From 45c6b2d5a366e717de22b0f79e0cb438d975c23c Mon Sep 17 00:00:00 2001
From: Silvie Chlupova <sisi.chlupova@gmail.com>
Date: Tue, 15 Dec 2020 16:05:43 +0100
Subject: [PATCH] copr: letsencrypt configuration for copr-fe production
 instance

---
 inventory/group_vars/copr_front_aws                  | 10 ++++++++++
 roles/copr/frontend-cloud/tasks/main.yml             |  9 ---------
 roles/copr/frontend-cloud/templates/httpd/coprs.conf |  6 ------
 3 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/inventory/group_vars/copr_front_aws b/inventory/group_vars/copr_front_aws
index 04ee00ad75..89a587e1ea 100644
--- a/inventory/group_vars/copr_front_aws
+++ b/inventory/group_vars/copr_front_aws
@@ -13,6 +13,16 @@ csi_relationship: |
   - This host provides the frontend part of copr only.
   - It's the point of contact between end users and the copr build system (backend, package singer)
 
+# consumed by roles/copr/certbot
+letsencrypt:
+  predefined_deploy_script: httpd
+  certificates:
+    copr.fedorainfracloud.org:
+      domains:
+      - copr.fedorainfracloud.org
+      challenge_dir: /var/www/html
+      mail: copr-devel@lists.fedorahosted.org
+
 copr_pagure_events:
   io.pagure.prod.pagure: "https://pagure.io/"
   org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/"
diff --git a/roles/copr/frontend-cloud/tasks/main.yml b/roles/copr/frontend-cloud/tasks/main.yml
index cbfea54c1d..1596baceb8 100644
--- a/roles/copr/frontend-cloud/tasks/main.yml
+++ b/roles/copr/frontend-cloud/tasks/main.yml
@@ -89,17 +89,8 @@
   register: alembic_result
   changed_when: alembic_result.stdout is search("Running upgrade")
 
-# TODO: move production to lets-encrypt as well
-- name: install ssl certificates for production
-  import_tasks: "install_certs.yml"
-  when: not devel
-  tags:
-  - config
-
-# development servers use Let's Encrypt
 - name: install letsencrypt ssl certificates for dev
   include_role: name=copr/certbot
-  when: devel|bool
   tags:
   - config
 
diff --git a/roles/copr/frontend-cloud/templates/httpd/coprs.conf b/roles/copr/frontend-cloud/templates/httpd/coprs.conf
index 5fe9501c9d..c0421b84c8 100644
--- a/roles/copr/frontend-cloud/templates/httpd/coprs.conf
+++ b/roles/copr/frontend-cloud/templates/httpd/coprs.conf
@@ -54,15 +54,9 @@ WSGIApplicationGroup %{GLOBAL}
     SSLHonorCipherOrder on
     Header always add Strict-Transport-Security "max-age=31536000; preload"
 
-{% if not devel %}
-    SSLCertificateFile      /etc/pki/tls/certs/copr.fedorainfracloud.org.crt
-    SSLCertificateKeyFile   /etc/pki/tls/private/copr.fedorainfracloud.org.key
-    SSLCertificateChainFile /etc/pki/tls/certs/copr.fedorainfracloud.org.intermediate.crt
-{% else %}
     SSLCertificateFile      /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem
     SSLCertificateKeyFile   /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/privkey.pem
     SSLCertificateChainFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/fullchain.pem
-{% endif %}
 
     WSGIPassAuthorization On