Move keyserver to a role. Thanks misc!
This commit is contained in:
Kevin Fenzi
parent
0982cd46a9
commit
52c9e9a08d
10 changed files with 103 additions and 20 deletions
|
|
@ -80,12 +80,6 @@
|
|||
- name: restart rsyslog
|
||||
action: service name=rsyslog state=restarted
|
||||
|
||||
- name: restart sks-db
|
||||
action: service name=sks-db state=restarted
|
||||
|
||||
- name: restart sks-recon
|
||||
action: service name=sks-recon state=restarted
|
||||
|
||||
- name: restart sshd
|
||||
action: service name=sshd state=restarted
|
||||
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@
|
|||
- nagios_client
|
||||
- fas_client
|
||||
- fedmsg/base
|
||||
- keyserver
|
||||
|
||||
tasks:
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
|
|
@ -47,7 +48,6 @@
|
|||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/keyserver.yml"
|
||||
|
||||
handlers:
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
|||
83
roles/keyserver/files/sks.conf
Normal file
83
roles/keyserver/files/sks.conf
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
ServerName keys.fedoraproject.org
|
||||
Listen 80.239.156.219:11371
|
||||
NameVirtualHost *:443
|
||||
|
||||
<ifModule !mod_proxy.c>
|
||||
LoadModule proxy_module modules/mod_proxy.so
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_proxy_http.c>
|
||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_proxy_balancer.c>
|
||||
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_headers.c>
|
||||
LoadModule headers_module modules/mod_headers.so
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_authz_host.c>
|
||||
LoadModule authz_host_module modules/mod_authz_host.so
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_log_config.c>
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_env.c>
|
||||
LoadModule env_module modules/mod_env.so
|
||||
</IfModule>
|
||||
|
||||
<Directory />
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Directory>
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
||||
ServerName keys.fedoraproject.org
|
||||
ProxyPass / http://127.0.0.1:11371/
|
||||
ProxyPassReverse / http://127.0.0.1:11371/
|
||||
SetEnv proxy-nokeepalive 1
|
||||
ProxyVia Full
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443>
|
||||
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
||||
ServerName keys.fedoraproject.org
|
||||
ServerAlias keys01.fedoraproject.org
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
|
||||
SSLCertificateChainFile /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
|
||||
SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
|
||||
ProxyPass / http://localhost:11371/
|
||||
ProxyPassReverse / http://localhost:11371/
|
||||
SetEnv proxy-nokeepalive 1
|
||||
ProxyVia Full
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443>
|
||||
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
||||
ServerName pool.sks-keyservers.net
|
||||
ServerAlias sks-keyservers.net
|
||||
ServerAlias *.sks-keyservers.net
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
|
||||
SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
|
||||
ProxyPass / http://localhost:11371/
|
||||
ProxyPassReverse / http://localhost:11371/
|
||||
SetEnv proxy-nokeepalive 1
|
||||
ProxyVia Full
|
||||
</VirtualHost>
|
||||
<VirtualHost *:11371>
|
||||
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
||||
ServerName keys.fedoraproject.org
|
||||
ProxyPass / http://127.0.0.1:11371/
|
||||
ProxyPassReverse / http://127.0.0.1:11371/
|
||||
SetEnv proxy-nokeepalive 1
|
||||
ProxyVia Full
|
||||
</VirtualHost>
|
||||
6
roles/keyserver/handlers/main.yml
Normal file
6
roles/keyserver/handlers/main.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
- name: restart sks-db
|
||||
action: service name=sks-db state=restarted
|
||||
|
||||
- name: restart sks-recon
|
||||
action: service name=sks-recon state=restarted
|
||||
|
||||
|
|
@ -16,12 +16,12 @@
|
|||
owner=sks group=sks mode=0755
|
||||
|
||||
- name: /srv/sks/membership
|
||||
copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
|
||||
copy: src="membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /srv/sks/sksconf
|
||||
copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
|
||||
copy: src="sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
|
@ -32,37 +32,37 @@
|
|||
owner=sks group=sks mode=0755
|
||||
|
||||
- name: /srv/sks/web/index.html
|
||||
copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
|
||||
copy: src="index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
with_items:
|
||||
- name: /srv/sks/web/css.css
|
||||
copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
|
||||
copy: src="css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/httpd/conf.d/sks.conf
|
||||
copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
|
||||
copy: src="sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/httpd/conf.d/ssl.conf
|
||||
copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
|
||||
copy: src="ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
|
||||
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
|
||||
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
|
||||
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue