ocp / proxies: add ocp4 to staging proxies

We first add a website to proxies-websites, then information to proxies-reverseproxy about the load-balancer/site, then finally vars about which hosts are in which blanacer. We still need to get ssl certs issued, which we can do via dns challenge and certbot. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-07-26 09:58:32 -07:00 · 2021-07-26 09:58:32 -07:00 · 786bf4e138
commit 786bf4e138
parent 25dd467819
3 changed files with 56 additions and 0 deletions
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@ -608,6 +608,28 @@
    tags:
    - app.os.fedoraproject.org

+  - role: httpd/reverseproxy
+    website: "ocp{{ env_suffix }}.fedoraproject.org"
+    destname: ocp
+    balancer_name: ocp
+    targettype: openshift
+    balancer_members: "{{ ocp_masters }}"
+    keephost: true
+    tags:
+    - ocp.fedoraproject.org
+    when: env == "staging"
+
+  - role: httpd/reverseproxy
+    website: "app.ocp{{ env_suffix }}.fedoraproject.org"
+    destname: app.ocp
+    balancer_name: app-ocp
+    targettype: openshift
+    balancer_members: "{{ ocp_nodes }}"
+    keephost: true
+    tags:
+    - app.ocp.fedoraproject.org
+    when: env == "staging"
+
  - role: httpd/reverseproxy
    website: "provision{{ env_suffix }}.fedoraproject.org"
    destname: zezere
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -682,6 +682,30 @@
    tags:
    - app.os.stg.fedoraproject.org

+  - role: httpd/website
+    site_name: ocp.stg.fedoraproject.org
+    sslonly: true
+    cert_name: "{{wildcard_cert_name}}"
+    # The Connection and Upgrade headers don't work for h2
+    # So non-h2 is needed to fix websockets.
+    use_h2: false
+    tags:
+    - ocp.stg.fedoraproject.org
+    when: env == "staging"
+
+  - role: httpd/website
+    site_name: app.ocp.stg.fedoraproject.org
+    server_aliases: ["*.app.ocp.stg.fedoraproject.org"]
+    sslonly: true
+    cert_name: "{{os_wildcard_cert_name}}"
+    SSLCertificateChainFile: "{{os_wildcard_int_file}}"
+    # The Connection and Upgrade headers don't work for h2
+    # So non-h2 is needed to fix websockets.
+    use_h2: false
+    tags:
+    - app.ocp.stg.fedoraproject.org
+    when: env == "staging"
+
  - role: httpd/website
    site_name: registry.fedoraproject.org
    server_aliases: [registry.stg.fedoraproject.org registry-no-cdn.fedoraproject.org]