Add tarballs.opendev.org vhost

Change-Id: I6aa85bf92b2d5726d3c86b11b103a87f11953c51

manifests/site.pp

@@ -474,6 +474,15 @@ node /^files\d*\.open.*\.org$/ {
     require          => Class['openstack_project::files'],
   }
 
+  openstack_project::website { 'tarballs.opendev.org':
+    aliases          => [],
+    docroot	     => "/afs/openstack.org/project/opendev.org/tarballs",
+    ssl_cert_file    => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.cer',
+    ssl_key_file     => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.key',
+    ssl_chain_file   => '/etc/letsencrypt-certs/tarballs.opendev.org/ca.cer',
+    require          => Class['openstack_project::files'],
+  }
+
   openstack_project::website { 'zuul-ci.org':
     aliases          => ['www.zuul-ci.org', 'zuulci.org', 'www.zuulci.org'],
     ssl_cert         => hiera('zuul-ci_org_ssl_cert'),

modules/openstack_project/manifests/website.pp

@@ -18,6 +18,9 @@ define openstack_project::website (
   $ssl_cert = undef,
   $ssl_key = undef,
   $ssl_intermediate = undef,
+  $ssl_cert_file = undef,
+  $ssl_key_file = undef,
+  $ssl_chain_file = undef,
   $template = 'openstack_project/website.vhost.erb',
   $docroot = undef,
 ) {
@@ -42,35 +45,47 @@ define openstack_project::website (
     docroot       => $docroot_,
     priority      => '50',
     template      => $template,
-    require       => [File["/etc/ssl/certs/${name}.pem"],
-                      File["/etc/ssl/private/${name}.key"],
-                      File["/etc/ssl/certs/${name}_intermediate.pem"]],
   }
 
-  file { "/etc/ssl/certs/${name}.pem":
+  if ($ssl_cert != undef) {
-    ensure  => present,
+    $ssl_cert_file_ = "/etc/ssl/certs/${name}.pem"
-    owner   => 'root',
+    file { "${ssl_cert_file_}":
-    group   => 'root',
+      ensure  => present,
-    mode    => '0644',
+      owner   => 'root',
-    content => $ssl_cert,
+      group   => 'root',
-    require => File['/etc/ssl/certs'],
+      mode    => '0644',
+      content => $ssl_cert,
+      require => File['/etc/ssl/certs'],
+    }
+  } else {
+    $ssl_cert_file_ = $ssl_cert_file
   }
 
-  file { "/etc/ssl/private/${name}.key":
+  if ($ssl_key != undef) {
-    ensure  => present,
+    $ssl_key_file_ = "/etc/ssl/private/${name}.key"
-    owner   => 'root',
+    file { "${ssl_key_file_}":
-    group   => 'root',
+      ensure  => present,
-    mode    => '0600',
+      owner   => 'root',
-    content => $ssl_key,
+      group   => 'root',
-    require => File['/etc/ssl/private'],
+      mode    => '0600',
+      content => $ssl_key,
+      require => File['/etc/ssl/private'],
+    }
+  } else {
+    $ssl_key_file_ = $ssl_key_file
   }
 
-  file { "/etc/ssl/certs/${name}_intermediate.pem":
+  if ($ssl_intermediate != undef) {
-    ensure  => present,
+    $ssl_chain_file_ = "/etc/ssl/certs/${name}_intermediate.pem"
-    owner   => 'root',
+    file { "${ssl_chain_file_}":
-    group   => 'root',
+      ensure  => present,
-    mode    => '0644',
+      owner   => 'root',
-    content => $ssl_intermediate,
+      group   => 'root',
-    require => File['/etc/ssl/certs'],
+      mode    => '0644',
+      content => $ssl_intermediate,
+      require => File['/etc/ssl/certs'],
+    }
+  } else {
+    $ssl_chain_file_ = $ssl_chain_file
   }
 }

modules/openstack_project/templates/website.vhost.erb

@@ -37,9 +37,9 @@
     # only is guarenteed.
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
     SSLHonorCipherOrder on
-    SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+    SSLCertificateFile <%= @ssl_cert_file_ %>
-    SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+    SSLCertificateKeyFile <%= @ssl_key_file_ %>
-    SSLCertificateChainFile /etc/ssl/certs/<%= @name %>_intermediate.pem
+    SSLCertificateChainFile <%= @ssl_chain_file_ %>
 
     DocumentRoot <%= @docroot %>
     <Directory <%= @docroot %>>