try os-master proxy setup

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>

playbooks/include/proxies-reverseproxy.yml

@@ -608,6 +608,12 @@
     proxyurl: http://localhost:10062
     keephost: true
 
+  - role: httpd/reverseproxy
+    website: os.fedoraproject.org
+    destname: os
+    proxyurl: http://localhost:10064
+    keephost: true
+
   - role: httpd/reverseproxy
     website: data-analysis.fedoraproject.org
     destname: awstats

playbooks/include/proxies-websites.yml

@@ -556,6 +556,12 @@
     sslonly: true
     cert_name: "{{wildcard_cert_name}}"
 
+  - role: httpd/website
+    name: os.fedoraproject.org
+    server_aliases: [os.stg.fedoraproject.org]
+    sslonly: true
+    cert_name: "{{wildcard_cert_name}}"
+
   - role: httpd/website
     name: registry.fedoraproject.org
     server_aliases: [registry.stg.fedoraproject.org]

roles/haproxy/files/os-master.staging.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
+c2hpZnQtc2lnbmVyQDE0OTQ1MjgxNDAwHhcNMTcwNTExMTg0MjE5WhcNMjIwNTEw
+MTg0MjIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE0OTQ1MjgxNDAw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjeVJrc9OaedEPF/TDYV5N
++p696vk3q7uFHm09gX7moMzf/IKxKhX3RNWdpJI9eThF2tlxXvP7j9aOb6kQWFih
+FSgQmJuQ290hH+rVzlb/s157bqqcuaUogputpMd8a2PzrSMXIXfnF2H8Et3ls63H
+fMB2uE5P24LKmsbXaTcaERyQjOOmf6+ApGJZvFb9y+1ZBJJ3b8P1tt+CKAklG7gl
+/29TEw4wy6O/1zfGoY1Sb/hlViJi3DWluCn4Ps41w3r0tObjiCKXzdGDlyRoMyYY
+Ckd4Z89LEnJ8tY+k/gUeLFRF5pQYv0eeej6JGq6p+ZCcDeDO2xPWNQhnp3/pLgQB
+AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQAciUUjlfScGmF5z7RSEsIttA7sDHzwnOt0l+iWhCbtFXhl
+yisMQLcPtsR0IprDCd8UQiuOH5c7em4BitZ0ulsgPak3nfO2o/IxA6hrFevCwGg7
+J5IAzvdfPhPb8jYxv1k7tBApEsKi6uiZyWowT1uFFbcWLeZvq1b2SDblV/cl/RrU
+XP0tv6LhT/0lqabeWiBXxe4Bf8iVujJOdFMkasaXYKu859pGxbxDDF0GvvM87iPy
+b4CYRdmIEJfQiP8nHJc+dfB9hYXH0Slq9o9NEeF0q2JwVt+C8bDCCQW0VaCY+6MB
+LNUjceqD/+nenyps0KpzyuPEzVXU3sRMtIjYoskB
+-----END CERTIFICATE-----

roles/haproxy/tasks/main.yml

@@ -36,6 +36,7 @@
         owner=root group=root mode=0600
   with_items:
   - { file: "ipa.{{env}}.pem", dest: /etc/haproxy/ipa.pem }
+  - { file: "os-master.{{env}}.pem", dest: /etc/haproxy/os-master.pem }
   tags:
   - haproxy
 

roles/haproxy/templates/haproxy.cfg

@@ -421,13 +421,21 @@ listen kojipkgs 0.0.0.0:10062
     option httpchk GET /
 {% endif %}
 
-
 listen  mbs 0.0.0.0:10063
     balance hdr(appserver)
     server  mbs-frontend01 mbs-frontend01:80 check inter 20s rise 2 fall 3
     server  mbs-frontend02 mbs-frontend02:80 check inter 20s rise 2 fall 3
     option  httpchk GET /module-build-service/1/module-builds/
 
+{% if env == "staging" %}
+listen  ipa 0.0.0.0:10064
+    balance hdr(appserver)
+    server os-master01 os-master01:8443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem
+    server os-master01 os-master02:8443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem
+    server os-master01 os-master02:8443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem
+    option  httpchk GET /
+{% endif %}
+
 
 # Apache doesn't handle the initial connection here like the other proxy
 # entries.  This proxy also doesn't use the http mode like the others.