Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Working on the proxies-websites.yml playbook.

Browse source
This commit is contained in:
Ralph Bean 2014-12-07 23:39:44 +00:00
parent ee9fbbecaa
commit 00269dc0a8
14 changed files with 139 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
inventory/group_vars/all
View file

@ -44,6 +44,10 @@ virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
--network bridge=br0,model=virtio --network bridge=br0,model=virtio
--autostart --noautoconsole --autostart --noautoconsole
# This is the wildcard certname for our proxies. It has a different name for
# the staging group and is used in the proxies.yml playbook.
wildcard_ssl_cert: wildcard-2014.fedoraproject.org
# By default, nodes get no fedmsg certs. They need to declare them explicitly. # By default, nodes get no fedmsg certs. They need to declare them explicitly.
fedmsg_certs: [] fedmsg_certs: []

3
inventory/group_vars/staging
View file

@ -2,3 +2,6 @@
freezes: false freezes: false
env: staging env: staging
host_group: staging host_group: staging
# This is the wildcard certname for our stg proxies.
wildcard_ssl_cert: wildcard-2014.stg.fedoraproject.org

1
playbooks/groups/proxies-redirects.yml
View file

@ -2,7 +2,6 @@
hosts: proxies-stg hosts: proxies-stg
user: root user: root
gather_facts: True gather_facts: True
accelerate: "{{ accelerated }}"
vars_files: vars_files:
- /srv/web/infra/ansible/vars/global.yml - /srv/web/infra/ansible/vars/global.yml

31
playbooks/groups/proxies-websites.yml Normal file
View file

@ -0,0 +1,31 @@
- name: Set up those proxy websites. My, my..
hosts: proxies-stg
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- include: "{{ handlers }}/restart_services.yml"
vars:
- ssl: true
- SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
# wildcard_cert_name is defined in group_vars
roles:
- role: httpd/website
name: fedoraproject.org
server_aliases: [stg.fedoraproject.org]
cert_name: {{wildcard_cert_name}}
- role: httpd/website
name: admin.fedoraproject.org
server_aliases: [admin.stg.fedoraproject.org]
cert_name: {{wildcard_cert_name}}
sslonly: true

2
playbooks/groups/proxies.yml
View file

@ -4,7 +4,6 @@
hosts: proxies-stg hosts: proxies-stg
user: root user: root
gather_facts: False gather_facts: False
accelerate: "{{ accelerated }}"
vars_files: vars_files:
- /srv/web/infra/ansible/vars/global.yml - /srv/web/infra/ansible/vars/global.yml
@ -21,7 +20,6 @@
hosts: proxies-stg hosts: proxies-stg
user: root user: root
gather_facts: True gather_facts: True
accelerate: "{{ accelerated }}"
vars_files: vars_files:
- /srv/web/infra/ansible/vars/global.yml - /srv/web/infra/ansible/vars/global.yml

2
roles/httpd/website/files/robots/robots.txt Normal file
View file

@ -0,0 +1,2 @@
User-agent: *
Crawl-delay: 10

8
roles/httpd/website/files/robots/robots.txt.admin.fedoraproject.org Normal file
View file

@ -0,0 +1,8 @@
User-agent: *
Disallow: /voting
Disallow: /mirrormanager
Disallow: /pkgdb/packages/name
# Temp block http://www.80legs.com/webcrawler.html
User-agent: 008
Disallow: /

2
roles/httpd/website/files/robots/robots.txt.fedoraproject.org Normal file
View file

@ -0,0 +1,2 @@
User-agent: *
Disallow: /wikiold

4
roles/httpd/website/files/robots/robots.txt.lockbox01 Normal file
View file

@ -0,0 +1,4 @@
User-agent: *
Crawl-delay: 10
Allow: /infra/docs/
Disallow: /infra

4
roles/httpd/website/files/robots/robots.txt.translate.fedoraproject.org Normal file
View file

@ -0,0 +1,4 @@
User-agent: *
Crawl-delay: 10
Disallow: /*download_zip/$
Disallow: /*download_targz/$

70
roles/httpd/website/tasks/main.yml Normal file
View file

@ -0,0 +1,70 @@
# Expected vars
# - name...
# - ips: []
# - server_aliases: []
# - server_admin: webmaster@fedoraproject.org
# - ssl: true
# - sslonly: false
# - cert_name: ""
# - SSLCertificateChainFile: ""
# - gzip: false
- name: Create site directory in httpd/conf.d/{{name}}
file: >
dest=/etc/httpd/conf.d/{{name}}
state=directory
owner=root
group=root
mode=0755
notify:
- restart httpd
tags:
- httpd
- httpd/website
# TODO - copy in Httpd::Certificate
- name: Copy over primary template for {{name}}
template: >
src=website.conf
dest=/etc/httpd/conf.d/{{name}}.conf
owner=root
group=root
mode=0644
notify:
- restart httpd
tags:
- httpd
- httpd/redirect
- name: Copy over some subordinate templates for {{name}}
template: >
src={{item}}.conf
dest=/etc/httpd/conf.d/{{name}}/{{item}}.conf
owner=root
group=root
mode=0644
with_items:
- logs
- robots
notify:
- restart httpd
tags:
- httpd
- httpd/redirect
- name: And lastly, the robots.txt file
copy: >
src={{item}}
dest=/srv/web/robots.txt.{{name}}
mode=0644
owner=root
group=root
with_first_found:
- robots/robots.txt.{{name}}
- robots/robots.txt
notify:
- restart httpd
tags:
- httpd
- httpd/redirect

2
roles/httpd/website/templates/logs.conf Normal file
View file

@ -0,0 +1,2 @@
CustomLog "logs/{{ name }}-access.log" combined
ErrorLog "logs/{{ name }}-error.log"

1
roles/httpd/website/templates/robots.conf Normal file
View file

@ -0,0 +1 @@
Alias /robots.txt /srv/web/robots.txt.{{ name }}

8
roles/httpd/website/vars/main.yml Normal file
View file

@ -0,0 +1,8 @@
ips: []
server_aliases: []
server_admin: webmaster@fedoraproject.org
ssl: true
sslonly: false
cert_name: ""
SSLCertificateChainFile: ""
gzip: false