'governance.openstack.org',
|
|
||||||
require => [
|
|
||||||
File[$governance_directories],
|
|
||||||
File[$cert_file],
|
|
||||||
File[$key_file],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { $governance_directories:
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'jenkins',
|
|
||||||
group => 'jenkins',
|
|
||||||
require => User['jenkins'],
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Specs
|
|
||||||
|
|
||||||
::httpd::vhost { 'specs.openstack.org':
|
|
||||||
port => 443, # Is required despite not being used.
|
|
||||||
docroot => '/srv/static/specs',
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
template => 'openstack_project/static-http-and-https.vhost.erb',
|
|
||||||
vhost_name => 'specs.openstack.org',
|
|
||||||
require => [
|
|
||||||
File['/srv/static/specs'],
|
|
||||||
File[$cert_file],
|
|
||||||
File[$key_file],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/srv/static/specs':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'jenkins',
|
|
||||||
group => 'jenkins',
|
|
||||||
require => User['jenkins'],
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# legacy summit.openstack.org site redirect
|
|
||||||
|
|
||||||
::httpd::vhost { 'summit.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/summit.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# legacy site redirects
|
|
||||||
|
|
||||||
::httpd::vhost { 'devstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
serveraliases => ['*.devstack.org'],
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { 'cinder.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { 'glance.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { 'horizon.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { 'keystone.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { 'nova.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { 'qa.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
::httpd::vhost { 'swift.openstack.org':
|
|
||||||
port => 80,
|
|
||||||
priority => '50',
|
|
||||||
docroot => 'MEANINGLESS_ARGUMENT',
|
|
||||||
template => 'openstack_project/legacy.vhost.erb',
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Trystack
|
|
||||||
|
|
||||||
::httpd::vhost { 'trystack.openstack.org':
|
|
||||||
port => 443, # Is required despite not being used.
|
|
||||||
docroot => '/opt/trystack',
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
template => 'openstack_project/static-http-and-https.vhost.erb',
|
|
||||||
vhost_name => 'trystack.openstack.org',
|
|
||||||
serveraliases => ['trystack.org', 'www.trystack.org'],
|
|
||||||
require => [
|
|
||||||
Vcsrepo['/opt/trystack'],
|
|
||||||
File[$cert_file],
|
|
||||||
File[$key_file],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
vcsrepo { '/opt/trystack':
|
|
||||||
ensure => latest,
|
|
||||||
provider => git,
|
|
||||||
revision => 'master',
|
|
||||||
source => 'https://opendev.org/x/trystack-site',
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Releases
|
|
||||||
|
|
||||||
::httpd::vhost { 'releases.openstack.org':
|
|
||||||
port => 443, # Is required despite not being used.
|
|
||||||
docroot => '/srv/static/releases',
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
template => 'openstack_project/static-https-redirect.vhost.erb',
|
|
||||||
vhost_name => 'releases.openstack.org',
|
|
||||||
require => [
|
|
||||||
File['/srv/static/releases'],
|
|
||||||
File[$cert_file],
|
|
||||||
File[$key_file],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/srv/static/releases':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'jenkins',
|
|
||||||
group => 'jenkins',
|
|
||||||
require => User['jenkins'],
|
|
||||||
}
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# service-types.openstack.org
|
|
||||||
|
|
||||||
::httpd::vhost { 'service-types.openstack.org':
|
|
||||||
port => 443, # Is required despite not being used.
|
|
||||||
docroot => '/srv/static/service-types',
|
|
||||||
priority => '50',
|
|
||||||
ssl => true,
|
|
||||||
template => 'openstack_project/static-https-redirect.vhost.erb',
|
|
||||||
vhost_name => 'service-types.openstack.org',
|
|
||||||
require => [
|
|
||||||
File['/srv/static/service-types'],
|
|
||||||
File[$cert_file],
|
|
||||||
File[$key_file],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/srv/static/service-types':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'jenkins',
|
|
||||||
group => 'jenkins',
|
|
||||||
require => User['jenkins'],
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Until Apache 2.4.24 the event MPM has some issues scalability
