Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Make the ips and cert_name vars explicit.

Browse source
This commit is contained in:
Ralph Bean 2015-01-19 19:16:26 +00:00
parent 76be370eac
commit 100eb6b0c6
1 changed files with 89 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

99
playbooks/groups/proxies-websites.yml
View file

@ -61,13 +61,6 @@
- "[2607:f188::dead:beef:cafe:fed1]"
- "192.168.122.2"
# This is just a handy default. If 'ips' is not specified to the
# httpd/website role below, then it will use the wildcard list, which most do.
- ips: "{{wildcard_fpo_ips}}"
# This is another handy default. wildcard_cert_name is defined in group_vars
- cert_name: "{{wildcard_cert_name}}"
pre_tasks:
- name: Create /srv/web/ for all the goodies.
@ -90,12 +83,15 @@
- role: httpd/website
name: fedoraproject.org
ips: "{{fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
server_aliases: [stg.fedoraproject.org]
# This is for all the other domains we own
# that redirect to http://fedoraproject.org
- role: httpd/website
name: fedoraproject.com
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
server_aliases:
- fedora.redhat.com
- fedora.com.my
@ -130,13 +126,19 @@
name: admin.fedoraproject.org
server_aliases: [admin.stg.fedoraproject.org]
sslonly: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: cloud.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: mirrors.fedoraproject.org
server_aliases: [mirrors.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: download.fedoraproject.org
@ -152,25 +154,35 @@
- download09.fedoraproject.org
- download10.fedoraproject.org
- download.stg.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: translate.fedoraproject.org
server_aliases: [translate.stg.fedoraproject.org]
sslonly: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: spins.fedoraproject.org
server_aliases:
- spins.stg.fedoraproject.org
- spins-test.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: boot.fedoraproject.org
server_aliases: [boot.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: boot.fedoraproject.org
server_aliases: [boot.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: smolts.org
@ -179,32 +191,44 @@
- smolt.fedoraproject.org
- stg.smolts.org
- www.smolts.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: docs.fedoraproject.org
server_aliases:
- doc.fedoraproject.org
- docs.stg.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: bodhi.fedoraproject.org
server_aliases: [bodhi.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: bugz.fedoraproject.org
server_aliases: [bugz.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: fas.fedoraproject.org
server_aliases:
- fas.stg.fedoraproject.org
- accounts.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: fas.fedoraproject.org
server_aliases:
- fas.stg.fedoraproject.org
- accounts.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: fedoracommunity.org
@ -212,10 +236,14 @@
- www.fedoracommunity.org
- stg.fedoracommunity.org
ssl: false
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: get.fedoraproject.org
server_aliases: [get.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: help.fedoraproject.org
@ -224,34 +252,50 @@
- role: httpd/website
name: it.fedoracommunity.org
server_aliases: [it.fedoracommunity.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: uk.fedoracommunity.org
server_aliases:
- uk.fedoracommunity.org
- www.uk.fedoracommunity.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: people.fedoraproject.org
server_aliases: [people.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: join.fedoraproject.org
server_aliases: [join.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: l10n.fedoraproject.org
server_aliases: [l10n.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: start.fedoraproject.org
server_aliases: [start.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: kde.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: nightly.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: port389.org
@ -260,45 +304,62 @@
- 389tcp.org
- www.389tcp.org
ssl: false
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: fedoramagazine.org
server_aliases: [www.fedoramagazine.org]
cert_name: fedoramagazine.org
SSLCertificateChainFile: fedoramagazine.org.intermediate.cert
ips: "{{wildcard_fpo_ips}}"
- role: httpd/website
name: k12linux.org
server_aliases:
- www.k12linux.org
ssl: false
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: fonts.fedoraproject.org
server_aliases: [fonts.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: meetbot.fedoraproject.org
server_aliases: [meetbot.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: fudcon.fedoraproject.org
server_aliases: [fudcon.stg.fedoraproject.org]
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: ask.fedoraproject.org
server_aliases: [ask.stg.fedoraproject.org]
sslonly: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: badges.fedoraproject.org
server_aliases: [badges.stg.fedoraproject.org]
sslonly: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: darkserver.fedoraproject.org
server_aliases: [darkserver.stg.fedoraproject.org]
sslonly: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: paste.fedoraproject.org
@ -306,12 +367,16 @@
- paste.stg.fedoraproject.org
- fpaste.org
- www.fpaste.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: apps.fedoraproject.org
server_aliases: [apps.stg.fedoraproject.org]
sslonly: true
gzip: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
# Kinda silly that we have two entries here, one for prod and one for stg.
# This is inherited from our puppet setup -- we can collapse them as soon as
@ -320,6 +385,8 @@
name: taskotron.fedoraproject.org
server_aliases: [taskotron.fedoraproject.org]
sslonly: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: taskotron.stg.fedoraproject.org
@ -327,6 +394,8 @@
# Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
sslonly: true
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
when: env == "staging"
- role: httpd/website
@ -335,34 +404,40 @@
sslonly: true
# Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
when: env == "staging"
- role: httpd/website
name: id.fedoraproject.org
server_aliases:
- "*.id.fedoraproject.org"
cert_name: wildcard-2014.id.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert
when: env == "staging"
- role: httpd/website
name: id.stg.fedoraproject.org
server_aliases:
- "*.id.stg.fedoraproject.org"
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
when: env == "staging"
- role: httpd/website
name: getfedora.org
ips: "{{fpo_ips}}"
server_aliases: [stg.getfedora.org]
sslonly: true
ips: "{{fpo_ips}}"
cert_name: getfedora.org
SSLCertificateChainFile: getfedora.org.intermediate.cert
- role: httpd/website
name: qa.fedoraproject.org
ips: "{{fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
server_aliases: [qa.stg.fedoraproject.org]
sslonly: true
@ -371,8 +446,12 @@
server_aliases: [redirect.stg.fedoraproject.org]
sslonly: true
gzip: true
ips: "{{fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: geoip.fedoraproject.org
server_aliases: [geoip.stg.fedoraproject.org]
sslonly: true
ips: "{{fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"