Working on the proxies-websites.yml playbook.

2014-12-07 23:39:44 +00:00 · 2014-12-07 23:39:44 +00:00 · 00269dc0a8
commit 00269dc0a8
parent ee9fbbecaa
14 changed files with 139 additions and 3 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -44,6 +44,10 @@ virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
                 --network bridge=br0,model=virtio
                 --autostart --noautoconsole

+# This is the wildcard certname for our proxies.  It has a different name for
+# the staging group and is used in the proxies.yml playbook.
+wildcard_ssl_cert: wildcard-2014.fedoraproject.org
+
 # By default, nodes get no fedmsg certs.  They need to declare them explicitly.
 fedmsg_certs: []

--- a/inventory/group_vars/staging
+++ b/inventory/group_vars/staging
@ -2,3 +2,6 @@
 freezes: false
 env: staging
 host_group: staging
+
+# This is the wildcard certname for our stg proxies.
+wildcard_ssl_cert: wildcard-2014.stg.fedoraproject.org
--- a/playbooks/groups/proxies-redirects.yml
+++ b/playbooks/groups/proxies-redirects.yml
@ -2,7 +2,6 @@
  hosts: proxies-stg
  user: root
  gather_facts: True
-  accelerate: "{{ accelerated }}"

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
--- a/playbooks/groups/proxies-websites.yml
+++ b/playbooks/groups/proxies-websites.yml
@ -0,0 +1,31 @@
+- name: Set up those proxy websites.  My, my..
+  hosts: proxies-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+  vars:
+  - ssl: true
+  - SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
+
+  # wildcard_cert_name is defined in group_vars
+
+  roles:
+
+  - role: httpd/website
+    name: fedoraproject.org
+    server_aliases: [stg.fedoraproject.org]
+    cert_name: {{wildcard_cert_name}}
+
+  - role: httpd/website
+    name: admin.fedoraproject.org
+    server_aliases: [admin.stg.fedoraproject.org]
+    cert_name: {{wildcard_cert_name}}
+    sslonly: true
--- a/playbooks/groups/proxies.yml
+++ b/playbooks/groups/proxies.yml
@ -4,7 +4,6 @@
  hosts: proxies-stg
  user: root
  gather_facts: False
-  accelerate: "{{ accelerated }}"

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
@ -21,7 +20,6 @@
  hosts: proxies-stg
  user: root
  gather_facts: True
-  accelerate: "{{ accelerated }}"

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
--- a/roles/httpd/website/files/robots/robots.txt
+++ b/roles/httpd/website/files/robots/robots.txt
@ -0,0 +1,2 @@
+User-agent: *
+Crawl-delay: 10
--- a/roles/httpd/website/files/robots/robots.txt.admin.fedoraproject.org
+++ b/roles/httpd/website/files/robots/robots.txt.admin.fedoraproject.org
@ -0,0 +1,8 @@
+User-agent: *
+Disallow: /voting
+Disallow: /mirrormanager
+Disallow: /pkgdb/packages/name
+
+# Temp block http://www.80legs.com/webcrawler.html
+User-agent: 008
+Disallow: /	
--- a/roles/httpd/website/files/robots/robots.txt.fedoraproject.org
+++ b/roles/httpd/website/files/robots/robots.txt.fedoraproject.org
@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /wikiold
--- a/roles/httpd/website/files/robots/robots.txt.lockbox01
+++ b/roles/httpd/website/files/robots/robots.txt.lockbox01
@ -0,0 +1,4 @@
+User-agent: *
+Crawl-delay: 10
+Allow: /infra/docs/
+Disallow: /infra
--- a/roles/httpd/website/files/robots/robots.txt.translate.fedoraproject.org
+++ b/roles/httpd/website/files/robots/robots.txt.translate.fedoraproject.org
@ -0,0 +1,4 @@
+User-agent: *
+Crawl-delay: 10
+Disallow: /*download_zip/$
+Disallow: /*download_targz/$
--- a/roles/httpd/website/tasks/main.yml
+++ b/roles/httpd/website/tasks/main.yml
@ -0,0 +1,70 @@
+# Expected vars
+# - name...
+# - ips: []
+# - server_aliases: []
+# - server_admin: webmaster@fedoraproject.org
+# - ssl: true
+# - sslonly: false
+# - cert_name: ""
+# - SSLCertificateChainFile: ""
+# - gzip: false
+
+- name: Create site directory in httpd/conf.d/{{name}}
+  file: >
+    dest=/etc/httpd/conf.d/{{name}}
+    state=directory
+    owner=root
+    group=root
+    mode=0755
+  notify:
+  - restart httpd
+  tags:
+  - httpd
+  - httpd/website
+
+# TODO - copy in Httpd::Certificate
+
+- name: Copy over primary template for {{name}}
+  template: >
+    src=website.conf
+    dest=/etc/httpd/conf.d/{{name}}.conf
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - httpd
+  - httpd/redirect
+
+- name: Copy over some subordinate templates for {{name}}
+  template: >
+    src={{item}}.conf
+    dest=/etc/httpd/conf.d/{{name}}/{{item}}.conf
+    owner=root
+    group=root
+    mode=0644
+  with_items:
+  - logs
+  - robots
+  notify:
+  - restart httpd
+  tags:
+  - httpd
+  - httpd/redirect
+
+- name: And lastly, the robots.txt file
+  copy: >
+    src={{item}}
+    dest=/srv/web/robots.txt.{{name}}
+    mode=0644
+    owner=root
+    group=root
+  with_first_found:
+  - robots/robots.txt.{{name}}
+  - robots/robots.txt
+  notify:
+  - restart httpd
+  tags:
+  - httpd
+  - httpd/redirect
--- a/roles/httpd/website/templates/logs.conf
+++ b/roles/httpd/website/templates/logs.conf
@ -0,0 +1,2 @@
+CustomLog "logs/{{ name }}-access.log" combined
+ErrorLog "logs/{{ name }}-error.log"
--- a/roles/httpd/website/templates/robots.conf
+++ b/roles/httpd/website/templates/robots.conf
@ -0,0 +1 @@
+Alias /robots.txt /srv/web/robots.txt.{{ name }}
--- a/roles/httpd/website/vars/main.yml
+++ b/roles/httpd/website/vars/main.yml
@ -0,0 +1,8 @@
+ips: []                                  
+server_aliases: []                       
+server_admin: webmaster@fedoraproject.org
+ssl: true
+sslonly: false                           
+cert_name: ""                            
+SSLCertificateChainFile: ""              
+gzip: false
				`@ -0,0 +1 @@`
				`Alias /robots.txt /srv/web/robots.txt.{{ name }}`