|
|
||||||
# bottlenecks that were seen to drop connections, especially on
|
|
||||||
# larger files; see
|
|
||||||
# https://httpd.apache.org/docs/2.4/mod/event.html
|
|
||||||
#
|
|
||||||
# The main advantage of event MPM is for keep-alive requests which
|
|
||||||
# are not really a big issue on this static file server. Therefore
|
|
||||||
# we switch to the threaded worker MPM as a workaround. This can be
|
|
||||||
# reconsidered when the apache version running is sufficient to
|
|
||||||
# avoid these problems.
|
|
||||||
|
|
||||||
httpd::mod { 'mpm_event': ensure => 'absent' }
|
|
||||||
httpd::mod { 'mpm_worker': ensure => 'present' }
|
|
||||||
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
# ************************************
|
|
||||||
# Managed by Puppet
|
|
||||||
# ************************************
|
|
||||||
|
|
||||||
NameVirtualHost <%= @vhost_name %>:<%= @port %>
|
|
||||||
<VirtualHost <%= @vhost_name %>:<%= @port %>>
|
|
||||||
ServerName <%= @srvname %>
|
|
||||||
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteRule ^/jenkins-job-builder(/.*|$) https://docs.openstack.org/infra/jenkins-job-builder$1 [last,redirect=permanent]
|
|
||||||
RewriteRule ^/nodepool(/.*|$) https://docs.openstack.org/infra/nodepool$1 [last,redirect=permanent]
|
|
||||||
RewriteRule ^/openstackid(/.*|$) https://docs.openstack.org/infra/openstackid$1 [last,redirect=permanent]
|
|
||||||
RewriteRule ^/shade(/.*|$) https://docs.openstack.org/infra/shade$1 [last,redirect=permanent]
|
|
||||||
RewriteRule ^/storyboard(/.*|$) https://docs.openstack.org/infra/storyboard$1 [last,redirect=permanent]
|
|
||||||
RewriteRule ^/zuul(/.*|$) https://docs.openstack.org/infra/zuul$1 [last,redirect=permanent]
|
|
||||||
RewriteRule ^/(.*) https://docs.openstack.org/infra/system-config/$1 [last,redirect=permanent]
|
|
||||||
|
|
||||||
ErrorLog /var/log/apache2/<%= @name %>_error.log
|
|
||||||
LogLevel warn
|
|
||||||
CustomLog /var/log/apache2/<%= @name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
@ -1,193 +0,0 @@
|
|||||||
# -*- apache -*-
|
|
||||||
# ************************************
|
|
||||||
# Managed by Puppet
|
|
||||||
# ************************************
|
|
||||||
|
|
||||||
NameVirtualHost <%= @vhost_name %>:80
|
|
||||||
NameVirtualHost <%= @vhost_name %>:443
|
|
||||||
|
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
<% if @serveraliases.is_a? Array -%>
|
|
||||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
||||||
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
|
||||||
<%= " ServerAlias #{@serveraliases}" %>
|
|
||||||
<% end -%>
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteRule ^/(.*)$ https://<%= @vhost_name %>/$1 [L,R=301]
|
|
||||||
DocumentRoot <%= @docroot %>
|
|
||||||
<Directory <%= @docroot %>>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverride None
