7a0ab6c94e
This will provision LE certs for openstackid.org. If we are happy with the results then the child change can be merged to to swap apache over to using the new cert. Change-Id: Icc9fdd8a39630323916d1f33d9867f93fc6f2b85
255 lines
6.8 KiB
YAML
255 lines
6.8 KiB
YAML
plugin: yamlgroup
|
|
groups:
|
|
adns: adns*.open*.org
|
|
afs-server-common:
|
|
- afs[0-9]*.openstack.org
|
|
- afsdb[0-9]*.openstack.org
|
|
afs-file-server:
|
|
- afs[0-9]*.openstack.org
|
|
afs-db-server:
|
|
- afsdb[0-9]*.openstack.org
|
|
afs-client:
|
|
- mirror[0-9]*.opendev.org
|
|
- mirror-update[0-9]*.opendev.org
|
|
- ze[0-9]*.open*.org
|
|
- afsdb*.open*.org
|
|
- afs[0-9]*.open*.org
|
|
- static[0-9]*.opendev.org
|
|
ask: ask*.open*.org
|
|
borg-backup:
|
|
- etherpad[0-9]*.opendev.org
|
|
- gitea01.opendev.org
|
|
- review[0-9]*.openstack.org
|
|
- zuul[0-9]*.opendev.org
|
|
- refstack01.openstack.org
|
|
- kdc03.openstack.org
|
|
# All these servers are "special-cased" in specifically
|
|
# as they are puppet and should be replaced "soon"
|
|
- ethercalc02.openstack.org
|
|
- ask01.openstack.org
|
|
- lists.openstack.org
|
|
- storyboard01.opendev.org
|
|
- translate01.openstack.org
|
|
borg-backup-server:
|
|
- backup02.ca-ymq-1.vexxhost.opendev.org
|
|
- backup01.ord.rax.opendev.org
|
|
cacti: cacti[0-9]*.open*.org
|
|
certcheck:
|
|
- cacti[0-9]*.open*.org
|
|
cloud-launcher:
|
|
- bridge.openstack.org
|
|
codesearch:
|
|
- codesearch[0-9]*.opendev.org
|
|
control-plane-clouds:
|
|
- bridge.openstack.org
|
|
disabled:
|
|
- corvustest
|
|
- idp.openstackid.org
|
|
- lists-dev01.openstack.org
|
|
- wiki-dev01.openstack.org
|
|
- wiki-upgrade-test.openstack.org
|
|
dns:
|
|
- adns*.opendev.org
|
|
- ns*.opendev.org
|
|
eavesdrop: eavesdrop[0-9]*.open*.org
|
|
elasticsearch: elasticsearch[0-9]*.open*.org
|
|
ethercalc: ethercalc*.open*.org
|
|
etherpad: etherpad[0-9]*.open*.org
|
|
gerrit:
|
|
- review[0-9]*.open*.org
|
|
gitea:
|
|
- gitea[0-9]*.opendev.org
|
|
gitea-lb:
|
|
- gitea-lb[0-9]*.opendev.org
|
|
grafana:
|
|
- grafana[0-9]*.opendev.org
|
|
graphite:
|
|
- graphite*.opendev.org
|
|
health:
|
|
- health[0-9]*.openstack.org
|
|
jvb:
|
|
- jvb[0-9]*.opendev.org
|
|
kerberos-client:
|
|
- afs[0-9]*.open*.org
|
|
- afsdb*.open*.org
|
|
- kdc[0-9]*.openstack.org
|
|
- mirror[0-9]*.opendev.org
|
|
- mirror-update[0-9]*.opendev.org
|
|
- static[0-9]*.opendev.org
|
|
- ze[0-9]*.open*.org
|
|
kerberos-kdc:
|
|
- kdc03.openstack.org
|
|
- kdc04.openstack.org
|
|
kerberos-kdc-primary:
|
|
- kdc03.openstack.org
|
|
kerberos-kdc-replica:
|
|
- kdc04.openstack.org
|
|
letsencrypt:
|
|
- codesearch[0-9]*.opendev.org
|
|
- etherpad[0-9]*.opendev.org
|
|
- ethercalc[0-9]*.open*.org
|
|
- gitea[0-9]*.opendev.org
|
|
- graphite[0-9]*.opendev.org
|
|
- grafana[0-9]*.opendev.org
|
|
- insecure-ci-registry[0-9]*.opendev.org
|
|
- meetpad[0-9]*.opendev.org
|
|
- mirror[0-9]*.opendev.org
|
|
- nb[0-9]*.opendev.org
|
|
- openstackid[0-9]*.openstack.org
|
|
- review[0-9]*.open*.org
|
|
- review-test.opendev.org
|
|
- static[0-9]*.opendev.org
|
|
- storyboard[0-9]*.opendev.org
|
|
- translate[0-9]*.open*.org
|
|
- zuul[0-9]*.opendev.org
|
|
- refstack[0-9]*.openstack.org
|
|
logstash:
|
|
- logstash[0-9]*.open*.org
|
|
logstash-worker:
|
|
- logstash-worker[0-9]*.open*.org
|
|
mailman:
|
|
- lists*.katacontainers.io
|
|
- lists*.open*.org
|
|
meetpad:
|
|
- meetpad[0-9]*.opendev.org
|
|
mirror:
|
|
- mirror[0-9]*.opendev.org
|
|
mirror-update:
|
|
- mirror-update[0-9]*.opendev.org
|
|
nodepool:
|
|
- nb[0-9]*.opendev.org
|
|
- nl[0-9]*.open*.org
|
|
nodepool-builder:
|
|
- nb[0-9]*.opendev.org
|
|
nodepool-launcher:
|
|
- nl[0-9]*.open*.org
|
|
ns:
|
|
