Use LE cert for git.zuul-ci.org

The cert has been issued. This partially reverts commit 42c0d0696c. Change-Id: I5f6c9d648a6fdfc3f9464c01f51d95c5cd72ed49
2020-01-08 16:12:13 -08:00 · 2020-01-08 16:12:13 -08:00 · 447b8513ea
parent e0f44a7ea1
commit 447b8513ea
2 changed files with 10 additions and 42 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -442,9 +442,6 @@ node /^files\d*\.open.*\.org$/ {
    git_starlingx_cert_file_contents  => hiera('git_starlingx_cert_file_contents'),
    git_starlingx_key_file_contents   => hiera('git_starlingx_key_file_contents'),
    git_starlingx_chain_file_contents => hiera('git_starlingx_chain_file_contents'),
-    git_zuul_cert_file_contents       => hiera('git_zuul_cert_file_contents'),
-    git_zuul_key_file_contents        => hiera('git_zuul_key_file_contents'),
-    git_zuul_chain_file_contents      => hiera('git_zuul_chain_file_contents'),
    require                           => Class['Openstack_project::Server'],
  }

@ -490,6 +487,16 @@ node /^files\d*\.open.*\.org$/ {
    ssl_chain_file => '/etc/letsencrypt-certs/zuul-ci.org/ca.cer',
    require        => Class['openstack_project::files'],
  }
+
+  openstack_project::website { 'git.zuul-ci.org':
+    docroot             => "/var/www/git-redirect",
+    allow_override_list => "Redirect RedirectMatch RewriteEngine RewriteBase RewriteCond RewriteMap RewriteOptions RewriteRule",
+    ssl_cert_file       => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.cer',
+    ssl_key_file        => '/etc/letsencrypt-certs/git.zuul-ci.org/git.zuul-ci.org.key',
+    ssl_chain_file      => '/etc/letsencrypt-certs/git.zuul-ci.org/ca.cer',
+    require             => Class['openstack_project::files'],
+  }
+
 }

 # Node-OS: trusty
--- a/modules/openstack_project/manifests/files.pp
+++ b/modules/openstack_project/manifests/files.pp
@ -17,9 +17,6 @@ class openstack_project::files (
  $git_starlingx_cert_file_contents,
  $git_starlingx_key_file_contents,
  $git_starlingx_chain_file_contents,
-  $git_zuul_cert_file_contents,
-  $git_zuul_key_file_contents,
-  $git_zuul_chain_file_contents,
 ) {

  $afs_root = '/afs/openstack.org/'
@ -330,40 +327,4 @@ class openstack_project::files (
    require => File['/etc/ssl/certs'],
    before  => File['/etc/ssl/certs/git.starlingx.io.pem'],
  }
-
-  ###########################################################
-  # git.zuul-ci.org
-
-  ::httpd::vhost { 'git.zuul-ci.org':
-    port     => 443, # Is required despite not being used.
-    docroot  => "${www_base}/git-redirect",
-    priority => '50',
-    template => 'openstack_project/git-redirect.vhost.erb',
-    require  => File["${www_base}/git-redirect"],
-  }
-  file { '/etc/ssl/certs/git.zuul-ci.org.pem':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => $git_zuul_cert_file_contents,
-    require => File['/etc/ssl/certs'],
-  }
-  file { '/etc/ssl/private/git.zuul-ci.org.key':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0600',
-    content => $git_zuul_key_file_contents,
-    require => File['/etc/ssl/private'],
-  }
-  file { '/etc/ssl/certs/git.zuul-ci.org_intermediate.pem':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => $git_zuul_chain_file_contents,
-    require => File['/etc/ssl/certs'],
-    before  => File['/etc/ssl/certs/git.zuul-ci.org.pem'],
-  }
 }