retrace: use letsencrypt for retrace-stg

inventory/host_vars/retrace-stg.aws.fedoraproject.org

@@ -7,6 +7,7 @@ ansible_ifcfg_blacklist: True
 public_ip: 3.228.218.234
 datacenter: aws
 
+public_hostname: retrace.stg.fedoraproject.org
 faf_server_name: retrace.stg.fedoraproject.org/faf
 rs_use_faf_packages: true
 

roles/abrt/faf-pre/files/retrace_ssl.conf.j2

@@ -0,0 +1,27 @@
+<VirtualHost *:443>
+    SSLEngine on
+    SSLProtocol {{ ssl_protocols }}
+    # Use secure TLSv1.1 and TLSv1.2 ciphers
+    SSLCipherSuite {{ ssl_ciphers }}
+    SSLHonorCipherOrder on
+    Header always add Strict-Transport-Security "max-age=31536000; preload"
+
+    {% if not devel %}
+      # NA
+    {% else %}
+    SSLCertificateFile    /etc/letsencrypt/live/{{ public_hostname }}/cert.pem
+    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ public_hostname }}/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/{{ public_hostname }}/fullchain.pem
+    {% endif %}
+
+    ServerName {{ public_hostname }}
+
+    WSGIPassAuthorization On
+    WSGIPythonOptimize 1
+    WSGISocketPrefix /srv/faf/wsgi
+    WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5
+    WSGIScriptAlias /faf /usr/lib/python3.6/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL}
+
+    WSGIProcessGroup 127.0.0.1
+
+</VirtualHost>

roles/abrt/faf-pre/tasks/main.yml

@@ -69,3 +69,5 @@
     regexp: 'MORE_SATYR ='
     line: '    MORE_SATYR = "https://github.com/abrt/satyr/"'
   notify: restart httpd
+
+-import_tasks: ssl.yml

roles/abrt/faf-pre/tasks/ssl.yml

@@ -0,0 +1,12 @@
+---
+- name: install letsencrypt ssl certificates for dev
+  include_role: name=copr/certbot
+  when: devel|bool
+  tags:
+  - config
+
+- name: install copr-frontend ssl vhost
+  template: src="httpd/retrace_ssl.conf.j2" dest="/etc/httpd/conf.d/retrace_ssl.conf"
+  when: devel|bool
+  tags:
+  - config