From 3c84c65614dd561ed96071e178062b4b20b6882e Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Wed, 5 Jun 2019 14:10:19 -0700
Subject: [PATCH] Add tarballs.opendev.org vhost

Change-Id: I6aa85bf92b2d5726d3c86b11b103a87f11953c51
---
 manifests/site.pp                             |  9 +++
 .../openstack_project/manifests/website.pp    | 63 ++++++++++++-------
 .../templates/website.vhost.erb               |  6 +-
 3 files changed, 51 insertions(+), 27 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 55230c8dfd..261a295d66 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -474,6 +474,15 @@ node /^files\d*\.open.*\.org$/ {
     require          => Class['openstack_project::files'],
   }
 
+  openstack_project::website { 'tarballs.opendev.org':
+    aliases          => [],
+    docroot	     => "/afs/openstack.org/project/opendev.org/tarballs",
+    ssl_cert_file    => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.cer',
+    ssl_key_file     => '/etc/letsencrypt-certs/tarballs.opendev.org/tarballs.opendev.org.key',
+    ssl_chain_file   => '/etc/letsencrypt-certs/tarballs.opendev.org/ca.cer',
+    require          => Class['openstack_project::files'],
+  }
+
   openstack_project::website { 'zuul-ci.org':
     aliases          => ['www.zuul-ci.org', 'zuulci.org', 'www.zuulci.org'],
     ssl_cert         => hiera('zuul-ci_org_ssl_cert'),
diff --git a/modules/openstack_project/manifests/website.pp b/modules/openstack_project/manifests/website.pp
index ac77b35e05..eae4467b95 100644
--- a/modules/openstack_project/manifests/website.pp
+++ b/modules/openstack_project/manifests/website.pp
@@ -18,6 +18,9 @@ define openstack_project::website (
   $ssl_cert = undef,
   $ssl_key = undef,
   $ssl_intermediate = undef,
+  $ssl_cert_file = undef,
+  $ssl_key_file = undef,
+  $ssl_chain_file = undef,
   $template = 'openstack_project/website.vhost.erb',
   $docroot = undef,
 ) {
@@ -42,35 +45,47 @@ define openstack_project::website (
     docroot       => $docroot_,
     priority      => '50',
     template      => $template,
-    require       => [File["/etc/ssl/certs/${name}.pem"],
-                      File["/etc/ssl/private/${name}.key"],
-                      File["/etc/ssl/certs/${name}_intermediate.pem"]],
   }
 
-  file { "/etc/ssl/certs/${name}.pem":
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => $ssl_cert,
-    require => File['/etc/ssl/certs'],
+  if ($ssl_cert != undef) {
+    $ssl_cert_file_ = "/etc/ssl/certs/${name}.pem"
+    file { "${ssl_cert_file_}":
+      ensure  => present,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => $ssl_cert,
+      require => File['/etc/ssl/certs'],
+    }
+  } else {
+    $ssl_cert_file_ = $ssl_cert_file
   }
 
-  file { "/etc/ssl/private/${name}.key":
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0600',
-    content => $ssl_key,
-    require => File['/etc/ssl/private'],
+  if ($ssl_key != undef) {
+    $ssl_key_file_ = "/etc/ssl/private/${name}.key"
+    file { "${ssl_key_file_}":
+      ensure  => present,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0600',
+      content => $ssl_key,
+      require => File['/etc/ssl/private'],
+    }
+  } else {
+    $ssl_key_file_ = $ssl_key_file
   }
 
-  file { "/etc/ssl/certs/${name}_intermediate.pem":
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => $ssl_intermediate,
-    require => File['/etc/ssl/certs'],
+  if ($ssl_intermediate != undef) {
+    $ssl_chain_file_ = "/etc/ssl/certs/${name}_intermediate.pem"
+    file { "${ssl_chain_file_}":
+      ensure  => present,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => $ssl_intermediate,
+      require => File['/etc/ssl/certs'],
+    }
+  } else {
+    $ssl_chain_file_ = $ssl_chain_file
   }
 }
diff --git a/modules/openstack_project/templates/website.vhost.erb b/modules/openstack_project/templates/website.vhost.erb
index aa99804309..62306406b8 100644
--- a/modules/openstack_project/templates/website.vhost.erb
+++ b/modules/openstack_project/templates/website.vhost.erb
@@ -37,9 +37,9 @@
     # only is guarenteed.
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
     SSLHonorCipherOrder on
-    SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
-    SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-    SSLCertificateChainFile /etc/ssl/certs/<%= @name %>_intermediate.pem
+    SSLCertificateFile <%= @ssl_cert_file_ %>
+    SSLCertificateKeyFile <%= @ssl_key_file_ %>
+    SSLCertificateChainFile <%= @ssl_chain_file_ %>
 
     DocumentRoot <%= @docroot %>
     <Directory <%= @docroot %>>