ptgbot: setup web interface

The dependent change exports the ptgbot website on port 8000 in the
container.  Proxy this through apache.

Depends-On: https://review.opendev.org/c/openstack/ptgbot/+/812417
Change-Id: Idf9e9f5ffad981427d24a3476c0c1f244721d917
changes/19/812419/7
Ian Wienand 1 year ago
parent 62e30e52de
commit 86b7f75b25
  1. 4
      playbooks/roles/ptgbot/handlers/main.yaml
  2. 28
      playbooks/roles/ptgbot/tasks/main.yaml
  3. 43
      playbooks/roles/ptgbot/templates/ptgbot.vhost.config.j2
  4. 2
      playbooks/service-eavesdrop.yaml
  5. 6
      testinfra/test_eavesdrop.py

@ -0,0 +1,4 @@
- name: ptgbot Reload apache2
service:
name: apache2
state: reloaded

@ -50,3 +50,31 @@
- name: Run docker prune to cleanup unneeded images
shell:
cmd: docker image prune -f
- name: Install apache2
apt:
name:
- apache2
- apache2-utils
state: present
- name: Apache modules
apache2_module:
state: present
name: "{{ item }}"
loop:
- rewrite
- proxy
- proxy_http
- ssl
- headers
- proxy_wstunnel
- name: Copy apache config
template:
src: ptgbot.vhost.config.j2
dest: '/etc/apache2/sites-enabled/010-ptgbot.conf'
owner: root
group: root
mode: 0644
notify: ptgbot Reload apache2

@ -0,0 +1,43 @@
<VirtualHost *:80>
ServerName {{ inventory_hostname }}
ServerAdmin infra-root@openstack.org
ErrorLog ${APACHE_LOG_DIR}/ptgbot-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ptgbot-access.log combined
Redirect / https://ptgbot.opendev.org/
</VirtualHost>
<VirtualHost *:443>
ServerName ptgbot.opendev.org
ServerAdmin webmaster@openstack.org
RewriteCond %{HTTP_HOST} !^ptgbot\.opendev\.org [nocase]
RewriteRule ^/(.*) https://ptgbot.opendev.org/$1 [last,redirect=permanent]
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/ptgbot-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ptgbot-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/ptgbot.opendev.org/ptgbot.opendev.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/ptgbot.opendev.org/ptgbot.opendev.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/ptgbot.opendev.org/ca.cer
ProxyPass / http://localhost:8000/ retry=0
ProxyPassReverse / http://localhost:8000/
</VirtualHost>

@ -7,8 +7,8 @@
- sync-project-config
- accessbot
- gerritbot
- ptgbot
- statusbot
- limnoria
- matrix-eavesdrop
- matrix-gerritbot
- ptgbot

@ -45,3 +45,9 @@ def test_statusbot_running(host):
cmd = host.run("docker ps -a")
assert 'statusbot-docker_statusbot_1' in cmd.stdout
assert 'Up ' in cmd.stdout
def test_ptgbot(host):
cmd = host.run('curl --insecure '
'--resolve ptgbot.opendev.org:443:127.0.0.1 '
'https://ptgbot.opendev.org/')
assert 'Project Teams Gathering' in cmd.stdout

Loading…
Cancel
Save