|
|
||||||
AllowOverrideList Redirect RedirectMatch
|
|
||||||
Satisfy Any
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
<VirtualHost *:443>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
<% if @serveraliases.is_a? Array -%>
|
|
||||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
||||||
<% elsif ! ['', nil, :undef].include?(@serveraliases) -%>
|
|
||||||
<%= " ServerAlias #{@serveraliases}" %>
|
|
||||||
<% end -%>
|
|
||||||
|
|
||||||
SSLEngine on
|
|
||||||
SSLProtocol All -SSLv2 -SSLv3
|
|
||||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
||||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
||||||
# only is guarenteed.
|
|
||||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
||||||
SSLHonorCipherOrder on
|
|
||||||
SSLCertificateFile /etc/letsencrypt-certs/logs.opendev.org/logs.opendev.org.cer
|
|
||||||
SSLCertificateKeyFile /etc/letsencrypt-certs/logs.opendev.org/logs.opendev.org.key
|
|
||||||
SSLCertificateChainFile /etc/letsencrypt-certs/logs.opendev.org/ca.cer
|
|
||||||
|
|
||||||
DocumentRoot <%= @docroot %>
|
|
||||||
|
|
||||||
# Authorize cross request, e.g. fetch job-output from the zuul builds page
|
|
||||||
Header set Access-Control-Allow-Origin "*"
|
|
||||||
|
|
||||||
WSGIDaemonProcess logs2 user=www-data group=www-data processes=16 threads=1
|
|
||||||
WSGIProcessGroup logs2
|
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
|
||||||
|
|
||||||
AddType text/plain .log
|
|
||||||
AddType text/plain .sh
|
|
||||||
AddType text/plain .yaml
|
|
||||||
AddType text/plain .yml
|
|
||||||
|
|
||||||
# use Apache to compress the results afterwards, to save on the wire
|
|
||||||
# it's approx 18x savings of wire traffic to compress. We need to
|
|
||||||
# compress by content types that htmlify can produce
|
|
||||||
AddOutputFilterByType DEFLATE text/plain text/html application/x-font-ttf image/svg+xml
|
|
||||||
|
|
||||||
<FilesMatch \.html\.gz$>
|
|
||||||
ForceType text/html
|
|
||||||
AddDefaultCharset UTF-8
|
|
||||||
AddEncoding x-gzip gz
|
|
||||||
</FilesMatch>
|
|
||||||
<FilesMatch \.css\.gz$>
|
|
||||||
ForceType text/css
|
|
||||||
AddDefaultCharset UTF-8
|
|
||||||
AddEncoding x-gzip gz
|
|
||||||
</FilesMatch>
|
|
||||||
<FilesMatch \.js\.gz$>
|
|
||||||
ForceType text/javascript
|
|
||||||
AddDefaultCharset UTF-8
|
|
||||||
AddEncoding x-gzip gz
|
|
||||||
</FilesMatch>
|
|
||||||
<FilesMatch \.ttf\.gz$>
|
|
||||||
ForceType application/x-font-ttf
|
|
||||||
AddEncoding x-gzip gz
|
|
||||||
</FilesMatch>
|
|
||||||
<FilesMatch \.svg\.gz$>
|
|
||||||
ForceType image/svg+xml
|
|
||||||
AddEncoding x-gzip gz
|
|
||||||
</FilesMatch>
|
|
||||||
<FilesMatch \.json\.gz$>
|
|
||||||
ForceType application/json
|
|
||||||
AddEncoding x-gzip gz
|
|
||||||
</FilesMatch>
|
|
||||||
<FilesMatch \.css$>
|
|
||||||
# mod_mime_magic is sometimes passing css files as asm sources
|
|
||||||
# e.g css files generated by coverage reports
|
|
||||||
ForceType text/css
|
|
||||||
</FilesMatch>
|
|
||||||
<Directory <%= @docroot %>>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverride None
|
|
||||||
Order allow,deny
|
|
||||||
allow from all
|
|
||||||
Satisfy Any
|
|
||||||
ExpiresActive On
|
|
||||||
# Data in the logs server is static once generated by a job
|
|
||||||
ExpiresDefault "access plus 2 weeks"
