Create directory for registry-signatures

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-02-21 14:34:37 +00:00 · 2017-02-21 14:34:37 +00:00 · 49323cdec7
commit 49323cdec7
parent fb85471281
5 changed files with 33 additions and 0 deletions
--- a/roles/fedora-web/build/tasks/main.yml
+++ b/roles/fedora-web/build/tasks/main.yml
@ -46,6 +46,11 @@
  tags:
  - fedora-web

+- name: make registry-signatures dir
+  file: state=directory path=/srv/web/registry-signatures owner=apache group=sysadmin-releng mode=2775 setype=httpd_sys_content_t seuser=system_u
+  tags:
+  - fedora-web
+
 - name: Copy syncStatic script (stg)
  when: env == "staging"
  copy: >
--- a/roles/fedora-web/registry/tasks/main.yml
+++ b/roles/fedora-web/registry/tasks/main.yml
@ -7,6 +7,12 @@
  - fedora-web
  - fedora-web/registry

+- name: Copy in the sync-registry-signatures cronjob
+  copy: src=cron-sync-registry-signatures dest=/etc/cron.d/sync-registry-signatures
+  tags:
+  - fedora-web
+  - fedora-web/registry
+
 - name: Copy over the registry passwd
  copy: src=passwd dest=/etc/httpd/conf.d/registry.fedoraproject.org/passwd
        owner=root group=root mode=0644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf
@ -3,6 +3,8 @@ RequestHeader set X-Scheme https early
 RequestHeader set X-Forwarded-Proto https early
 ProxyPreserveHost On

+Alias /signatures /srv/web/registry-signatures
+
 RewriteEngine on
 {% if env == "production" %}
 RewriteCond %{HTTP:VIA} !cdn77
@ -20,6 +22,10 @@ SSLVerifyDepth 1
 SSLCACertificateFile /etc/pki/httpd/fedora-server-ca.cert
 SSLOptions +FakeBasicAuth

+<Directory /srv/web/registry-signatures>
+    Require all granted
+</Directory>
+

 <Location /v2>
  Order deny,allow
--- a/roles/rsyncd/files/rsyncd.conf.sundries
+++ b/roles/rsyncd/files/rsyncd.conf.sundries
@ -181,3 +181,11 @@ uid = root
 gid = root
 read only = yes
 hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0
+
+[registry-signatures]
+comment = registry-signatures
+path = /srv/web/registry-signatures
+uid = root
+gid = root
+read only = yes
+hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0
--- a/roles/rsyncd/files/rsyncd.conf.sundries-stg
+++ b/roles/rsyncd/files/rsyncd.conf.sundries-stg
@ -181,3 +181,11 @@ uid = root
 gid = root
 read only = yes
 hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0
+
+[registry-signatures]
+comment = registry-signatures
+path = /srv/web/registry-signatures
+uid = root
+gid = root
+read only = yes
+hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0