Ian Wienand d961b6d0d4 static: implement legacy redirect sites
This is a slight divergence from the accepted spec, where we were
going to implement these redirects via a new haproxy instance
(I961456d44a56f2334d3c94ef27e408f27409cd65).  We've decided it's
easier to keep them on static.opendev.org

The following sites are configured to redirect to whatever they are
redirecting to now on static.opendev.org:

 * devstack.org
 * www.devstack.org
 * ci.openstack.org
 * cinder.openstack.org
 * glance.openstack.org
 * horizon.openstack.org
 * keystone.openstack.org
 * nova.openstack.org
 * qa.openstack.org
 * summit.openstack.org
 * swift.openstack.org

As a bonus, they all get a https instance too, which they didn't have
before.

testinfra coverage should be total for this change.  I have created
the _acme-challange CNAME records for all the above.

Story: #2006598
Task: #38881

Change-Id: I3f1fc108e7bb1c9500ad4d1a51df13bb4ae00cb9
2020-02-27 16:25:39 +11:00

202 lines
8.2 KiB
YAML

# Handlers for "letsencrypt update {{ key }}" events
#
# Note that because Ansible requires every called handler to have a
# listener, every host will need to provide a handler somehow.
#
# NOTE(ianw): as at 04/2019 it seems that something like
# listen: letsencrypt updated letsencrypt01-main-service
# doesn't actually register the handler.
#
# NOTE: import_tasks or include can not be used in handlers
# ("include_tasks" is okay).
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#imports-as-handlers
- name: letsencrypt updated graphite01-main
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
vars:
touch_file: '/tmp/letsencrypt-graphite01-main.stamp'
- name: letsencrypt updated tarballs-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated zuul-ci-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated zuul-ci-git
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated zuul-opendev-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated logs-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated insecure-ci-registry01-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
# Static
- name: letsencrypt updated static01-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-ci-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-cinder-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-developer-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-devstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-docs-opendev-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-docs-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-docs-starlingx-io
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-glance-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-git-airshipit-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-git-starlingx-io
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-git-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-git-zuul-ci-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-governance-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-horizon-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-keystone-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-nova-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-qa-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-service-types-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-specs-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-security-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-summit-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-swift-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-releases-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-tarballs-opendev-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-tarballs-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-zuul-ci-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
# review-dev
- name: letsencrypt updated review-dev01-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
# review
- name: letsencrypt updated review01-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
# Mirrors
- name: letsencrypt updated mirror01-dfw-rax-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated mirror01-iad-rax-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated mirror01-ord-rax-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated mirror01-gra1-ovh-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated mirror01-regionone-fortnebula-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated mirror01-regionone-linaro-us-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated mirror02-mtl01-inap-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated mirror01-kna1-airship-citycloud-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
# Gate testing hosts:
- name: letsencrypt updated letsencrypt01-main-service
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
vars:
touch_file: '/tmp/letsencrypt01-main-service.stamp'
- name: letsencrypt updated letsencrypt01-other-service
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
vars:
touch_file: '/tmp/letsencrypt01-other-service.stamp'
- name: letsencrypt updated letsencrypt02-main-service
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
vars:
touch_file: '/tmp/letsencrypt02-main-service.stamp'
- name: letsencrypt updated mirror01-openafs-provider-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated gitea99-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
# We split out handlers for each gitea host as handlers should be run in order
# This allows us to do a rolling restart of the gitea backends.
- name: letsencrypt updated gitea01-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- name: letsencrypt updated gitea02-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- name: letsencrypt updated gitea03-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- name: letsencrypt updated gitea04-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- name: letsencrypt updated gitea05-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- name: letsencrypt updated gitea06-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- name: letsencrypt updated gitea07-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- name: letsencrypt updated gitea08-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml