diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 10fa661e17..90cfb67a41 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -80,12 +80,6 @@
- name: restart rsyslog
action: service name=rsyslog state=restarted
-- name: restart sks-db
- action: service name=sks-db state=restarted
-
-- name: restart sks-recon
- action: service name=sks-recon state=restarted
-
- name: restart sshd
action: service name=sshd state=restarted
diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml
index ef2fb9c7d0..4bc06fc9de 100644
--- a/playbooks/groups/keyserver.yml
+++ b/playbooks/groups/keyserver.yml
@@ -38,6 +38,7 @@
- nagios_client
- fas_client
- fedmsg/base
+ - keyserver
tasks:
- include: "{{ tasks }}/hosts.yml"
@@ -47,7 +48,6 @@
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/apache.yml"
- - include: "{{ tasks }}/keyserver.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"
diff --git a/files/keyserver/css.css b/roles/keyserver/files/css.css
similarity index 100%
rename from files/keyserver/css.css
rename to roles/keyserver/files/css.css
diff --git a/files/keyserver/index.html b/roles/keyserver/files/index.html
similarity index 100%
rename from files/keyserver/index.html
rename to roles/keyserver/files/index.html
diff --git a/files/keyserver/membership b/roles/keyserver/files/membership
similarity index 100%
rename from files/keyserver/membership
rename to roles/keyserver/files/membership
diff --git a/roles/keyserver/files/sks.conf b/roles/keyserver/files/sks.conf
new file mode 100644
index 0000000000..2b87b46b55
--- /dev/null
+++ b/roles/keyserver/files/sks.conf
@@ -0,0 +1,83 @@
+ServerName keys.fedoraproject.org
+Listen 80.239.156.219:11371
+NameVirtualHost *:443
+
+
+ LoadModule proxy_module modules/mod_proxy.so
+
+
+
+ LoadModule proxy_http_module modules/mod_proxy_http.so
+
+
+
+ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+
+
+
+ LoadModule headers_module modules/mod_headers.so
+
+
+
+ LoadModule authz_host_module modules/mod_authz_host.so
+
+
+
+ LoadModule log_config_module modules/mod_log_config.so
+
+
+
+ LoadModule env_module modules/mod_env.so
+
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+
+
+
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+ ProxyPass / http://127.0.0.1:11371/
+ ProxyPassReverse / http://127.0.0.1:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+
+
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+ ServerAlias keys01.fedoraproject.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+ SSLCertificateChainFile /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
+ SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+ ProxyPass / http://localhost:11371/
+ ProxyPassReverse / http://localhost:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+
+
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName pool.sks-keyservers.net
+ ServerAlias sks-keyservers.net
+ ServerAlias *.sks-keyservers.net
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
+ SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
+ ProxyPass / http://localhost:11371/
+ ProxyPassReverse / http://localhost:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+
+
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+ ProxyPass / http://127.0.0.1:11371/
+ ProxyPassReverse / http://127.0.0.1:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+
diff --git a/files/keyserver/sksconf b/roles/keyserver/files/sksconf
similarity index 100%
rename from files/keyserver/sksconf
rename to roles/keyserver/files/sksconf
diff --git a/files/keyserver/ssl.conf b/roles/keyserver/files/ssl.conf
similarity index 100%
rename from files/keyserver/ssl.conf
rename to roles/keyserver/files/ssl.conf
diff --git a/roles/keyserver/handlers/main.yml b/roles/keyserver/handlers/main.yml
new file mode 100644
index 0000000000..eee9214e54
--- /dev/null
+++ b/roles/keyserver/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: restart sks-db
+ action: service name=sks-db state=restarted
+
+- name: restart sks-recon
+ action: service name=sks-recon state=restarted
+
diff --git a/tasks/keyserver.yml b/roles/keyserver/tasks/main.yml
similarity index 59%
rename from tasks/keyserver.yml
rename to roles/keyserver/tasks/main.yml
index 3ed3dff007..af7c67256e 100644
--- a/tasks/keyserver.yml
+++ b/roles/keyserver/tasks/main.yml
@@ -16,12 +16,12 @@
owner=sks group=sks mode=0755
- name: /srv/sks/membership
- copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
+ copy: src="membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
tags:
- config
- name: /srv/sks/sksconf
- copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
+ copy: src="sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
tags:
- config
@@ -32,37 +32,37 @@
owner=sks group=sks mode=0755
- name: /srv/sks/web/index.html
- copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
+ copy: src="index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
tags:
- config
-
+ with_items:
- name: /srv/sks/web/css.css
- copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
+ copy: src="css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
tags:
- config
- name: /etc/httpd/conf.d/sks.conf
- copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
+ copy: src="sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
tags:
- config
- name: /etc/httpd/conf.d/ssl.conf
- copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
+ copy: src="ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
tags:
- config
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
- copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+ copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
tags:
- config
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key
- copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+ copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
tags:
- config
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
- copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
+ copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
tags:
- config