Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

dist-git: setup for production

Browse source
This commit is contained in:
clime 2017-05-31 18:07:53 +02:00
parent 7aca0c8328
commit 70442e105d
5 changed files with 11 additions and 171 deletions
Download patch file Download diff file Expand all files Collapse all files

99
roles/distgit/tasks/main.yml
View file

@ -17,25 +17,15 @@
tags: tags:
- distgit - distgit
- name: install the httpd config file - name: uninstall the httpd config file of non-packaged dist-git
copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
when: env != "staging"
notify:
- reload httpd
tags:
- distgit
- name: uninstall the httpd config file
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent
when: env == "staging"
notify: notify:
- reload httpd - reload httpd
tags: tags:
- distgit - distgit
- name: install the httpd config directory - name: uninstall the httpd config directory of non-packaged dist-git
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent
when: env != "staging"
notify: notify:
- reload httpd - reload httpd
tags: tags:
@ -81,13 +71,11 @@
with_items: with_items:
- dist-git - dist-git
- dist-git-selinux - dist-git-selinux
when: env == "staging"
tags: tags:
- distgit - distgit
- name: install the dist-git config - name: install the dist-git config
copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf
when: env == "staging"
tags: tags:
- config - config
- distgit - distgit
@ -135,8 +123,8 @@
tags: tags:
- distgit - distgit
- name: install the distgit scripts - name: uninstall the distgit scripts of non-packaged dist-git
copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755 file: dest=/usr/local/bin/{{item}} state=absent
with_items: with_items:
- setup_git_package - setup_git_package
- mkbranch - mkbranch
@ -145,25 +133,8 @@
- config - config
- distgit - distgit
- name: install the Dist Git-related httpd config - name: install the DistGit related httpd config
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
when: env != "staging"
notify:
- reload httpd
tags:
- distgit
- name: install the Dist Git-related httpd config
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf
when: env == "staging"
notify:
- reload httpd
tags:
- distgit
- name: Symlink pkgs-git-repos-list
copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf
when: env != "staging"
notify: notify:
- reload httpd - reload httpd
tags: tags:
@ -171,7 +142,6 @@
- name: Symlink pkgs-git-repos-list - name: Symlink pkgs-git-repos-list
copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
when: env == "staging"
notify: notify:
- reload httpd - reload httpd
tags: tags:
@ -360,18 +330,8 @@
notify: notify:
- reload httpd - reload httpd
- name: install the CGit-related httpd redirect config
copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
when: env != "staging"
tags:
- distgit
- cgit
notify:
- reload httpd
- name: install the CGit-related httpd redirect config - name: install the CGit-related httpd redirect config
copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf
when: env == "staging"
tags: tags:
- distgit - distgit
- cgit - cgit
@ -389,23 +349,11 @@
# -- Lookaside Cache ------------------------------------- # -- Lookaside Cache -------------------------------------
# This is the annex to Dist Git, where we host source tarballs. # This is the annex to Dist Git, where we host source tarballs.
- name: install the Lookaside Cache httpd configs
template: src={{item}} dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/{{item}}
with_items:
- lookaside.conf
- lookaside-upload.conf
when: env != "staging"
notify:
- reload httpd
tags:
- distgit
- name: install the Lookaside Cache httpd configs - name: install the Lookaside Cache httpd configs
template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}} template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}}
with_items: with_items:
- lookaside.conf - lookaside.conf
- lookaside-upload-stg.conf - lookaside-upload.conf
when: env == "staging"
notify: notify:
- reload httpd - reload httpd
tags: tags:
@ -499,42 +447,13 @@
tags: tags:
- distgit - distgit
- name: create /srv/web directory - name: uninstall the upload CGI script of non-packaged dist-git
file: dest=/srv/web state=directory file: dest=/srv/web/upload.cgi state=absent
- name: install the upload CGI script
copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
notify: notify:
- reload httpd - reload httpd
tags: tags:
- distgit - distgit
- name: uninstall the httpd config directory
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent
when: env == "staging"
notify:
- reload httpd
tags:
- distgit
- name: check the selinux context of the upload CGI script
command: matchpathcon /srv/web/upload.cgi
register: upcgicontext
check_mode: no
changed_when: false
tags:
- config
- lookaside
- selinux
- name: set the SELinux policy for the upload CGI script
command: semanage fcontext -a -t git_script_exec_t "/srv/web/upload.cgi"
when: upcgicontext.stdout.find('git_script_exec_t') == -1
tags:
- config
- lookaside
- selinux
# Three tasks for handling our selinux policy for upload.cgi # Three tasks for handling our selinux policy for upload.cgi
- name: ensure a directory exists for our SELinux policy - name: ensure a directory exists for our SELinux policy
file: dest=/usr/local/share/selinux/ state=directory file: dest=/usr/local/share/selinux/ state=directory