- ns[0-9]*.open*.org
|
|
openstackid-dev:
|
|
- openstackid-dev*.openstack.org
|
|
openstackid:
|
|
- openstackid.org
|
|
- openstackid[0-9]*.openstack.org
|
|
paste:
|
|
- paste[0-9]*.open*.org
|
|
pbx:
|
|
- pbx[0-9]*.opendev.org
|
|
puppet:
|
|
- ask*.open*.org
|
|
- cacti[0-9]*.open*.org
|
|
- corvustest
|
|
- eavesdrop[0-9]*.open*.org
|
|
- elasticsearch[0-9]*.open*.org
|
|
- ethercalc[0-9]*.open*.org
|
|
- health[0-9]*.openstack.org
|
|
- logstash-worker[0-9]*.open*.org
|
|
- logstash[0-9]*.open*.org
|
|
- mirror-update[0-9]*.openstack.org
|
|
- openstackid-dev*.openstack.org
|
|
- openstackid.org
|
|
- openstackid[0-9]*.openstack.org
|
|
- paste[0-9]*.open*.org
|
|
- pbx[0-9]*.opendev.org
|
|
- status*.open*.org
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
- storyboard[0-9]*.opendev.org
|
|
- subunit-worker[0-9]*.open*.org
|
|
- translate-dev[0-9]*.open*.org
|
|
- translate[0-9]*.open*.org
|
|
- wiki-dev[0-9]*.openstack.org
|
|
- wiki[0-9]*.openstack.org
|
|
puppet4:
|
|
- ask*.open*.org
|
|
- ask-staging[0-9]*.open*.org
|
|
- cacti[0-9]*.open*.org
|
|
- eavesdrop[0-9]*.open*.org
|
|
- elasticsearch[0-9]*.open*.org
|
|
- ethercalc[0-9]*.open*.org
|
|
- health[0-9]*.openstack.org
|
|
- lists-dev[0-9]*.open*.org
|
|
- logstash-worker[0-9]*.open*.org
|
|
- logstash[0-9]*.open*.org
|
|
- mirror-update[0-9]*.openstack.org
|
|
- openstackid[0-9]*.openstack.org
|
|
- openstackid-dev[0-9]*.openstack.org
|
|
- paste[0-9]*.open*.org
|
|
- pbx[0-9]*.opendev.org
|
|
- status*.open*.org
|
|
- storyboard[0-9]*.opendev.org
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
- subunit-worker[0-9]*.open*.org
|
|
- translate[0-9]*.open*.org
|
|
- translate-dev[0-9]*.open*.org
|
|
- wiki[0-9]*.openstack.org
|
|
- wiki-dev[0-9]*.openstack.org
|
|
refstack:
|
|
- refstack[0-9]*.openstack.org
|
|
registry:
|
|
- insecure-ci-registry[0-9]*.opendev.org
|
|
review:
|
|
- review[0-9]*.open*.org
|
|
# This group disables operations like project-managment and
|
|
# replication. It is intended for staging new production servers.
|
|
review-staging:
|
|
- review-test.opendev.org
|
|
- review02.opendev.org
|
|
static:
|
|
- static[0-9]*.opendev.org
|
|
status:
|
|
- status*.open*.org
|
|
storyboard:
|
|
- storyboard[0-9]*.opendev.org
|
|
storyboard-dev:
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
subunit-worker:
|
|
- subunit-worker[0-9]*.open*.org
|
|
translate-dev:
|
|
- translate-dev[0-9]*.open*.org
|
|
translate:
|
|
- translate[0-9]*.open*.org
|
|
webservers:
|
|
- ask*.open*.org
|
|
- cacti[0-9]*.open*.org
|
|
- codesearch[0-9]*.opendev.org
|
|
- eavesdrop[0-9]*.open*.org
|
|
- ethercalc[0-9]*.open*.org
|
|
- etherpad[0-9]*.open*.org
|
|
- grafana[0-9]*.opendev.org
|
|
- graphite*.opendev.org
|
|
- health[0-9]*.openstack.org
|
|
- nb[0-9]*.opendev.org
|
|
- nl[0-9]*.open*.org
|
|
- openstackid-dev*.openstack.org
|
|
- openstackid.org
|
|
- openstackid[0-9]*.openstack.org
|
|
- paste[0-9]*.open*.org
|
|
- refstack[0-9]*.openstack.org
|
|
- static[0-9]*.opendev.org
|
|
- status*.open*.org
|
|
- storyboard-dev[0-9]*.opendev.org
|
|
- storyboard[0-9]*.opendev.org
|
|
- translate-dev[0-9]*.open*.org
|
|
- translate[0-9]*.open*.org
|
|
- wiki-dev[0-9]*.openstack.org
|
|
- wiki[0-9]*.openstack.org
|
|
wiki:
|
|
- wiki[0-9]*.openstack.org
|
|
wiki-dev:
|
|
- wiki-dev[0-9]*.openstack.org
|
|
zookeeper:
|
|
- zk[0-9]*.open*.org
|
|
zuul:
|
|
- ze[0-9]*.opendev.org
|
|
- zm[0-9]*.opendev.org
|
|
- zuul[0-9]*.opendev.org
|
|
zuul-executor:
|
|
- ze[0-9]*.opendev.org
|
|
zuul-merger:
|
|
- zm[0-9]*.opendev.org
|
|
zuul-preview:
|
|
- zp[0-9]*.opendev.org
|
|
zuul-scheduler:
|
|
- zuul[0-9]*.opendev.org
|
|
zuul-web:
|
|
- zuul[0-9]*.opendev.org
|