diff --git a/data/common/common.yaml b/data/common/common.yaml --- a/data/common/common.yaml +++ b/data/common/common.yaml @@ -947,9 +947,9 @@ azure-billing.internal.admin.swh.network: domains: - azure-billing.internal.admin.swh.network - maven-exporter0.internal.staging.swh.network: + maven-exporter.internal.staging.swh.network: domains: - - maven-exporter.internal.admin.swh.network + - maven-exporter.internal.staging.swh.network bind::update_key: local-update @@ -1109,8 +1109,8 @@ data: money.internal.admin.swh.network. maven-index-exporter/CNAME: type: CNAME - record: maven-exporter0.internal.staging.swh.network - data: maven-exporter.internal.staging.swh.network. + record: maven-exporter.internal.staging.swh.network + data: maven-exporter0.internal.staging.swh.network. # Non-puppet azure hosts pgmirror0.euwest.azure/A: record: pgmirror0.euwest.azure.internal.softwareheritage.org diff --git a/data/subnets/vagrant.yaml b/data/subnets/vagrant.yaml --- a/data/subnets/vagrant.yaml +++ b/data/subnets/vagrant.yaml @@ -221,6 +221,8 @@ host: vault.internal.staging.swh.network 10.168.130.70: host: maven-exporter0.internal.staging.swh.network + aliases: + - maven-exporter.internal.staging.swh.network 10.168.130.80: host: search-esnode0.internal.staging.swh.network 10.168.130.90: diff --git a/site-modules/profile/manifests/maven_index_exporter.pp b/site-modules/profile/manifests/maven_index_exporter.pp --- a/site-modules/profile/manifests/maven_index_exporter.pp +++ b/site-modules/profile/manifests/maven_index_exporter.pp @@ -101,4 +101,88 @@ active => true, } } + + # Vhost declaration + + ::apache::vhost {"${vhost_name}_non-ssl": + servername => $vhost_name, + port => '80', + docroot => $publish_path, + manage_docroot => false, + redirect_status => 'permanent', + redirect_dest => "https://${vhost_name}/", + } + + ::profile::letsencrypt::certificate {$vhost_name:} + + $cert_paths = ::profile::letsencrypt::certificate_paths($vhost_name) + ::apache::vhost {"${vhost_name}_ssl": + servername => $vhost_name, + port => '443', + ssl => true, + ssl_protocol => $vhost_ssl_protocol, + ssl_honorcipherorder => $vhost_ssl_honorcipherorder, + ssl_cipher => $vhost_ssl_cipher, + ssl_cert => $cert_paths['cert'], + ssl_chain => $cert_paths['chain'], + ssl_key => $cert_paths['privkey'], + headers => [$vhost_hsts_header], + docroot => $publish_path, + manage_docroot => false, + require => [ + File[$cert_paths['cert']], + File[$cert_paths['chain']], + File[$cert_paths['privkey']], + ], + } + + File[$cert_paths['cert'], $cert_paths['chain'], $cert_paths['privkey']] ~> Class['Apache::Service'] + + @@::icinga2::object::service {"Maven Index Exporter report http redirect on ${::fqdn}": + service_name => 'maven index exporter report http redirect', + import => ['generic-service'], + host_name => $::fqdn, + check_command => 'http', + vars => { + http_address => $vhost_name, + http_vhost => $vhost_name, + http_uri => '/', + }, + target => $icinga_checks_file, + tag => 'icinga2::exported', + } + + @@::icinga2::object::service {"Maven Index Exporter report https on ${::fqdn}": + service_name => 'maven index exporter report https', + import => ['generic-service'], + host_name => $::fqdn, + check_command => 'http', + vars => { + http_address => $vhost_name, + http_vhost => $vhost_name, + http_ssl => true, + http_sni => true, + http_uri => '/', + http_onredirect => sticky + }, + target => $icinga_checks_file, + tag => 'icinga2::exported', + } + + @@::icinga2::object::service {"Maven Index Exporter report https certificate ${::fqdn}": + service_name => 'maven index exporter report https certificate', + import => ['generic-service'], + host_name => $::fqdn, + check_command => 'http', + vars => { + http_address => $vhost_name, + http_vhost => $vhost_name, + http_ssl => true, + http_sni => true, + http_certificate => 25, + }, + target => $icinga_checks_file, + tag => 'icinga2::exported', + } + } diff --git a/site-modules/role/manifests/swh_maven_index_exporter.pp b/site-modules/role/manifests/swh_maven_index_exporter.pp --- a/site-modules/role/manifests/swh_maven_index_exporter.pp +++ b/site-modules/role/manifests/swh_maven_index_exporter.pp @@ -1,5 +1,6 @@ # SWH maven index exporter service class role::swh_maven_index_exporter inherits role::swh_base { include profile::docker + include profile::apache::simple_server include profile::maven_index_exporter }