Add updated HEADER, and missing stagingyum entries #1869

ehelms · 2023-08-27T18:17:52Z

Is this enough to get a DNS entry for stagingyum.theforeman.org or do I need @ekohl / @evgeni to add one?

ehelms · 2023-08-27T18:19:13Z

Is it expected that http://web01.osuosl.theforeman.org/ serves the same page as deb.theforeman.org ?

ekohl · 2023-08-28T09:43:39Z

Is this enough to get a DNS entry for stagingyum.theforeman.org or do I need @ekohl / @evgeni to add one?

We host DNS at Gandi. I think @evgeni and I are the only ones with an account there now.

I've now created a CNAME record.

Is it expected that http://web01.osuosl.theforeman.org/ serves the same page as deb.theforeman.org ?

Apache has virtual hosts and I think the best way to describe that is the (relevant) output from httpd -S:

# httpd -S
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server archivedeb.theforeman.org (/etc/httpd/conf.d/25-archivedeb-https.conf:6)
         port 443 namevhost archivedeb.theforeman.org (/etc/httpd/conf.d/25-archivedeb-https.conf:6)
         port 443 namevhost deb.theforeman.org (/etc/httpd/conf.d/25-deb-https.conf:6)
         port 443 namevhost debugs.theforeman.org (/etc/httpd/conf.d/25-debugs-https.conf:6)
         port 443 namevhost downloads.theforeman.org (/etc/httpd/conf.d/25-downloads-https.conf:6)
         port 443 namevhost stagingdeb.theforeman.org (/etc/httpd/conf.d/25-stagingdeb-https.conf:6)
         port 443 namevhost stagingyum.theforeman.org (/etc/httpd/conf.d/25-stagingyum-https.conf:6)
         port 443 namevhost theforeman.org (/etc/httpd/conf.d/25-web-https.conf:6)
                 alias www.theforeman.org
         port 443 namevhost yum.theforeman.org (/etc/httpd/conf.d/25-yum-https.conf:6)
*:80                   is a NameVirtualHost
         default server archivedeb.theforeman.org (/etc/httpd/conf.d/25-archivedeb.conf:6)
         port 80 namevhost archivedeb.theforeman.org (/etc/httpd/conf.d/25-archivedeb.conf:6)
         port 80 namevhost deb.theforeman.org (/etc/httpd/conf.d/25-deb.conf:6)
         port 80 namevhost debugs.theforeman.org (/etc/httpd/conf.d/25-debugs.conf:6)
         port 80 namevhost downloads.theforeman.org (/etc/httpd/conf.d/25-downloads.conf:6)
         port 80 namevhost stagingdeb.theforeman.org (/etc/httpd/conf.d/25-stagingdeb.conf:6)
         port 80 namevhost stagingyum.theforeman.org (/etc/httpd/conf.d/25-stagingyum.conf:6)
         port 80 namevhost theforeman.org (/etc/httpd/conf.d/25-web.conf:6)
                 alias www.theforeman.org
         port 80 namevhost yum.theforeman.org (/etc/httpd/conf.d/25-yum.conf:6)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/etc/httpd/htdocs"
Main ErrorLog: "/var/log/httpd/error_log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

You can see that web01.osuosl.theforeman.org isn't explicitly mentioned so it falls back to the default, which is archivedeb, not deb

ehelms · 2023-08-28T11:01:42Z

@evgeni - is there some configuration needed?

Fastly error: unknown domain: stagingyum.theforeman.org. Please check that this domain has been added to a service.

Details: cache-pdk17874-PDK

ekohl · 2023-08-28T11:12:27Z

Where do you get that error? Let's Encrypt? We do have a bit of a bootstrap problem with it: IIRC you first need the HTTP vhost to exist before you can request the HTTPS certificate. Perhaps that's the problem here?

ehelms · 2023-08-28T11:25:33Z

That error is at http://stagingyum.theforeman.org

…

On Mon, Aug 28, 2023, 7:12 AM Ewoud Kohl van Wijngaarden < ***@***.***> wrote: Where do you get that error? Let's Encrypt? We do have a bit of a bootstrap problem with it: IIRC you first need the HTTP vhost to exist before you can request the HTTPS certificate. Perhaps that's the problem here? — Reply to this email directly, view it on GitHub <#1869 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AACHT47RJBLD6DAC4I4QJDLXXR4KLANCNFSM6AAAAAA4APBRNQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

ekohl · 2023-08-28T11:38:32Z

Ah, we need to set up the CDN as well. Previously @evgeni has used

foreman-infra/ansible/fastly.yml

Lines 37 to 42 in d3863fb

    
           with_items: 
        
             - archivedeb 
        
             - deb 
        
             - downloads 
        
             - stagingdeb 
        
             - yum

to set that part up.

Add updated HEADER, and missing stagingyum entries

cf28026

ekohl merged commit d3863fb into theforeman:master Aug 28, 2023
2 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add updated HEADER, and missing stagingyum entries #1869

Add updated HEADER, and missing stagingyum entries #1869

ehelms commented Aug 27, 2023

ehelms commented Aug 27, 2023

ekohl commented Aug 28, 2023

ehelms commented Aug 28, 2023

ekohl commented Aug 28, 2023

ehelms commented Aug 28, 2023 via email

ekohl commented Aug 28, 2023

Add updated HEADER, and missing stagingyum entries #1869

Add updated HEADER, and missing stagingyum entries #1869

Conversation

ehelms commented Aug 27, 2023

ehelms commented Aug 27, 2023

ekohl commented Aug 28, 2023

ehelms commented Aug 28, 2023

ekohl commented Aug 28, 2023

ehelms commented Aug 28, 2023 via email

ekohl commented Aug 28, 2023