From 1076e00aed555d4108a1984dd5142db565b98533 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 4 Aug 2021 19:39:13 -0700 Subject: [PATCH] add ocp stg wildcard cert and also point api to use it Signed-off-by: Kevin Fenzi --- inventory/group_vars/staging | 6 ++++++ playbooks/include/proxies-websites.yml | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging index 3ba09af1f0..cb43981328 100644 --- a/inventory/group_vars/staging +++ b/inventory/group_vars/staging @@ -18,6 +18,12 @@ os_wildcard_cert_file: wildcard-2021.app.os.stg.fedoraproject.org.cert os_wildcard_key_file: wildcard-2021.app.os.stg.fedoraproject.org.key os_wildcard_int_file: wildcard-2021.app.os.stg.fedoraproject.org.intermediate.cert +# This is the openshift wildcard cert for ocp stg +ocp_wildcard_cert_name: wildcard-2021.apps.ocp.stg.fedoraproject.org +ocp_wildcard_cert_file: wildcard-2021.apps.ocp.stg.fedoraproject.org.cert +ocp_wildcard_key_file: wildcard-2021.apps.ocp.stg.fedoraproject.org.key +ocp_wildcard_int_file: wildcard-2021.apps.ocp.stg.fedoraproject.org.intermediate.cert + fedmsg_prefix: org.fedoraproject fedmsg_env: stg deployment_type: stg diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 6dea228de7..86202a972a 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -695,10 +695,10 @@ - role: httpd/website site_name: apps.ocp.stg.fedoraproject.org - server_aliases: ["*.apps.ocp.stg.fedoraproject.org"] + server_aliases: ["*.apps.ocp.stg.fedoraproject.org" "api.apps.ocp.stg.fedoraproject.org"] sslonly: true - cert_name: "{{os_wildcard_cert_name}}" - SSLCertificateChainFile: "{{os_wildcard_int_file}}" + cert_name: "{{ocp_wildcard_cert_name}}" + SSLCertificateChainFile: "{{ocp_wildcard_int_file}}" # The Connection and Upgrade headers don't work for h2 # So non-h2 is needed to fix websockets. use_h2: false