From 609986634fc5918a891044f064e37ea10572ef17 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Tue, 13 Apr 2021 11:18:24 +1000 Subject: [PATCH] Add planet.openstack.org redirect to static This handles planet.openstack.org and redirects it to the opendev.org/openstack/planet-openstack repo, where we will put a README and the OPML file of the last state as we deprecate this service. Change-Id: If141aca5efbdbe60c91ceefaa4e05c98cd0ba5bb --- .../host_vars/static01.opendev.org.yaml | 2 ++ .../handlers/main.yaml | 7 +++++ .../static/files/50-planet.openstack.org.conf | 31 +++++++++++++++++++ playbooks/roles/static/tasks/main.yaml | 1 + testinfra/test_static.py | 9 +++++- 5 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 playbooks/roles/static/files/50-planet.openstack.org.conf diff --git a/inventory/service/host_vars/static01.opendev.org.yaml b/inventory/service/host_vars/static01.opendev.org.yaml index 604cf1cdf0..086f3a8127 100644 --- a/inventory/service/host_vars/static01.opendev.org.yaml +++ b/inventory/service/host_vars/static01.opendev.org.yaml @@ -39,6 +39,8 @@ letsencrypt_certs: - keystone.openstack.org static01-nova-openstack-org: - nova.openstack.org + static01-planet-openstack-org: + - planet.openstack.org static01-service-types-openstack-org: - service-types.openstack.org static01-security-openstack-org: diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index 026bf459c6..69d6a4fa54 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -90,6 +90,9 @@ - name: letsencrypt updated static01-nova-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-planet-openstack-org + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + - name: letsencrypt updated static01-service-types-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml @@ -117,9 +120,13 @@ - name: letsencrypt updated static01-zuul-ci-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +# Grafana + - name: letsencrypt updated grafana01-opendev-org-main include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +# Codesearch (hound) + - name: letsencrypt updated codesearch01-opendev-org-main include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml diff --git a/playbooks/roles/static/files/50-planet.openstack.org.conf b/playbooks/roles/static/files/50-planet.openstack.org.conf new file mode 100644 index 0000000000..5e6eadca6a --- /dev/null +++ b/playbooks/roles/static/files/50-planet.openstack.org.conf @@ -0,0 +1,31 @@ + + ServerName planet.openstack.org + + RewriteEngine On + RewriteRule ^/(.*) https://opendev.org/openstack/openstack-planet [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/planet.openstack.org_error.log + CustomLog /var/log/apache2/planet.openstack.org_access.log combined + ServerSignature Off + + + + ServerName planet.openstack.org + + SSLCertificateFile /etc/letsencrypt-certs/planet.openstack.org/planet.openstack.org.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/planet.openstack.org/planet.openstack.org.key + SSLCertificateChainFile /etc/letsencrypt-certs/planet.openstack.org/ca.cer + SSLProtocol All -SSLv2 -SSLv3 + # Note: this list should ensure ciphers that provide forward secrecy + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + + RewriteEngine On + RewriteRule ^/(.*) https://opendev.org/openstack/openstack-planet [last,redirect=permanent] + + LogLevel warn + ErrorLog /var/log/apache2/planet.openstack.org_error.log + CustomLog /var/log/apache2/planet.openstack.org_access.log combined + ServerSignature Off + diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml index fcbca23f8c..a3f10c6bc8 100644 --- a/playbooks/roles/static/tasks/main.yaml +++ b/playbooks/roles/static/tasks/main.yaml @@ -92,6 +92,7 @@ - 50-horizon.openstack.org - 50-keystone.openstack.org - 50-nova.openstack.org + - 50-planet.openstack.org - 50-security.openstack.org - 50-service-types.openstack.org - 50-specs.openstack.org diff --git a/testinfra/test_static.py b/testinfra/test_static.py index 1472e0a0d3..67f5f79c74 100644 --- a/testinfra/test_static.py +++ b/testinfra/test_static.py @@ -80,7 +80,7 @@ def test_tarballs_opendev_org_redirects(host): cmd = host.run('curl --insecure ' '--resolve tarballs.opendev.org:443:127.0.0.1 ' 'https://tarballs.opendev.org/openstack/afsmon/') - # Should be redirected to opendev/afsmon + # Should be redirected to opendev/afsmon assert '301 Moved Permanently' in cmd.stdout assert 'https://tarballs.opendev.org/opendev/afsmon' in cmd.stdout @@ -207,6 +207,13 @@ def test_summit_openstack_org(host): assert '301 Moved Permanently' in cmd.stdout assert 'https://openstack.org/summit/' in cmd.stdout +def test_planet_openstack_org_redirects(host): + cmd = host.run('curl --insecure ' + '--resolve planet.openstack.org:443:127.0.0.1 ' + 'https://planet.openstack.org/') + assert '301 Moved Permanently' in cmd.stdout + assert 'https://opendev.org/openstack/openstack-planet' in cmd.stdout + ci_redirects = ( ('/jenkins-job-builder', 'https://docs.openstack.org/infra/jenkins-job-builder'), ('/nodepool', 'https://docs.openstack.org/infra/nodepool'),