|
|
||||||
</Directory>
|
|
||||||
<Directory /usr/local/lib/python2.7/dist-packages/os_loganalyze>
|
|
||||||
Allow from all
|
|
||||||
Satisfy Any
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
<Directory /srv/static/logs/*/*/*/*/*-tempest-dsvm*/*>
|
|
||||||
ReadmeName /help/tempest-overview.html
|
|
||||||
</Directory>
|
|
||||||
<Directory /srv/static/logs/periodic*/*/*-tempest-dsvm*/*>
|
|
||||||
ReadmeName /help/tempest-overview.html
|
|
||||||
</Directory>
|
|
||||||
<Directory /srv/static/logs/*/*/*/*/*-tempest-dsvm*/*/logs/>
|
|
||||||
ReadmeName /help/tempest-logs.html
|
|
||||||
</Directory>
|
|
||||||
<Directory /srv/static/logs/periodic*/*/*-tempest-dsvm*/*/logs/>
|
|
||||||
ReadmeName /help/tempest-logs.html
|
|
||||||
</Directory>
|
|
||||||
<Directory /srv/static/logs/*/*/*/*/*tripleo-ci-*/*/logs/>
|
|
||||||
ReadmeName /help/tripleo-quickstart-logs.html
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
<Directory <%= @docroot %>/periodic*/*>
|
|
||||||
IndexOrderDefault Descending Date
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
RewriteEngine On
|
|
||||||
<Directory "/usr/local/bin">
|
|
||||||
<Files "ara-wsgi-sqlite">
|
|
||||||
Allow from all
|
|
||||||
Satisfy Any
|
|
||||||
</Files>
|
|
||||||
</Directory>
|
|
||||||
# ARA sqlite middleware configuration
|
|
||||||
# See docs for details: https://ara.readthedocs.io/en/latest/advanced.html
|
|
||||||
SetEnv ARA_WSGI_TMPDIR_MAX_AGE 3600
|
|
||||||
SetEnv ARA_WSGI_LOG_ROOT /srv/static/logs
|
|
||||||
SetEnv ARA_WSGI_DATABASE_DIRECTORY ara-report
|
|
||||||
|
|
||||||
# Redirect .*/ara-report to the ARA sqlite wsgi middleware
|
|
||||||
# This middleware automatically loads the ARA web application with the
|
|
||||||
# database located at .*/ara-report/ansible.sqlite.
|
|
||||||
# If we get a request directly to the database file, don't load the middleware
|
|
||||||
# so that users can download the raw database if they wish.
|
|
||||||
WSGIScriptAliasMatch ^.*/ara-report(?!/ansible.sqlite) /usr/local/bin/ara-wsgi-sqlite
|
|
||||||
|
|
||||||
# Everything beyond this point is rewritten to htmlify.
|
|
||||||
# Make sure we don't do that for dynamic ARA reports.
|
|
||||||
RewriteCond %{REQUEST_URI} ^.*/ara-report [NC]
|
|
||||||
RewriteRule .* - [L]
|
|
||||||
|
|
||||||
# If the specified file does not exist, look if there is a gzipped version
|
|
||||||
# If there is, serve that one instead
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME}.gz -f
|
|
||||||
RewriteRule ^/(.*)$ %{REQUEST_URI}.gz
|
|
||||||
|
|
||||||
# rewrite (txt|log).gz & console.html[.gz] files to map to our
|
|
||||||
# internal htmlify wsgi app
|
|
||||||
# PT, Pass-through: to come back around and get picked up by the
|
|
||||||
# WSGIScriptAlias
|
|
||||||
# NS, No-subrequest: on coming back through, mod-autoindex may have added
|
|
||||||
# index.html which would match the !-f condition. We
|
|
||||||
# therefore ensure the rewrite doesn't trigger by
|
|
||||||
# disallowing subrequests.
|
|
||||||
RewriteRule ^/(.*\.(txt|log)\.gz)$ /htmlify/$1 [QSA,L,PT,NS]
|
|
||||||
RewriteRule ^/(.*console\.html(\.gz)?)$ /htmlify/$1 [QSA,L,PT,NS]
|
|
||||||
|
|
||||||
# Check if the request exists as a file, directory or symbolic link
|
|
||||||
# If not, write the request to htmlify to see if we can fetch from swift
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-l
|
|
||||||
RewriteCond %{REQUEST_FILENAME} !^/icon
|
|
||||||
RewriteRule ^/(.*)$ /htmlify/$1 [QSA,L,PT,NS]
|
|
||||||
|
|
||||||
WSGIScriptAlias /htmlify /usr/local/lib/python2.7/dist-packages/os_loganalyze/wsgi.py
|
|
||||||
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_ssl_error.log
|
|
||||||
LogLevel warn
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_ssl_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
