dist-git: setup for production
This commit is contained in:
clime
parent
7aca0c8328
commit
70442e105d
5 changed files with 11 additions and 171 deletions
|
|
@ -17,25 +17,15 @@
|
|||
tags:
|
||||
- distgit
|
||||
|
||||
- name: install the httpd config file
|
||||
copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
|
||||
when: env != "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: uninstall the httpd config file
|
||||
- name: uninstall the httpd config file of non-packaged dist-git
|
||||
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent
|
||||
when: env == "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: install the httpd config directory
|
||||
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
|
||||
when: env != "staging"
|
||||
- name: uninstall the httpd config directory of non-packaged dist-git
|
||||
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
|
|
@ -81,13 +71,11 @@
|
|||
with_items:
|
||||
- dist-git
|
||||
- dist-git-selinux
|
||||
when: env == "staging"
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: install the dist-git config
|
||||
copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf
|
||||
when: env == "staging"
|
||||
tags:
|
||||
- config
|
||||
- distgit
|
||||
|
|
@ -135,8 +123,8 @@
|
|||
tags:
|
||||
- distgit
|
||||
|
||||
- name: install the distgit scripts
|
||||
copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
|
||||
- name: uninstall the distgit scripts of non-packaged dist-git
|
||||
file: dest=/usr/local/bin/{{item}} state=absent
|
||||
with_items:
|
||||
- setup_git_package
|
||||
- mkbranch
|
||||
|
|
@ -145,25 +133,8 @@
|
|||
- config
|
||||
- distgit
|
||||
|
||||
- name: install the Dist Git-related httpd config
|
||||
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
|
||||
when: env != "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: install the Dist Git-related httpd config
|
||||
- name: install the DistGit related httpd config
|
||||
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf
|
||||
when: env == "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: Symlink pkgs-git-repos-list
|
||||
copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf
|
||||
when: env != "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
|
|
@ -171,7 +142,6 @@
|
|||
|
||||
- name: Symlink pkgs-git-repos-list
|
||||
copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
|
||||
when: env == "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
|
|
@ -360,18 +330,8 @@
|
|||
notify:
|
||||
- reload httpd
|
||||
|
||||
- name: install the CGit-related httpd redirect config
|
||||
copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
|
||||
when: env != "staging"
|
||||
tags:
|
||||
- distgit
|
||||
- cgit
|
||||
notify:
|
||||
- reload httpd
|
||||
|
||||
- name: install the CGit-related httpd redirect config
|
||||
copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf
|
||||
when: env == "staging"
|
||||
tags:
|
||||
- distgit
|
||||
- cgit
|
||||
|
|
@ -389,23 +349,11 @@
|
|||
|
||||
# -- Lookaside Cache -------------------------------------
|
||||
# This is the annex to Dist Git, where we host source tarballs.
|
||||
- name: install the Lookaside Cache httpd configs
|
||||
template: src={{item}} dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/{{item}}
|
||||
with_items:
|
||||
- lookaside.conf
|
||||
- lookaside-upload.conf
|
||||
when: env != "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: install the Lookaside Cache httpd configs
|
||||
template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}}
|
||||
with_items:
|
||||
- lookaside.conf
|
||||
- lookaside-upload-stg.conf
|
||||
when: env == "staging"
|
||||
- lookaside-upload.conf
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
|
|
@ -499,42 +447,13 @@
|
|||
tags:
|
||||
- distgit
|
||||
|
||||
- name: create /srv/web directory
|
||||
file: dest=/srv/web state=directory
|
||||
|
||||
- name: install the upload CGI script
|
||||
copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
|
||||
- name: uninstall the upload CGI script of non-packaged dist-git
|
||||
file: dest=/srv/web/upload.cgi state=absent
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: uninstall the httpd config directory
|
||||
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent
|
||||
when: env == "staging"
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: check the selinux context of the upload CGI script
|
||||
command: matchpathcon /srv/web/upload.cgi
|
||||
register: upcgicontext
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
tags:
|
||||
- config
|
||||
- lookaside
|
||||
- selinux
|
||||
|
||||
- name: set the SELinux policy for the upload CGI script
|
||||
command: semanage fcontext -a -t git_script_exec_t "/srv/web/upload.cgi"
|
||||
when: upcgicontext.stdout.find('git_script_exec_t') == -1
|
||||
tags:
|
||||
- config
|
||||
- lookaside
|
||||
- selinux
|
||||
|
||||
# Three tasks for handling our selinux policy for upload.cgi
|
||||
- name: ensure a directory exists for our SELinux policy
|
||||
file: dest=/usr/local/share/selinux/ state=directory
|
||||
|
|
|
|||
|
|
@ -1,66 +0,0 @@
|
|||
Alias /repo/ /srv/cache/lookaside/
|
||||
|
||||
# default SSL configuration...
|
||||
Listen 443
|
||||
|
||||
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
Mutex default
|
||||
|
||||
SSLRandomSeed startup file:/dev/urandom 256
|
||||
SSLRandomSeed connect builtin
|
||||
SSLCryptoDevice builtin
|
||||
|
||||
<VirtualHost _default_:80>
|
||||
ServerName pkgs.{{ env_suffix }}fedoraproject.org
|
||||
#Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
|
||||
# This is temporary for fixing Kojid because of firewall rules
|
||||
Alias /repo/ /srv/cache/lookaside/
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
# This alias must come before the /repo/ one to avoid being overridden.
|
||||
ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
|
||||
|
||||
Alias /repo/ /srv/cache/lookaside/
|
||||
ServerName pkgs{{ env_suffix }}.fedoraproject.org
|
||||
ServerAdmin webmaster@fedoraproject.org
|
||||
|
||||
SSLEngine on
|
||||
|
||||
SSLCertificateFile conf/pkgs.fedoraproject.org_key_and_cert.pem
|
||||
SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem
|
||||
SSLCACertificateFile conf/cacert.pem
|
||||
SSLCARevocationFile /etc/pki/tls/crl.pem
|
||||
|
||||
SSLProtocol {{ ssl_protocols }}
|
||||
SSLCipherSuite {{ ssl_ciphers }}
|
||||
|
||||
Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
|
||||
</VirtualHost>
|
||||
|
||||
# Allow upload via src
|
||||
<VirtualHost _default_:80>
|
||||
# This alias must come before the /repo/ one to avoid being overridden.
|
||||
ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
|
||||
|
||||
Alias /repo/ /srv/cache/lookaside/
|
||||
ServerName src{{ env_suffix }}.fedoraproject.org
|
||||
ServerAdmin webmaster@fedoraproject.org
|
||||
|
||||
ErrorLog logs/ssl_error_log
|
||||
|
||||
<Location /repo/pkgs/upload.cgi>
|
||||
Options +ExecCGI
|
||||
|
||||
AuthType GSSAPI
|
||||
GssapiSSLonly Off
|
||||
AuthName "GSSAPI Single Sign On Login"
|
||||
GssapiCredStore keytab:/etc/httpd.keytab
|
||||
|
||||
Require valid-user
|
||||
</Location>
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
|
|
@ -21,7 +21,7 @@ SSLCryptoDevice builtin
|
|||
|
||||
<VirtualHost _default_:443>
|
||||
# This alias must come before the /repo/ one to avoid being overridden.
|
||||
ScriptAlias /repo/pkgs/upload.cgi /srv/web/upload.cgi
|
||||
ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
|
||||
|
||||
Alias /repo/ /srv/cache/lookaside/
|
||||
ServerName pkgs{{ env_suffix }}.fedoraproject.org
|
||||
|
|
@ -43,7 +43,7 @@ SSLCryptoDevice builtin
|
|||
# Allow upload via src
|
||||
<VirtualHost _default_:80>
|
||||
# This alias must come before the /repo/ one to avoid being overridden.
|
||||
ScriptAlias /repo/pkgs/upload.cgi /srv/web/upload.cgi
|
||||
ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
|
||||
|
||||
Alias /repo/ /srv/cache/lookaside/
|
||||
ServerName src{{ env_suffix }}.fedoraproject.org
|
||||
|
|
|
|||
|
|
@ -13,11 +13,7 @@ NEW_EPEL_VERSION = '7'
|
|||
NEW_EPEL_SOURCE_BRANCH = 'f19'
|
||||
RHEL_PKGS_PATH = '/var/lib/rhel/rhel' + NEW_EPEL_VERSION
|
||||
|
||||
{% if env == 'staging' -%}
|
||||
MKBRANCH = '/usr/share/dist-git/mkbranch'
|
||||
{%- else -%}
|
||||
MKBRANCH = '/usr/local/bin/mkbranch'
|
||||
{%- endif %}
|
||||
|
||||
# parse_page :: String -> IO (Map String String)
|
||||
# This returns a dictionary of {"pkg_name": "branch"}
|
||||
|
|
|
|||
|
|
@ -70,17 +70,8 @@ PKGDB_URL = 'https://admin.fedoraproject.org/pkgdb'
|
|||
|
||||
GIT_FOLDER = '/srv/git/repositories/'
|
||||
|
||||
{% if env == 'staging' -%}
|
||||
MKBRANCH = '/usr/share/dist-git/mkbranch'
|
||||
{%- else -%}
|
||||
MKBRANCH = '/usr/local/bin/mkbranch'
|
||||
{%- endif %}
|
||||
|
||||
{% if env == 'staging' -%}
|
||||
SETUP_PACKAGE = '/usr/share/dist-git/setup_git_package'
|
||||
{%- else -%}
|
||||
SETUP_PACKAGE = '/usr/local/bin/setup_git_package'
|
||||
{%- endif %}
|
||||
|
||||
THREADS = 20
|
||||
VERBOSE = False
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue