add ocp stg wildcard cert and also point api to use it

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-08-04 19:39:13 -07:00 · 2021-08-04 19:39:13 -07:00 · 1076e00aed
commit 1076e00aed
parent bdc1da99d8
2 changed files with 9 additions and 3 deletions
--- a/inventory/group_vars/staging
+++ b/inventory/group_vars/staging
@ -18,6 +18,12 @@ os_wildcard_cert_file: wildcard-2021.app.os.stg.fedoraproject.org.cert
 os_wildcard_key_file: wildcard-2021.app.os.stg.fedoraproject.org.key
 os_wildcard_int_file: wildcard-2021.app.os.stg.fedoraproject.org.intermediate.cert

+# This is the openshift wildcard cert for ocp stg
+ocp_wildcard_cert_name: wildcard-2021.apps.ocp.stg.fedoraproject.org
+ocp_wildcard_cert_file: wildcard-2021.apps.ocp.stg.fedoraproject.org.cert
+ocp_wildcard_key_file: wildcard-2021.apps.ocp.stg.fedoraproject.org.key
+ocp_wildcard_int_file: wildcard-2021.apps.ocp.stg.fedoraproject.org.intermediate.cert
+
 fedmsg_prefix: org.fedoraproject
 fedmsg_env: stg
 deployment_type: stg
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -695,10 +695,10 @@

  - role: httpd/website
    site_name: apps.ocp.stg.fedoraproject.org
-    server_aliases: ["*.apps.ocp.stg.fedoraproject.org"]
+    server_aliases: ["*.apps.ocp.stg.fedoraproject.org" "api.apps.ocp.stg.fedoraproject.org"]
    sslonly: true
-    cert_name: "{{os_wildcard_cert_name}}"
-    SSLCertificateChainFile: "{{os_wildcard_int_file}}"
+    cert_name: "{{ocp_wildcard_cert_name}}"
+    SSLCertificateChainFile: "{{ocp_wildcard_int_file}}"
    # The Connection and Upgrade headers don't work for h2
    # So non-h2 is needed to fix websockets.
    use_h2: false