@ -1,68 +0,0 @@
|
|||||||
# ************************************
|
|
||||||
# Managed by Puppet
|
|
||||||
# ************************************
|
|
||||||
|
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
<% if @serveraliases.is_a? Array -%>
|
|
||||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
||||||
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
|
||||||
<%= " ServerAlias #{@serveraliases}" %>
|
|
||||||
<% end -%>
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
|
||||||
<VirtualHost *:443>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
DocumentRoot <%= @docroot %>
|
|
||||||
SSLEngine on
|
|
||||||
SSLProtocol All -SSLv2 -SSLv3
|
|
||||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
||||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
||||||
# only is guarenteed.
|
|
||||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
||||||
SSLHonorCipherOrder on
|
|
||||||
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
||||||
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
||||||
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
||||||
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
||||||
<% end %>
|
|
||||||
# Alias other folders
|
|
||||||
<% scope.lookupvar('openstack_project::static::governance_aliases').each do |a, d| -%>
|
|
||||||
Alias "<%= a %>" "<%= d %>"
|
|
||||||
<% end -%>
|
|
||||||
# Set up redirects
|
|
||||||
<% scope.lookupvar('openstack_project::static::governance_redirects').each do |a, d| -%>
|
|
||||||
Redirect "<%= a %>" "<%= d %>"
|
|
||||||
<% end -%>
|
|
||||||
<% scope.lookupvar('openstack_project::static::governance_directories').each do |dirname| -%>
|
|
||||||
<Directory <%= dirname %>>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverrideList Redirect RedirectMatch
|
|
||||||
Satisfy Any
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
<% end -%>
|
|
||||||
<Directory /srv/static/governance/badges>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverride None
|
|
||||||
Satisfy Any
|
|
||||||
Require all granted
|
|
||||||
<IfModule mod_headers.c>
|
|
||||||
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
|
|
||||||
Header set Pragma "no-cache"
|
|
||||||
</IfModule>
|
|
||||||
ErrorDocument 404 /badges/project-unofficial.svg
|
|
||||||
</Directory>
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
</IfModule>
|
|
@ -1,58 +0,0 @@
|
|||||||
# ************************************
|
|
||||||
# Managed by Puppet
|
|
||||||
# ************************************
|
|
||||||
|
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
<% if @serveraliases.is_a? Array -%>
|
|
||||||
# Permanently redirect these ServerAlias entries to ServerName
|
|
||||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
||||||
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
|
||||||
<%= " ServerAlias #{@serveraliases}" %>
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteCond %{HTTP_HOST} !<%= @vhost_name %>$ [NC]
|
|
||||||
RewriteRule ^/(.*)$ http://<%= @vhost_name %>/$1 [L,R=301]
|
|
||||||
<% end -%>
|
|
||||||
DocumentRoot <%= @docroot %>
|
|
||||||
<Directory <%= @docroot %>>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverride None
|
|
||||||
AllowOverrideList Redirect RedirectMatch
|
|
||||||
Satisfy Any
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
|
||||||
<VirtualHost *:443>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
DocumentRoot <%= @docroot %>
|
|
||||||
SSLEngine on
|
|
||||||
SSLProtocol All -SSLv2 -SSLv3
|
|
||||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
||||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
||||||
# only is guarenteed.
|
|
||||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
||||||
SSLHonorCipherOrder on
|
|
||||||
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
||||||
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
||||||
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
||||||
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
||||||
<% end %>
|
|
||||||
<Directory <%= @docroot %>>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverride None
|
|
||||||
AllowOverrideList Redirect RedirectMatch
|
|
||||||
Satisfy Any
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
</IfModule>
|
|
@ -1,48 +0,0 @@
|
|||||||
# ************************************
|
|
||||||
# Managed by Puppet
|
|
||||||
# ************************************
|
|
||||||
|
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
<% if @serveraliases.is_a? Array -%>
|
|
||||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
||||||
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
|
||||||
<%= " ServerAlias #{@serveraliases}" %>
|
|
||||||
<% end -%>
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
|
||||||
<VirtualHost *:443>
|
|
||||||
ServerName <%= @vhost_name %>
|
|
||||||
DocumentRoot <%= @docroot %>
|
|
||||||
SSLEngine on
|
|
||||||
SSLProtocol All -SSLv2 -SSLv3
|
|
||||||
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
||||||
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
||||||
# only is guarenteed.
|
|
||||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
||||||
SSLHonorCipherOrder on
|
|
||||||
SSLCertificateFile <%= scope['openstack_project::static::cert_file'] %>
|
|
||||||
SSLCertificateKeyFile <%= scope['openstack_project::static::key_file'] %>
|
|
||||||
<% if scope['openstack_project::static::chain_file'] != '' %>
|
|
||||||
SSLCertificateChainFile <%= scope['openstack_project::static::chain_file'] %>
|
|
||||||
<% end %>
|
|
||||||
<Directory <%= @docroot %>>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverride None
|
|
||||||
AllowOverrideList Redirect RedirectMatch
|
|
||||||
Satisfy Any
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
|
|
||||||
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
</IfModule>
|
|
@ -1,21 +0,0 @@
|
|||||||
# ************************************
|
|
||||||
# Managed by Puppet
|
|
||||||
# ************************************
|
|
||||||
|
|
||||||
NameVirtualHost <%= @vhost_name %>:<%= @port %>
|
|
||||||
<VirtualHost <%= @vhost_name %>:<%= @port %>>
|
|
||||||
ServerName <%= @srvname %>
|
|
||||||
<% if @serveraliases.is_a? Array -%>
|
|
||||||
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
|
|
||||||
<% elsif ! ['', nil].include?(@serveraliases) -%>
|
|
||||||
<%= " ServerAlias #{@serveraliases}" %>
|
|
||||||
<% end -%>
|
|
||||||
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteRule ^/(.*) http://openstack.org/summit/$1 [last,redirect=permanent]
|
|
||||||
|
|
||||||
ErrorLog /var/log/apache2/<%= @name %>_error.log
|
|
||||||
LogLevel warn
|
|
||||||
CustomLog /var/log/apache2/<%= @name %>_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
Loading…
Reference in New Issue
Block a user