66
roles/distgit/templates/lookaside-upload-stg.conf
View file

@ -1,66 +0,0 @@
Alias /repo/ /srv/cache/lookaside/
# default SSL configuration...
Listen 443
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
Mutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:80>
ServerName pkgs.{{ env_suffix }}fedoraproject.org
#Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
# This is temporary for fixing Kojid because of firewall rules
Alias /repo/ /srv/cache/lookaside/
</VirtualHost>
<VirtualHost _default_:443>
# This alias must come before the /repo/ one to avoid being overridden.
ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
Alias /repo/ /srv/cache/lookaside/
ServerName pkgs{{ env_suffix }}.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
SSLEngine on
SSLCertificateFile conf/pkgs.fedoraproject.org_key_and_cert.pem
SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem
SSLCACertificateFile conf/cacert.pem
SSLCARevocationFile /etc/pki/tls/crl.pem
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
</VirtualHost>
# Allow upload via src
<VirtualHost _default_:80>
# This alias must come before the /repo/ one to avoid being overridden.
ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
Alias /repo/ /srv/cache/lookaside/
ServerName src{{ env_suffix }}.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
ErrorLog logs/ssl_error_log
<Location /repo/pkgs/upload.cgi>
Options +ExecCGI
AuthType GSSAPI
GssapiSSLonly Off
AuthName "GSSAPI Single Sign On Login"
GssapiCredStore keytab:/etc/httpd.keytab
Require valid-user
</Location>
</VirtualHost>

4
roles/distgit/templates/lookaside-upload.conf
View file

@ -21,7 +21,7 @@ SSLCryptoDevice builtin
<VirtualHost _default_:443> <VirtualHost _default_:443>
# This alias must come before the /repo/ one to avoid being overridden. # This alias must come before the /repo/ one to avoid being overridden.
ScriptAlias /repo/pkgs/upload.cgi /srv/web/upload.cgi ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
Alias /repo/ /srv/cache/lookaside/ Alias /repo/ /srv/cache/lookaside/
ServerName pkgs{{ env_suffix }}.fedoraproject.org ServerName pkgs{{ env_suffix }}.fedoraproject.org
@ -43,7 +43,7 @@ SSLCryptoDevice builtin
# Allow upload via src # Allow upload via src
<VirtualHost _default_:80> <VirtualHost _default_:80>
# This alias must come before the /repo/ one to avoid being overridden. # This alias must come before the /repo/ one to avoid being overridden.
ScriptAlias /repo/pkgs/upload.cgi /srv/web/upload.cgi ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
Alias /repo/ /srv/cache/lookaside/ Alias /repo/ /srv/cache/lookaside/
ServerName src{{ env_suffix }}.fedoraproject.org ServerName src{{ env_suffix }}.fedoraproject.org

4
roles/distgit/templates/pkgdb2-clone
View file

@ -13,11 +13,7 @@ NEW_EPEL_VERSION = '7'
NEW_EPEL_SOURCE_BRANCH = 'f19' NEW_EPEL_SOURCE_BRANCH = 'f19'
RHEL_PKGS_PATH = '/var/lib/rhel/rhel' + NEW_EPEL_VERSION RHEL_PKGS_PATH = '/var/lib/rhel/rhel' + NEW_EPEL_VERSION
{% if env == 'staging' -%}
MKBRANCH = '/usr/share/dist-git/mkbranch' MKBRANCH = '/usr/share/dist-git/mkbranch'
{%- else -%}
MKBRANCH = '/usr/local/bin/mkbranch'
{%- endif %}
# parse_page :: String -> IO (Map String String) # parse_page :: String -> IO (Map String String)
# This returns a dictionary of {"pkg_name": "branch"} # This returns a dictionary of {"pkg_name": "branch"}

9
roles/distgit/templates/pkgdb_sync_git_branches.py
View file

@ -70,17 +70,8 @@ PKGDB_URL = 'https://admin.fedoraproject.org/pkgdb'
GIT_FOLDER = '/srv/git/repositories/' GIT_FOLDER = '/srv/git/repositories/'
{% if env == 'staging' -%}
MKBRANCH = '/usr/share/dist-git/mkbranch' MKBRANCH = '/usr/share/dist-git/mkbranch'
{%- else -%}
MKBRANCH = '/usr/local/bin/mkbranch'
{%- endif %}
{% if env == 'staging' -%}
SETUP_PACKAGE = '/usr/share/dist-git/setup_git_package' SETUP_PACKAGE = '/usr/share/dist-git/setup_git_package'
{%- else -%}
SETUP_PACKAGE = '/usr/local/bin/setup_git_package'
{%- endif %}
THREADS = 20 THREADS = 20
VERBOSE = False VERBOSE = False